Please help me "Your data is stolen and encrypted, see README_cb5e29.txt."

[david.thinguyen]

The message displayed on my desktop says, "Your data is stolen and encrypted, see README_cb5e29.txt." They are demanding that I pay to recover my data. Is there any solution to help me deal with this situation? Please help me.

 

[nasdaq]

Hi,

I sustect that you were targetted by a Ramsomeware malware.

The files/folders infected will all have the same EXTENSION NAME.

Navigate to this topic.

ID Ransomware

Upload a ransom note and/or sample encrypted file to identify the ransomware that has encrypted your data.

id-ransomware.malwarehunterteam.com

Submit a sample of the compromised files for their review.
They will reply and let you know what you are dealing with.

From what we know now, your files are not recoverable.
Your only solution would be to restore the files from a good backup if you have one.

The compromised files can be transferred to a CD or Flash drive.
Should a solution be found in the future you may be able to restore them.

It's never to late to use common sense to guard against being infected.
Tips on how to prevent ransomware attacks

How to Protect Yourself from Ransomware

What does ransomware do and how can I protect myself? Learn how to protect your computer with ransomware scanners

www.kaspersky.com

If you need additional help please let me know what the problem is.

 

[david.thinguyen]

Hi,

I sustect that you were targetted by a Ramsomeware malware.

The files/folders infected will all have the same EXTENSION NAME.

Navigate to this topic.

ID Ransomware

Upload a ransom note and/or sample encrypted file to identify the ransomware that has encrypted your data.

id-ransomware.malwarehunterteam.com

Submit a sample of the compromised files for their review.
They will reply and let you know what you are dealing with.

From what we know now, your files are not recoverable.
Your only solution would be to restore the files from a good backup if you have one.

The compromised files can be transferred to a CD or Flash drive.
Should a solution be found in the future you may be able to restore them.

It's never to late to use common sense to guard against being infected.
Tips on how to prevent ransomware attacks

How to Protect Yourself from Ransomware

What does ransomware do and how can I protect myself? Learn how to protect your computer with ransomware scanners

www.kaspersky.com

If you need additional help please let me know what the problem is.

Hi, nasdaq
Sorry, i can't send the file through the website. I can only send it here; can you assist me?

 

[david.thinguyen]

Hi, nasdaq
Sorry, i can't send the file through the website. I can only send it here; can you assist me?

We are the RansomHub.

Your company Servers are locked and Data has been taken to our servers. This is serious.

Good news:
- your server system and data will be restored by our Decryption Tool;
- for now, your data is secured and safely stored on our server;
- nobody in the world is aware about the data leak from your company except you and RansomHub team;

FAQs:
Who we are?
- Normal Browser Links: https://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion.ly/
- Tor Browser Links: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/

Want to go to authorities for protection?
- Seeking their help will only make the situation worse,They will try to prevent you from negotiating with us, because the negotiations will make them look incompetent,After the incident report is handed over to the government department, you will be fined <This will be a huge amount,Read more about the GDRP legislation:General Data Protection Regulation - Wikipedia>,The government uses your fine to reward them.And you will not get anything, and except you and your company, the rest of the people will forget what happened!!!!!

Think you can handle it without us by decrypting your servers and data using some IT Solution from third-party "specialists"?
- they will only make significant damage to all of your data; every encrypted file will be corrupted forever. Only our Decryption Tool will make decryption guaranteed;

Think your partner IT Recovery Company will do files restoration?
- no they will not do restoration, only take 3-4 weeks for nothing; besides all of your data is on our servers and we can publish it at any time;
as well as send the info about the data breach from your company servers to your key partners and clients, competitors, media and youtubers, etc.
Those actions from our side towards your company will have irreversible negative consequences for your business reputation.

You don't care in any case, because you just don't want to pay?
- We will make you business stop forever by using all of our experience to make your partners, clients, employees and whoever cooperates with your company change their minds by having no choice but to stay away from your company.
As a result, in midterm you will have to close your business.

So lets get straight to the point.

What do we offer in exchange on your payment:
- decryption and restoration of all your systems and data within 24 hours with guarantee;
- never inform anyone about the data breach out from your company;
- after data decryption and system restoration, we will delete all of your data from your servers forever;
- provide valuable advising on your company IT protection so no one can attack your again.

Now, in order to start negotiations, you need to do the following:
- install and run 'Tor Browser' from The Tor Project | Privacy & Freedom Online
- use 'Tor Browser' open http://pd5who5ob6y7cvzplxelcnx6f4h5mlo73hs3mnbn4im6odf25xcva4id.onion/
- enter your Client ID: 282e270998ecbff58e79e53495d8552cb09ae3c8744e3e301a00d7ce2807

There will be no bad news for your company after successful negotiations for both sides. But there will be plenty of those bad news if case of failed negotiations, so don't think about how to avoid it.
Just focus on negotiations, payment and decryption to make all of your problems solved by our specialists within 1 day after payment received: servers and data restored, everything will work good as new.

************************************************
IS THIS NOTIFICA

 

[nasdaq]

Hi,

What I understand is that this message is from the malware gang.

I do not rust them. Only if you paid the Ransome will your files be decrypted. (This is what they say) do you trust them? I do not.

Your computer should be working only your personal files, picture etc.. are corrupted.

Let's test it.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

https://deeprybka.trojaner-board.de/eset/eng/attachlogs.png

Let me know what problems persists.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
if the download was from the site I provided you should restore the program from the Quarantine folder. It's SAFE.
====

 

[david.thinguyen]

Hi,

What I understand is that this message is from the malware gang.

I do not rust them. Only if you paid the Ransome will your files be decrypted. (This is what they say) do you trust them? I do not.

Your computer should be working only your personal files, picture etc.. are corrupted.

Let's test it.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

https://deeprybka.trojaner-board.de/eset/eng/attachlogs.png

Let me know what problems persists.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
if the download was from the site I provided you should restore the program from the Quarantine folder. It's SAFE.
=============================================================================================

Hi.
Can you help me check my log reply and file attach.
Many thanks
------------------------------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08.2024
Ran by Admin (administrator) on 15931-PCSERVER (Intel(R) Client Systems NUC10i3FNH) (14-08-2024 14:21:22)
Running from F:\\FRST64.exe
Loaded Profiles: Admin & Administrator
Platform: Microsoft Windows 11 Pro Version 23H2 22631.4037 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.18\avp.exe ->) (AO Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.18\avpui.exe
(C:\Program Files\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(C:\Program Files\Emsisoft Anti-Malware\a2guard.exe ->) (Emsisoft Limited -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(C:\Program Files\Emsisoft Anti-Malware\a2service.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.18500.10.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe <6>
(DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIService.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxEM.exe
(explorer.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\AVGUI.exe <5>
(explorer.exe ->) (Emsisoft Limited -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Gen Digital Inc. -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(services.exe ->) (DUC FABULOUS CO.,LTD -> ) C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe
(services.exe ->) (Emsisoft Limited -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(services.exe ->) (Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\eppwsc.exe
(services.exe ->) (Gen Digital Inc. -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
(services.exe ->) (GLAVSOFT, OOO -> GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(services.exe ->) (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_26993080a5dec4cf\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_26993080a5dec4cf\IntelCpHeciSvc.exe
(services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.18\avp.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (TBT_DCH_DRV_PROD -> ) C:\Windows\TbtP2pShortcutService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.18500.10.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [1826232 2023-05-02] (GLAVSOFT, OOO -> GlavSoft LLC.)
HKLM\...\Run: [Emsisoft Anti-Malware] => C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [10841792 2024-08-12] (Emsisoft Limited -> Emsisoft Ltd)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [463800 2024-08-14] (AVG Technologies USA, LLC -> Gen Digital Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [748624 2023-06-14] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3588608 2021-04-02] (Brother Industries, Ltd.) [File not signed]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-118634617-766911346-3638649862-1001\...\Run: [ownCloud] => C:\Program Files\ownCloud\owncloud.exe [2837232 2023-08-07] (ownCloud GmbH -> )
HKU\S-1-5-21-118634617-766911346-3638649862-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [44970408 2024-07-16] (Gen Digital Inc. -> Piriform Software Ltd)
HKU\S-1-5-21-118634617-766911346-3638649862-1001\...\Run: [MicrosoftEdgeAutoLaunch_AA17FD172D7BD88990E3F9446B1FCEF8] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [3814968 2024-08-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-118634617-766911346-3638649862-1001\...\Run: [DU Meter] => C:\Program Files (x86)\DU Meter\DUMeter.exe [14451648 2024-01-14] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.)
HKU\S-1-5-21-118634617-766911346-3638649862-500\...\Run: [DU Meter] => C:\Program Files (x86)\DU Meter\DUMeter.exe [14451648 2024-01-14] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.)
HKU\S-1-5-21-118634617-766911346-3638649862-500\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-118634617-766911346-3638649862-500\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\127.0.6533.119\Installer\chrmstp.exe [2024-08-14] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {A49CED95-5166-4FFF-A3A9-E94AFECBADBD} - System32\Tasks\AVG\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [5194176 2024-08-14] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {B692CB19-E16B-4ECD-A7D7-42CBB75F16DB} - System32\Tasks\AVG\AVG Antivirus Patcher => C:\Program Files\Common Files\AVG\Icarus\avg-av\icarus.exe [8064960 2024-07-19] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {40AD9799-5C4F-4189-870C-E70131C00D3F} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2385856 2024-08-14] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {939DFBC3-2207-452A-8AB9-9320D0EB6C38} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [829408 2024-07-16] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {69DD0A9D-E3B9-4BEA-855D-2D5ACF09AA55} - System32\Tasks\CCleanerauto => C:\Program Files\CCleaner\CCleaner.exe [38931368 2024-07-16] (Gen Digital Inc. -> Piriform Software Ltd)
Task: {87501C77-1915-4EB1-AB71-C10B62F3D3E3} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-07-16] (Gen Digital Inc. -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "6afe640c-0524-4b54-8cad-ebecb65c3e50" --version "6.26.11169" --silent
Task: {2410092C-C32C-4F33-A746-7987AA5D7DB2} - System32\Tasks\CCleanerSkipUAC - Admin => C:\Program Files\CCleaner\CCleaner.exe [38931368 2024-07-16] (Gen Digital Inc. -> Piriform Software Ltd)
Task: {E95A35B1-D634-4209-9490-512E59CEA648} - System32\Tasks\CCleanerSkipUAC - LED => C:\Program Files\CCleaner\CCleaner.exe [38931368 2024-07-16] (Gen Digital Inc. -> Piriform Software Ltd)
Task: {A4B54699-B24C-47A3-B683-D0051482B0DE} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6597.0{FF99162A-5DD8-4A67-8AF3-C8F71B41220B} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe [4889704 2024-07-15] (Google LLC -> Google LLC)
Task: {C2561E37-9707-42F5-9801-3597A5B744C5} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky\upgrade_launcher.exe [726952 2024-08-13] (AO Kaspersky Lab -> AO Kaspersky Lab)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {168AA1F2-5381-4390-967A-86495A7268F2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {DD9CD157-232A-46E8-85F6-C092A3B992AB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {3BF90ED8-B5DB-4153-B60E-F4DBAA0D2A71} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{42ae12ef-90db-4609-b2d1-d29edabab795}: [NameServer] 192.168.100.1
Tcpip\..\Interfaces\{559afc81-0ce3-467c-878e-11e42d3b7c42}: [DhcpNameServer] 192.168.112.1
Tcpip\..\Interfaces\{559afc81-0ce3-467c-878e-11e42d3b7c42}: [DhcpDomain] erablue.id
Tcpip\..\Interfaces\{559afc81-0ce3-467c-878e-11e42d3b7c42}\54271626C6575602D20284F4: [DhcpNameServer] 192.168.112.1
Tcpip\..\Interfaces\{559afc81-0ce3-467c-878e-11e42d3b7c42}\54271626C6575602D20284F4: [DhcpDomain] erablue.id

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\LED\AppData\Local\Microsoft\Edge\User Data\Default [2024-08-13]
Edge Extension: (Google Docs Offline) - C:\Users\LED\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-09]
Edge Extension: (Edge relevant text changes) - C:\Users\LED\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.381.2 -> C:\Program Files\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-06-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.381.2 -> C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-06-14] (Oracle America, Inc. -> Oracle Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [11934176 2024-08-12] (Emsisoft Limited -> Emsisoft Ltd)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [807864 2024-08-14] (AVG Technologies USA, LLC -> Gen Digital Inc.)
S3 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [2385736 2024-08-14] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [1245112 2024-08-14] (AVG Technologies USA, LLC -> Gen Digital Inc.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [9039288 2024-08-14] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVGWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2024-08-14] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVP21.18; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.18\avp.exe [32008 2024-07-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085864 2024-07-16] (Gen Digital Inc. -> Piriform Software Ltd)
R2 DUMeterSvc; C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [8634304 2024-01-14] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.)
R2 EppWsc; C:\Program Files\Emsisoft Anti-Malware\EppWsc.exe [1545368 2024-08-12] (Emsisoft Ltd -> Emsisoft Ltd)
S3 klvssbridge64_21.18; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.18\x64\vssbridge64.exe [560552 2024-07-12] (AO Kaspersky Lab -> AO Kaspersky Lab)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe [1505416 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522096 2024-08-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TbtP2pShortcutService; C:\WINDOWS\TbtP2pShortcutService.exe [252264 2020-12-03] (TBT_DCH_DRV_PROD -> )
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [1826232 2023-05-02] (GLAVSOFT, OOO -> GlavSoft LLC.)
R2 UltraViewService; C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe [238416 2023-08-26] (DUC FABULOUS CO.,LTD -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe [3236728 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe [133704 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [20536 2024-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [229944 2024-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [380984 2024-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [293944 2024-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [84536 2024-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [27744 2024-08-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
S3 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [28728 2024-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [271928 2024-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [549848 2024-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [97840 2024-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [69176 2024-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [948792 2024-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [1198648 2024-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [203728 2024-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [306648 2024-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [245200 2024-07-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 DUMeterDrv; C:\Program Files (x86)\DU Meter\DUMETR64.SYS [31312 2024-01-14] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.)
R3 e1dexpress; C:\WINDOWS\System32\DriverStore\FileRepository\e1d.inf_amd64_e64afe811c7e4662\e1d.sys [607400 2022-02-16] (Intel Corporation -> Intel Corporation)
R1 epp; C:\Program Files\Emsisoft Anti-Malware\epp.sys [199200 2024-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)
R0 eppdevctrl; C:\WINDOWS\System32\drivers\eppdevctrl.sys [60576 2024-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)
R0 eppdisk; C:\WINDOWS\System32\drivers\eppdisk.sys [37776 2024-08-12] (Emsisoft Ltd -> Emsisoft Ltd)
S0 EppElam; C:\WINDOWS\System32\drivers\EppElam.sys [19392 2024-08-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Emsisoft Ltd)
S4 eppfilebackup; C:\Program Files\Emsisoft Anti-Malware\eppfilebackup.sys [95376 2024-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)
R1 eppwfp; C:\Program Files\Emsisoft Anti-Malware\eppwfp.sys [139824 2024-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)
R3 GlPciSD; C:\WINDOWS\System32\drivers\GlPciSD.sys [482912 2020-06-02] (GENESYS LOGIC, INC. -> Genesys Logic)
R1 klbackupdisk.K4W-21-18; C:\WINDOWS\system32\DRIVERS\K4W-21-18\klbackupdisk.sys [92096 2024-07-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klbackupflt.K4W-21-18; C:\WINDOWS\System32\DRIVERS\K4W-21-18\klbackupflt.sys [249792 2024-07-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kldisk.K4W-21-18; C:\WINDOWS\system32\DRIVERS\K4W-21-18\kldisk.sys [110512 2024-07-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [55880 2024-07-12] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 KLFLT.K4W-21-18; C:\WINDOWS\system32\DRIVERS\K4W-21-18\klflt.sys [723496 2024-07-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klgse.K4W-21-18; C:\WINDOWS\System32\DRIVERS\K4W-21-18\klgse.sys [845112 2024-08-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLHK.K4W-21-18; C:\WINDOWS\system32\DRIVERS\K4W-21-18\klhk.sys [2090304 2024-08-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klids.K4W-21-18; C:\ProgramData\Kaspersky Lab\AVP21.18\Bases\klids.sys [236440 2024-08-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klif.K4W-21-18; C:\WINDOWS\System32\DRIVERS\K4W-21-18\klif.sys [1490368 2024-07-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [85424 2024-07-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klkbdflt.K4W-21-18; C:\WINDOWS\system32\DRIVERS\K4W-21-18\klkbdflt.sys [99360 2024-07-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klmouflt.K4W-21-18; C:\WINDOWS\system32\DRIVERS\K4W-21-18\klmouflt.sys [92592 2024-07-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpd.K4W-21-18; C:\WINDOWS\System32\DRIVERS\K4W-21-18\klpd.sys [59424 2024-07-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpnpflt.K4W-21-18; C:\WINDOWS\system32\DRIVERS\K4W-21-18\klpnpflt.sys [84928 2024-07-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_K4W-21-18_arkmon; C:\WINDOWS\System32\Drivers\klupd_K4W-21-18_arkmon.sys [396040 2024-08-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_K4W-21-18_klark; C:\WINDOWS\System32\Drivers\klupd_K4W-21-18_klark.sys [362464 2024-08-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_K4W-21-18_klbg; C:\WINDOWS\System32\Drivers\klupd_K4W-21-18_klbg.sys [198720 2024-08-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_K4W-21-18_mark; C:\WINDOWS\System32\Drivers\klupd_K4W-21-18_mark.sys [265416 2024-08-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwtp.K4W-21-18; C:\WINDOWS\system32\DRIVERS\K4W-21-18\klwtp.sys [536800 2024-07-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kneps.K4W-21-18; C:\WINDOWS\system32\DRIVERS\K4W-21-18\kneps.sys [370608 2024-07-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 TPS65987; C:\WINDOWS\System32\drivers\TPS65987.sys [48224 2020-09-22] (FPT USA Corp. -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [22080 2024-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [602520 2024-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-06-05] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-08-14 14:10 - 2024-08-14 14:10 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus Free.lnk
2024-08-14 14:10 - 2024-08-14 14:10 - 000002059 _____ C:\Users\Public\Desktop\AVG AntiVirus Free.lnk
2024-08-14 14:10 - 2024-08-14 14:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2024-08-14 14:10 - 2024-08-14 14:09 - 000314808 _____ (Gen Digital Inc.) C:\WINDOWS\system32\avgBoot.exe
2024-08-14 14:09 - 2024-08-14 14:21 - 000000000 ____D C:\FRST
2024-08-14 14:09 - 2024-08-14 14:09 - 000050976 _____ (Avast Software) C:\WINDOWS\system32\icarus_rvrt.exe
2024-08-14 14:09 - 2024-08-14 14:09 - 000000000 ____D C:\Program Files\Common Files\AVG
2024-08-14 05:32 - 2024-08-14 05:32 - 000026169 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-08-14 05:31 - 2024-08-14 05:31 - 000026169 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-08-13 22:08 - 2024-08-13 22:08 - 000003232 _____ C:\WINDOWS\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2024-08-13 19:18 - 2024-08-13 19:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\K4W-21-18
2024-08-13 17:22 - 2024-08-14 14:15 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2024-08-13 17:22 - 2024-08-13 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2024-08-13 17:22 - 2024-08-12 21:01 - 000037776 _____ (Emsisoft Ltd) C:\WINDOWS\system32\Drivers\eppdisk.sys
2024-07-16 09:35 - 2024-07-16 11:18 - 000002164 _____ C:\ShadeDecryptor.1.2.0.0_16.07.2024_09.35.38_log.txt
2024-07-15 14:56 - 2024-07-15 14:56 - 000002424 _____ C:\RannohDecryptor.1.18.5.0_15.07.2024_14.56.28_log.txt
2024-07-15 14:55 - 2024-07-15 14:56 - 000003068 _____ C:\ScatterDecryptor.2.0.1.5_15.07.2024_14.55.49_log.txt
2024-07-15 14:52 - 2024-07-15 14:55 - 000354406 _____ C:\XoristDecryptor.2.5.4.3_15.07.2024_14.52.01_log.txt
2024-07-15 14:51 - 2024-07-15 14:51 - 000002304 _____ C:\ScraperDecryptor.1.0.0.4_15.07.2024_14.51.29_log.txt
2024-07-15 14:20 - 2024-07-15 14:20 - 000002456 _____ C:\RakhniDecryptor.1.40.0.0_15.07.2024_14.20.38_log.txt
2024-07-15 14:20 - 2024-07-15 14:20 - 000000000 ____D C:\Users\LED\Downloads\RakhniDecryptor
2024-07-15 14:18 - 2024-07-15 14:20 - 000002614 _____ C:\RannohDecryptor.1.18.5.0_15.07.2024_14.18.37_log.txt
2024-07-15 14:18 - 2024-07-15 14:18 - 000000000 ____D C:\Users\LED\Downloads\rannohdecryptor
2024-07-15 14:17 - 2024-07-15 14:18 - 000002164 _____ C:\ShadeDecryptor.1.2.0.0_15.07.2024_14.17.47_log.txt
2024-07-15 14:17 - 2024-07-15 14:17 - 000000000 ____D C:\Users\LED\Downloads\ShadeDecryptor
2024-07-15 14:14 - 2024-07-15 14:17 - 000002294 _____ C:\CoinVaultDecryptor.1.0.0.6_15.07.2024_14.14.55_log.txt
2024-07-15 14:14 - 2024-07-15 14:14 - 002815283 _____ C:\Users\LED\Downloads\WildfireDecryptor.zip
2024-07-15 14:14 - 2024-07-15 14:14 - 001255157 _____ C:\Users\LED\Downloads\CoinVaultDecryptor.zip
2024-07-15 14:14 - 2024-07-15 14:14 - 000845224 _____ (Kaspersky Lab AO) C:\Users\LED\Downloads\xoristdecryptor.exe
2024-07-15 14:14 - 2024-07-15 14:14 - 000000000 ____D C:\Users\LED\Downloads\CoinVaultDecryptor
2024-07-15 14:13 - 2024-07-15 14:14 - 006354490 _____ C:\Users\LED\Downloads\RakhniDecryptor.zip
2024-07-15 14:13 - 2024-07-15 14:14 - 002243721 _____ C:\Users\LED\Downloads\ShadeDecryptor.zip
2024-07-15 14:13 - 2024-07-15 14:13 - 000851835 _____ C:\Users\LED\Downloads\rannohdecryptor.zip
2024-07-15 13:34 - 2024-07-15 13:34 - 000000000 ____D C:\Users\LED\AppData\Roaming\Microsoft\CLR Security Config
2024-07-15 13:31 - 2024-07-15 13:31 - 000000000 ____D C:\Users\LED\AppData\Roaming\www.shadowexplorer.com
2024-07-15 13:23 - 2024-07-15 13:23 - 001182144 _____ (Emsisoft Ltd.) C:\Users\LED\Downloads\decrypt_STOPDjvu (1).exe
2024-07-15 13:17 - 2024-08-13 17:32 - 000000000 ____D C:\ProgramData\Emsisoft
2024-07-15 13:17 - 2024-08-13 17:22 - 000000000 ____D C:\EEK
2024-07-15 13:10 - 2024-07-15 13:15 - 394259096 _____ C:\Users\LED\Downloads\EmsisoftEmergencyKit.exe
2024-07-15 10:53 - 2024-08-14 06:01 - 000140112 _____ C:\WINDOWS\SysWOW64\AppRulesStorage-wal
2024-07-15 10:53 - 2024-08-14 05:59 - 000032768 _____ C:\WINDOWS\SysWOW64\DnsStorage-shm
2024-07-15 10:53 - 2024-08-14 05:59 - 000032768 _____ C:\WINDOWS\SysWOW64\AppRulesStorage-shm
2024-07-15 10:53 - 2024-08-13 22:08 - 000012288 _____ C:\WINDOWS\SysWOW64\AppRulesStorage
2024-07-15 10:53 - 2024-08-13 22:08 - 000000000 _____ C:\WINDOWS\SysWOW64\DnsStorage-wal
2024-07-15 10:53 - 2024-07-15 10:53 - 000012288 _____ C:\WINDOWS\SysWOW64\DnsStorage
2024-07-15 10:52 - 2024-08-13 19:20 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2024-07-15 10:52 - 2024-08-13 19:19 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky.lnk
2024-07-15 10:52 - 2024-08-13 19:19 - 000002262 _____ C:\Users\Public\Desktop\Kaspersky.lnk
2024-07-15 09:55 - 2024-08-14 06:01 - 000000000 ____D C:\Users\LED\AppData\Local\CrashDumps

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-08-14 14:15 - 2024-07-11 17:47 - 000000000 ____D C:\Users\LED\AppData\Local\AVG
2024-08-14 14:14 - 2022-05-07 12:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-08-14 14:10 - 2024-07-11 17:47 - 000000000 ____D C:\Users\LED\AppData\Roaming\AVG
2024-08-14 14:10 - 2024-07-11 17:38 - 000000000 ____D C:\ProgramData\AVG
2024-08-14 14:10 - 2022-05-07 12:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-08-14 14:10 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-08-14 14:09 - 2024-07-11 17:39 - 000000000 ____D C:\Program Files\AVG
2024-08-14 14:08 - 2023-09-06 05:14 - 000000000 ____D C:\Program Files\CCleaner
2024-08-14 06:15 - 2022-05-07 12:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-08-14 06:03 - 2023-11-16 18:23 - 000995628 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-08-14 06:03 - 2022-05-07 12:22 - 000000000 ____D C:\WINDOWS\INF
2024-08-14 06:01 - 2023-11-16 18:19 - 000003378 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-08-14 06:01 - 2023-09-06 05:14 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-08-14 06:00 - 2023-09-06 04:23 - 000000000 ____D C:\Users\LED\AppData\Local\Packages
2024-08-14 06:00 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-08-14 05:59 - 2023-11-16 18:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-08-14 05:59 - 2023-11-16 18:14 - 000305128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-08-14 05:59 - 2023-10-04 13:18 - 000000000 _____ C:\WINDOWS\UV_LastPW.ini
2024-08-14 05:59 - 2023-09-06 05:01 - 000000000 ____D C:\Intel
2024-08-14 05:59 - 2023-09-06 04:20 - 000012288 ___SH C:\DumpStack.log.tmp
2024-08-14 05:59 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2024-08-14 05:59 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\ServiceState
2024-08-14 05:58 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\WUModels
2024-08-14 05:58 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\UUS
2024-08-14 05:58 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-08-14 05:58 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-08-14 05:58 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-08-14 05:58 - 2022-05-07 12:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-08-14 05:57 - 2023-11-17 09:07 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-08-14 05:57 - 2022-05-07 14:39 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2024-08-14 05:57 - 2022-05-07 14:39 - 000000000 ___SD C:\WINDOWS\system32\AppV
2024-08-14 05:57 - 2022-05-07 14:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-08-14 05:57 - 2022-05-07 12:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-08-14 05:57 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\SystemApps
2024-08-14 05:57 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-08-14 05:57 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-08-14 05:57 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-08-14 05:57 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-08-14 05:57 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-08-14 05:57 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-08-14 05:57 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-08-14 05:57 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-08-14 05:57 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\Provisioning
2024-08-14 05:57 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-08-14 05:57 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-08-14 05:37 - 2022-05-07 12:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2024-08-14 05:37 - 2022-05-07 12:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2024-08-14 05:37 - 2022-05-07 12:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-08-14 05:16 - 2023-10-04 12:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-08-14 05:13 - 2023-10-04 12:25 - 197093640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-08-14 03:49 - 2023-09-06 05:17 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-08-14 03:49 - 2023-09-06 05:17 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-08-13 22:08 - 2024-07-12 09:44 - 000000000 ____D C:\Program Files\Common Files\AV
2024-08-13 19:32 - 2022-05-07 12:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-08-13 19:20 - 2024-07-12 09:44 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2024-08-13 17:28 - 2023-11-16 18:15 - 000000000 ____D C:\Users\PrinterApp
2024-08-13 17:28 - 2023-11-16 18:15 - 000000000 ____D C:\Users\LED
2024-08-13 16:48 - 2024-07-11 14:34 - 000000000 ____D C:\Users\Administrator
2024-08-13 16:48 - 2023-11-16 18:15 - 000000000 ____D C:\Users\clipdemo
2024-08-13 16:28 - 2023-11-16 18:19 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-08-12 11:14 - 2023-11-16 18:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-08-12 11:08 - 2023-09-06 05:14 - 000000000 ____D C:\Users\LED\AppData\Local\D3DSCache
2024-08-12 10:49 - 2023-09-06 04:20 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-08-12 10:43 - 2023-11-16 18:19 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-118634617-766911346-3638649862-1001
2024-08-12 10:43 - 2023-11-16 18:19 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-118634617-766911346-3638649862-1001
2024-08-12 10:43 - 2023-09-06 04:23 - 000002373 _____ C:\Users\LED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-08-12 10:42 - 2023-11-16 18:19 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-08-12 10:42 - 2023-11-16 18:19 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-08-12 10:32 - 2024-07-12 09:37 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2024-07-15 10:53 - 2023-09-06 04:23 - 000000000 ____D C:\ProgramData\Packages
2024-07-15 10:52 - 2022-05-07 12:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM

==================== Files in the root of some directories ========

2024-07-10 07:15 - 2024-07-10 07:15 - 000003533 _____ () C:\Program Files\README_cb5e29.txt
2024-07-10 07:16 - 2024-07-10 07:16 - 000003533 _____ () C:\Program Files (x86)\README_cb5e29.txt
2024-07-10 07:15 - 2024-07-10 07:15 - 000003533 _____ () C:\Program Files\Common Files\README_cb5e29.txt
2024-07-10 07:16 - 2024-07-10 07:16 - 000003533 _____ () C:\Users\LED\AppData\Local\README_cb5e29.txt

==================== FLock ==============================

2024-08-14 05:59 C:\WINDOWS\UV_LastPW.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[nasdaq]

Hi,

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===


Please post the Fixlog.txt and let me know what problem persists.

 

[nasdaq]

Is the problem solved?

 

[david.thinguyen]

Hi,

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===


Please post the Fixlog.txt and let me know what problem persists.

-----------------------------------------------------------------------------------------------------------------------------------

Hi bro

Sorry repply you late.
Bellow this file Fixlog be4 i already try. but still can't fix.
Can you help me check this file ya bro.

Many thanks!

 

[nasdaq]

Hi,

You have executed the fix in this new folder
Running from C:\Users\LED\Desktop\New folder

The fixlist.txt must be in the same folder were the FRST64 program is parked.

Move or copy the Fixlist.txt to the folder and run the Farbar program and press the fix button.

Submit the fixlog.txt and let me know if the problem persists.

p.s.
If stiill having program scan the computer with the Farbar program and post fresh FRST64.txt and the Additional.txt logs.

 

[david.thinguyen]

Hi,

You have executed the fix in this new folder
Running from C:\Users\LED\Desktop\New folder

The fixlist.txt must be in the same folder were the FRST64 program is parked.

Move or copy the Fixlist.txt to the folder and run the Farbar program and press the fix button.

Submit the fixlog.txt and let me know if the problem persists.

p.s.
If stiill having program scan the computer with the Farbar program and post fresh FRST64.txt and the Additional.txt logs.

===============================================================================================

Hi bro.

Sorry, but I followed your instructions, and after the computer restarted, nothing changed. I will send you the Fix.txt, FRST64.txt, and Additional.txt logs. If there is anything I did incorrectly, I hope you can help me do it again.

Many thanks!

 

[nasdaq]

Hi,

Looking better, some additional work to be done to complete the removal.

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

 

[david.thinguyen]

Hi,

Looking better, some additional work to be done to complete the removal.

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

----------------------------------------------------------------------------------------------------------

Hi bro.

i send Fixlog.txt, can you help me check it ya.

Many thanks!

 

[nasdaq]

Hi,

Looking good.

Any remaining issues?

 

[david.thinguyen]

Hi,

Looking good.

Any remaining issues?

---------------------------------------------------------------------------------
Hi bro

My current issue is that I want to restore the data to its original state. Currently, the file extensions have been changed (e.g., namefile.jpg.cb5e29). Do you have any solutions for this? Please help.

 

[nasdaq]

Hi,

It's not possible to restore your files unless you pay for it. Which I do not agree. See my previous post.

Read this topic from Malwarebytes.

What is Ransomware? | How to Protect Against Ransomware in 2023

Ransomware is a form of malware that locks the user out of their files or their device, then demands a payment (often in cryptocurrency) to restore access. Learn more about ransomware attacks, how to prevent them, and how security software can roll back ransomware attacks if they happen.

www.malwarebytes.com

Sorry.