HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\Run: [pricefountainw.exe] => C:\Users\LEAH\AppData\Local\PriceFountain\pricefountainw.exe HKEY_CURRENT_USER Software\PriceFountain
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...\Run: [gapmqjjuvbg] => regsvr32.exe /s "C:\Users\LEAH\AppData\Local\Temp\4b9c\AppData\Local\Microsoft\gapmqjjuvbg.dll" <===== ATTENTION
HKU\S-1-5-21-629239370-1108922991-2781443091-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\Users\LEAH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.HTML ()
Startup: C:\Users\LEAH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.TXT ()
InternetURL: C:\Users\LEAH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.URL -> hxxp://paytordmbdekmizq.toralpacho.com/Nv2mL
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bitsdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-629239370-1108922991-2781443091-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = http://astromenda.co...r=213056709&ir=
SearchScopes: HKU\S-1-5-21-629239370-1108922991-2781443091-1000 -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = http://astromenda.co...r=213056709&ir=
SearchScopes: HKU\S-1-5-21-629239370-1108922991-2781443091-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
ProxyServer: [.DEFAULT] => http=127.0.0.1:13081
BHO-x32: No Name -> {68261aaa-dc9f-4c2b-a168-c323e304c3a2} -> No File
BHO-x32: No Name -> {b608cc98-54de-4775-96c9-097de398500c} -> No File
BHO-x32: No Name -> {C585D593-E7F3-4852-A200-561686EE02E4} -> No File
R2 MaintainerSvc3.35.6688013; C:\ProgramData\83b32e09-56dd-4d15-bbc7-350e8627ec65\maintainer.exe [123632 2014-11-20] ()
R1 {123aa796-6961-4ee8-8a16-25bf1adf65a4}w64; C:\Windows\System32\drivers\{123aa796-6961-4ee8-8a16-25bf1adf65a4}w64.sys [48784 2014-11-09] (StdLib)
R1 {1a1d3262-ea38-4e09-b480-4c4c56f4843c}w64; C:\Windows\System32\drivers\{1a1d3262-ea38-4e09-b480-4c4c56f4843c}w64.sys [48784 2014-11-10] (StdLib)
R1 {4e3e587e-efda-440a-a603-354d622353c0}w64; C:\Windows\System32\drivers\{4e3e587e-efda-440a-a603-354d622353c0}w64.sys [48784 2014-11-19] (StdLib)
R1 {4fb14cf7-68ed-4851-b31a-2ffde2f748ba}w64; C:\Windows\System32\drivers\{4fb14cf7-68ed-4851-b31a-2ffde2f748ba}w64.sys [48784 2014-11-13] (StdLib)
R1 {c93509d6-9689-4a5e-b559-c26da9e3343a}w64; C:\Windows\System32\drivers\{c93509d6-9689-4a5e-b559-c26da9e3343a}w64.sys [48784 2014-11-16] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R2 Update snipsmart; C:\Program Files (x86)\snipsmart\updatesnipsmart.exe [423152 2014-11-20] ()
R2 Util snipsmart; C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe [423152 2014-11-20] ()
S2 vtIPwA; "C:\ProgramData\gtreouZrD\vtIPwA.exe" [X]
2014-11-19 20:51 - 2014-11-20 18:21 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-11-19 16:53 - 2014-11-19 16:53 - 00004194 _____ () C:\Users\LEAH\Desktop\DECRYPT_INSTRUCTION.TXT
2014-11-19 16:53 - 2014-11-19 16:53 - 00000276 _____ () C:\Users\LEAH\Desktop\DECRYPT_INSTRUCTION.URL
2014-11-19 14:57 - 2014-11-19 14:57 - 00008514 _____ () C:\Users\LEAH\DECRYPT_INSTRUCTION.HTML
2014-11-19 14:57 - 2014-11-19 14:57 - 00008514 _____ () C:\Users\DECRYPT_INSTRUCTION.HTML
2014-11-19 14:57 - 2014-11-19 14:57 - 00008514 _____ () C:\DECRYPT_INSTRUCTION.HTML
2014-11-19 14:57 - 2014-11-19 14:57 - 00004194 _____ () C:\Users\LEAH\DECRYPT_INSTRUCTION.TXT
2014-11-19 14:57 - 2014-11-19 14:57 - 00004194 _____ () C:\Users\DECRYPT_INSTRUCTION.TXT
2014-11-19 14:57 - 2014-11-19 14:57 - 00004194 _____ () C:\DECRYPT_INSTRUCTION.TXT
2014-11-19 14:57 - 2014-11-19 14:57 - 00000276 _____ () C:\Users\LEAH\DECRYPT_INSTRUCTION.URL
2014-11-19 14:57 - 2014-11-19 14:57 - 00000276 _____ () C:\Users\DECRYPT_INSTRUCTION.URL
2014-11-19 14:57 - 2014-11-19 14:57 - 00000276 _____ () C:\DECRYPT_INSTRUCTION.URL
2014-11-19 14:56 - 2014-11-19 14:56 - 00008514 _____ () C:\Users\LEAH\Downloads\DECRYPT_INSTRUCTION.HTML
2014-11-19 14:56 - 2014-11-19 14:56 - 00004194 _____ () C:\Users\LEAH\Downloads\DECRYPT_INSTRUCTION.TXT
2014-11-19 14:56 - 2014-11-19 14:56 - 00000276 _____ () C:\Users\LEAH\Downloads\DECRYPT_INSTRUCTION.URL
2014-11-19 14:55 - 2014-11-19 14:55 - 00008514 _____ () C:\Users\LEAH\Documents\DECRYPT_INSTRUCTION.HTML
2014-11-19 14:55 - 2014-11-19 14:55 - 00004194 _____ () C:\Users\LEAH\Documents\DECRYPT_INSTRUCTION.TXT
2014-11-19 14:55 - 2014-11-19 14:55 - 00000276 _____ () C:\Users\LEAH\Documents\DECRYPT_INSTRUCTION.URL
2014-11-19 14:54 - 2014-11-19 14:54 - 00008514 _____ () C:\Users\LEAH\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-11-19 14:54 - 2014-11-19 14:54 - 00008514 _____ () C:\Users\LEAH\AppData\DECRYPT_INSTRUCTION.HTML
2014-11-19 14:54 - 2014-11-19 14:54 - 00004194 _____ () C:\Users\LEAH\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-11-19 14:54 - 2014-11-19 14:54 - 00004194 _____ () C:\Users\LEAH\AppData\DECRYPT_INSTRUCTION.TXT
2014-11-19 14:54 - 2014-11-19 14:54 - 00000276 _____ () C:\Users\LEAH\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-11-19 14:54 - 2014-11-19 14:54 - 00000276 _____ () C:\Users\LEAH\AppData\DECRYPT_INSTRUCTION.URL
2014-11-19 14:53 - 2014-11-19 14:53 - 00008514 _____ () C:\Users\LEAH\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-19 14:53 - 2014-11-19 14:53 - 00004194 _____ () C:\Users\LEAH\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-19 14:53 - 2014-11-19 14:53 - 00000276 _____ () C:\Users\LEAH\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-19 14:39 - 2014-11-19 14:39 - 00008514 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-11-19 14:39 - 2014-11-19 14:39 - 00004194 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-11-19 14:39 - 2014-11-19 14:39 - 00000276 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-11-19 03:19 - 2014-11-19 00:31 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{4e3e587e-efda-440a-a603-354d622353c0}w64.sys
2014-11-18 20:19 - 2014-11-18 20:19 - 00384888 _____ (Premium Installer ) C:\Users\LEAH\Downloads\setup (2).exe
2014-11-18 20:18 - 2014-11-18 20:18 - 00718296 _____ () C:\Users\LEAH\Downloads\Setup (1).exe
2014-11-18 18:58 - 2014-11-18 19:01 - 00000153 _____ () C:\Users\LEAH\AppData\Local\svcxdcl32.dat
2014-11-18 07:11 - 2014-11-18 07:11 - 00384888 _____ (Premium Installer ) C:\Users\LEAH\Downloads\setup.exe
2014-11-16 09:54 - 2014-11-16 07:39 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{c93509d6-9689-4a5e-b559-c26da9e3343a}w64.sys
2014-11-14 19:43 - 2014-11-15 18:20 - 00000000 ____D () C:\Program Files (x86)\OpenSoftwareUpdater
2014-11-14 19:42 - 2014-11-14 19:42 - 00355472 _____ (Installer Technology Co) C:\Users\LEAH\Downloads\SoftwareUpdater.exe
2014-11-14 16:52 - 2014-11-14 16:52 - 00957936 _____ () C:\Users\LEAH\Downloads\Setup v2 1.exe
2014-11-13 06:03 - 2014-11-13 00:25 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{4fb14cf7-68ed-4851-b31a-2ffde2f748ba}w64.sys
2014-11-07 19:21 - 2014-11-20 18:52 - 00000000 ____D () C:\ProgramData\83b32e09-56dd-4d15-bbc7-350e8627ec65
2014-11-07 17:49 - 2014-11-20 20:24 - 00000000 ____D () C:\Program Files (x86)\snipsmart
2014-11-07 17:48 - 2014-11-07 17:48 - 00577672 _____ () C:\Users\LEAH\Downloads\Google Earth (2).exe
2014-11-07 17:39 - 2014-11-07 17:39 - 00577680 _____ () C:\Users\LEAH\Downloads\Google Earth (1).exe
2014-11-07 17:26 - 2014-11-07 17:26 - 00003500 _____ () C:\Windows\System32\Tasks\WSE_Lasaoren
2014-11-07 17:25 - 2014-11-12 17:38 - 00000000 ____D () C:\Program Files (x86)\WSE_Lasaoren
2014-11-07 17:25 - 2014-11-07 17:26 - 00000000 ____D () C:\Users\LEAH\AppData\Roaming\WSE_Lasaoren
2014-11-07 17:25 - 2014-11-07 17:25 - 00002992 _____ () C:\Windows\System32\Tasks\{927C330E-D5AF-4C6F-823A-EBFBED91EDCB}
2014-11-07 17:25 - 2014-11-07 17:25 - 00002992 _____ () C:\Windows\System32\Tasks\{6ED07F91-F516-4CB3-96BC-1067883196B0}
2014-11-07 17:20 - 2014-11-07 17:20 - 00003402 _____ () C:\Windows\System32\Tasks\PastaQuotes
2014-11-07 17:19 - 2014-11-15 18:22 - 00000000 ____D () C:\Program Files (x86)\pastaleads
2014-11-07 17:19 - 2014-11-07 17:47 - 00000000 ____D () C:\ProgramData\pastaleads
2014-11-07 17:17 - 2014-11-07 17:17 - 00004450 _____ () C:\Windows\System32\Tasks\Validate Installation
2014-11-07 17:17 - 2014-11-07 17:17 - 00004244 _____ () C:\Windows\System32\Tasks\Check Updates
2014-11-07 17:17 - 2014-11-07 17:17 - 00003852 _____ () C:\Windows\System32\Tasks\GeniusBox
2014-11-07 17:17 - 2014-11-07 17:17 - 00000064 _____ () C:\Users\LEAH\AppData\Local\cf548b833c93eb51cc899e3c11c96c56
2014-11-07 17:17 - 2014-11-07 17:17 - 00000000 ____D () C:\Users\LEAH\AppData\Local\GeniusBox
2014-11-07 17:16 - 2014-11-07 17:16 - 00577672 _____ () C:\Users\LEAH\Downloads\Google Earth.exe
2014-11-07 17:08 - 2014-11-15 15:52 - 00003296 _____ () C:\Windows\System32\Tasks\ASP
2014-11-07 17:07 - 2014-11-17 14:08 - 00000000 ____D () C:\Users\LEAH\AppData\Local\PriceFountain
2014-11-07 17:07 - 2014-11-15 19:52 - 00000000 ____D () C:\Users\LEAH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain
2014-11-07 17:07 - 2014-11-15 18:24 - 00000000 ____D () C:\Users\LEAH\AppData\Roaming\Systweak
2014-11-07 17:07 - 2014-11-07 17:07 - 00000000 ____D () C:\Users\LEAH\AppData\Roaming\PriceFountain
2014-11-07 17:07 - 2014-10-26 11:02 - 00003966 _____ () C:\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi
2014-11-07 17:07 - 2014-10-06 16:36 - 00020296 _____ () C:\Windows\system32\roboot64.exe
2014-11-07 16:54 - 2014-11-07 16:49 - 00819144 _____ (Google Inc.) C:\Users\LEAH\Downloads\GoogleEarthSetup.exe
2014-11-07 16:50 - 2014-11-07 16:50 - 00003500 _____ () C:\Windows\System32\Tasks\WSE_Astromenda
2014-11-07 16:49 - 2014-11-12 17:38 - 00000000 ____D () C:\Program Files (x86)\WSE_Astromenda
2014-11-07 16:49 - 2014-11-07 16:50 - 00000000 ____D () C:\Users\LEAH\AppData\Roaming\WSE_Astromenda
2014-11-07 16:49 - 2014-11-07 16:49 - 00000000 ____D () C:\Users\LEAH\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z
2014-11-19 14:53 - 2014-07-02 15:52 - 00000000 ____D () C:\Users\LEAH\AppData\Local\PlayFree Browser
2014-11-19 03:19 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-17 11:02 - 2013-03-18 06:41 - 00000000 ____D () C:\ProgramData\boost_interprocess
CustomCLSID: HKU\S-1-5-21-629239370-1108922991-2781443091-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\LEAH\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-629239370-1108922991-2781443091-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: {0823FE72-0FB5-496A-A775-5E03128870E3} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\LEAH\AppData\Local\GeniusBox\client.exe"
Task: {3C899E2F-B286-4FFA-8807-AB39D637C33F} - System32\Tasks\WSE_Lasaoren => C:\Users\LEAH\AppData\Roaming\WSE_Lasaoren\UpdateProc\UpdateTask.exe [2014-11-07] () <==== ATTENTION
Task: {42E0C4C5-BB28-4941-904B-0F5D9E891595} - System32\Tasks\PastaQuotes => C:\Program Files (x86)\pastaleads\ScheduledTask.exe
Task: {4445B01D-8438-4623-8671-DE663AE6AE38} - System32\Tasks\Check Updates => C:\Users\LEAH\AppData\Local\GeniusBox\updater.exe
Task: {8D123219-77FB-4BE6-9888-78306F39CE8F} - System32\Tasks\Validate Installation => C:\Users\LEAH\AppData\Local\GeniusBox\updater.exe
Task: {ACC04C76-4D60-4FC8-9DDF-83540FFB8076} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: {E0D6E5FA-C24E-45E2-9B76-C07690C15221} - \Search Armor No Task File <==== ATTENTION
C:\Program Files (x86)\RCP
C:\ProgramData\83b32e09-56dd-4d15-bbc7-350e8627ec65
C:\Program Files (x86)\snipsmart
EmptyTemp:
CMD: bitsadmin /reset /allusers