Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

possible crypto virus need some help [Solved]


  • This topic is locked This topic is locked

#1
bcdraco83

bcdraco83

    New Member

  • Member
  • Pip
  • 9 posts

SO this past few weeks ive noticed a few things happening with my notebook. First my videos wouldn't play then I kept getting malware hits. I did what I could with my Malware and Avast programs. Today I did a more through look into it. I found that all my documents, pdf's, videos and pics all come up with a bunch of gibberish or I cant open the vids and pics. I also found a document in several places that wasn't there before called Help_Decrypt. I stopped downloading a few months ago per my mom and I haven't since. Is there anyway to fix this issue and get my files decrypted or will I have to completely clean my computer somehow? Attached is the file that I found and what Malware found also.

Attached Files


  • 0

Advertisements


#2
bcdraco83

bcdraco83

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

More info for my issue. Doesn't look good from what I've seen.


Edited by bcdraco83, 20 April 2015 - 07:16 PM.

  • 0

#3
bcdraco83

bcdraco83

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by bcdra_000 (administrator) on CALVERT on 20-04-2015 19:15:59
Running from C:\Users\bcdra_000\Desktop
Loaded Profiles: bcdra_000 &  (Available profiles: bcdra_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\TopTab\Chrome Launcher\ChromeLauncher.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Users\bcdra_000\AppData\Roaming\OAS\mcc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Users\bcdra_000\AppData\Roaming\OAS\oasupd.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-11] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\...\Run: [Facebook Update] => C:\Users\bcdra_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-11] (Facebook Inc.)
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\...\Run: [Online Ad Scanner] => C:\Users\bcdra_000\AppData\Roaming\OAS\oasupd.exe [28672 2014-10-20] ()
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\...\Run: [ChromeLauncher] => C:\PROGRAM FILES (X86)\TOPTAB\CHROME LAUNCHER\CHROMELAUNCHER.EXE [91136 2014-11-01] ()
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\...\Run: [uvjsfua] => rundll32 "C:\Users\bcdra_000\AppData\Local\uvjsfua.dll",uvjsfua <===== ATTENTION
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\...\RunOnce: [Adobe Speed Launcher] => 1429375458
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\bcdra_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-11] (Facebook Inc.)
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Online Ad Scanner] => C:\Users\bcdra_000\AppData\Roaming\OAS\oasupd.exe [28672 2014-10-20] ()
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ChromeLauncher] => C:\PROGRAM FILES (X86)\TOPTAB\CHROME LAUNCHER\CHROMELAUNCHER.EXE [91136 2014-11-01] ()
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uvjsfua] => rundll32 "C:\Users\bcdra_000\AppData\Local\uvjsfua.dll",uvjsfua <===== ATTENTION
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Adobe Speed Launcher] => 1429375458
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-11] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-11] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-11] (Avast Software s.r.o.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2527169477-3933765654-3061340152-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\bcdra_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-2527169477-3933765654-3061340152-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\bcdra_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-23]

Chrome:
=======
CHR HomePage: Default -> https://www.facebook.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\bcdra_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\bcdra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-23]
CHR Extension: (Google Drive) - C:\Users\bcdra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-23]
CHR Extension: (YouTube) - C:\Users\bcdra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-23]
CHR Extension: (Google Search) - C:\Users\bcdra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-23]
CHR Extension: (Avast Online Security) - C:\Users\bcdra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\bcdra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-14]
CHR Extension: (Google Wallet) - C:\Users\bcdra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-23]
CHR Extension: (Gmail) - C:\Users\bcdra_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-03-26] (ASUS)
R3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-11] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-04-11] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R3 WakeupService; C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe [45488 2012-12-20] (ASUSTek Computer Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-11] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-04-11] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-11] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-11] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-11] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-11] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-11] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-11] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-02-06] (ASUS Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-19] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
S3 S3XXx64; C:\Windows\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-11] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 19:15 - 2015-04-20 19:15 - 00000000 ____D () C:\Users\bcdra_000\Desktop\FRST-OlderVersion
2015-04-19 15:12 - 2015-04-19 15:12 - 00002053 _____ () C:\Users\bcdra_000\Documents\malware apr 19 2015.txt
2015-04-18 17:24 - 2015-04-18 17:24 - 00002053 _____ () C:\Users\bcdra_000\Documents\malware apr 18 2015.txt
2015-04-18 16:36 - 2010-12-11 14:06 - 727339008 _____ () C:\Users\bcdra_000\Desktop\Up2009KiRo.avi
2015-04-18 16:33 - 2013-05-17 19:03 - 734615290 ____R () C:\Users\bcdra_000\Desktop\Tangled.avi
2015-04-18 16:32 - 2014-04-06 18:25 - 733808640 _____ () C:\Users\bcdra_000\Desktop\The Pirate Fairy.avi
2015-04-18 16:32 - 2014-04-06 17:32 - 1451961123 _____ () C:\Users\bcdra_000\Desktop\Frozen.avi
2015-04-18 16:32 - 2013-07-12 14:17 - 1506490897 ____R () C:\Users\bcdra_000\Desktop\Wreck it Ralph.mp4
2015-04-18 16:32 - 2013-05-22 16:49 - 629321692 ____R () C:\Users\bcdra_000\Desktop\Hotel Transylvania.mp4
2015-04-18 16:31 - 2014-02-01 21:27 - 1600787538 _____ () C:\Users\bcdra_000\Desktop\Despicable Me.avi
2015-04-18 16:31 - 2014-01-23 21:22 - 1176881238 _____ () C:\Users\bcdra_000\Desktop\Brave.avi
2015-04-18 16:31 - 2013-07-15 16:04 - 1919887890 ____R () C:\Users\bcdra_000\Desktop\Despicable Me 2.avi
2015-04-18 16:30 - 2015-03-05 21:47 - 1197549818 _____ () C:\Users\bcdra_000\Desktop\Tinker Bell and the Legend of the Neverbeast 2014 1080p BluRay x264 AAC - Ozlem.mp4
2015-04-18 09:53 - 2015-04-18 09:53 - 00008650 _____ () C:\Users\Public\HELP_DECRYPT.HTML
2015-04-18 09:53 - 2015-04-18 09:53 - 00008650 _____ () C:\Users\bcdra_000\HELP_DECRYPT.HTML
2015-04-18 09:53 - 2015-04-18 09:53 - 00004268 _____ () C:\Users\Public\HELP_DECRYPT.TXT
2015-04-18 09:53 - 2015-04-18 09:53 - 00004268 _____ () C:\Users\bcdra_000\HELP_DECRYPT.TXT
2015-04-18 09:53 - 2015-04-18 09:53 - 00000296 _____ () C:\Users\Public\HELP_DECRYPT.URL
2015-04-18 09:53 - 2015-04-18 09:53 - 00000296 _____ () C:\Users\bcdra_000\HELP_DECRYPT.URL
2015-04-17 22:52 - 2015-04-17 22:52 - 00008650 _____ () C:\Users\bcdra_000\Downloads\HELP_DECRYPT.HTML
2015-04-17 22:52 - 2015-04-17 22:52 - 00008650 _____ () C:\Users\bcdra_000\Documents\HELP_DECRYPT.HTML
2015-04-17 22:52 - 2015-04-17 22:52 - 00004268 _____ () C:\Users\bcdra_000\Downloads\HELP_DECRYPT.TXT
2015-04-17 22:52 - 2015-04-17 22:52 - 00004268 _____ () C:\Users\bcdra_000\Documents\HELP_DECRYPT.TXT
2015-04-17 22:52 - 2015-04-17 22:52 - 00000296 _____ () C:\Users\bcdra_000\Downloads\HELP_DECRYPT.URL
2015-04-17 22:52 - 2015-04-17 22:52 - 00000296 _____ () C:\Users\bcdra_000\Documents\HELP_DECRYPT.URL
2015-04-16 19:40 - 2015-04-16 19:40 - 00008650 _____ () C:\Users\bcdra_000\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-16 19:40 - 2015-04-16 19:40 - 00008650 _____ () C:\Users\bcdra_000\AppData\HELP_DECRYPT.HTML
2015-04-16 19:40 - 2015-04-16 19:40 - 00004268 _____ () C:\Users\bcdra_000\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-16 19:40 - 2015-04-16 19:40 - 00004268 _____ () C:\Users\bcdra_000\AppData\HELP_DECRYPT.TXT
2015-04-16 19:40 - 2015-04-16 19:40 - 00000296 _____ () C:\Users\bcdra_000\AppData\Roaming\HELP_DECRYPT.URL
2015-04-16 19:40 - 2015-04-16 19:40 - 00000296 _____ () C:\Users\bcdra_000\AppData\HELP_DECRYPT.URL
2015-04-16 19:39 - 2015-04-16 19:39 - 00008650 _____ () C:\Users\bcdra_000\AppData\Local\HELP_DECRYPT.HTML
2015-04-16 19:39 - 2015-04-16 19:39 - 00004268 _____ () C:\Users\bcdra_000\AppData\Local\HELP_DECRYPT.TXT
2015-04-16 19:39 - 2015-04-16 19:39 - 00000296 _____ () C:\Users\bcdra_000\AppData\Local\HELP_DECRYPT.URL
2015-04-16 19:38 - 2015-04-16 19:38 - 00008650 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-04-16 19:38 - 2015-04-16 19:38 - 00004268 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-04-16 19:38 - 2015-04-16 19:38 - 00000296 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-04-16 17:14 - 2015-04-16 17:14 - 00000000 ____D () C:\Users\bcdra_000\AppData\Local\Intel_Corporation
2015-04-16 14:16 - 2015-03-14 03:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-16 14:16 - 2015-03-14 03:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-16 14:15 - 2015-02-20 18:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-16 14:13 - 2015-03-12 21:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-16 14:13 - 2015-03-12 21:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-16 13:53 - 2015-03-04 05:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-16 13:53 - 2015-03-03 22:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-16 13:53 - 2015-03-03 21:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-12 12:12 - 2015-04-12 16:40 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-12 12:12 - 2015-04-12 12:12 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-11 19:01 - 2015-04-11 19:01 - 00002000 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-04-11 19:01 - 2015-04-11 19:01 - 00001940 _____ () C:\Users\Public\Desktop\Avast Pro Antivirus.lnk
2015-04-11 19:00 - 2015-04-11 18:59 - 00028144 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-04-11 18:59 - 2015-04-11 18:59 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-04-11 18:59 - 2015-04-11 18:59 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-04-10 18:25 - 2015-04-10 18:25 - 00002418 _____ () C:\April 10 Malwarebytes.txt
2015-03-28 10:12 - 2015-03-28 10:12 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-26 12:22 - 2015-03-10 21:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-03-26 12:22 - 2015-03-10 17:08 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-03-26 12:22 - 2015-03-10 17:08 - 00943104 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-03-26 12:22 - 2015-03-10 17:08 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-03-26 12:22 - 2015-03-10 17:08 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-03-26 12:22 - 2015-03-10 17:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-03-26 12:22 - 2015-03-10 17:08 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-03-24 17:36 - 2015-03-24 17:36 - 00001870 _____ () C:\Users\bcdra_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 19:22 - 2014-12-31 12:59 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{046B8562-7587-48D7-8BA9-205DC6328515}
2015-04-20 19:21 - 2014-11-06 22:33 - 00000000 ____D () C:\Users\bcdra_000\AppData\Roaming\OAS
2015-04-20 19:16 - 2015-03-15 17:45 - 00000000 ____D () C:\FRST
2015-04-20 19:15 - 2015-03-15 17:46 - 00018651 _____ () C:\Users\bcdra_000\Desktop\FRST.txt
2015-04-20 19:15 - 2015-03-15 17:44 - 02099712 _____ (Farbar) C:\Users\bcdra_000\Desktop\FRST64.exe
2015-04-20 19:14 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-19 20:55 - 2014-12-26 14:03 - 01514767 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-19 19:30 - 2014-03-23 12:41 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-19 19:28 - 2014-10-11 13:23 - 00000960 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2527169477-3933765654-3061340152-1001UA.job
2015-04-19 18:20 - 2014-02-10 21:17 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2527169477-3933765654-3061340152-1001
2015-04-19 17:39 - 2014-03-23 21:59 - 00000000 ____D () C:\ProgramData\MCShield
2015-04-19 17:35 - 2014-02-16 19:07 - 00000000 ____D () C:\Users\bcdra_000\AppData\Roaming\uTorrent
2015-04-19 16:44 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-19 16:26 - 2014-08-11 06:38 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 16:17 - 2014-12-26 23:12 - 00000000 ____D () C:\Users\bcdra_000\OneDrive
2015-04-18 11:46 - 2014-02-10 21:14 - 00000062 _____ () C:\Users\bcdra_000\AppData\Roaming\sp_data.sys
2015-04-18 11:46 - 2013-07-17 19:44 - 00003260 _____ () C:\WINDOWS\System32\Tasks\ASUS Patch for Touch Panel
2015-04-18 11:46 - 2013-07-17 19:39 - 00003056 _____ () C:\WINDOWS\System32\Tasks\ASUS P4G
2015-04-18 11:46 - 2013-07-17 19:39 - 00003004 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU
2015-04-18 11:46 - 2013-07-17 19:39 - 00002988 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2015-04-18 11:46 - 2013-07-17 19:38 - 00003114 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update
2015-04-18 11:46 - 2013-07-17 19:38 - 00003028 _____ () C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2015-04-18 11:46 - 2013-07-17 19:34 - 00003542 _____ () C:\WINDOWS\System32\Tasks\ASUS Touchpad Launcher (x64)
2015-04-18 11:43 - 2014-03-23 12:41 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-18 11:42 - 2014-09-24 02:03 - 00138976 _____ () C:\WINDOWS\PFRO.log
2015-04-18 11:42 - 2013-08-22 09:46 - 00293676 _____ () C:\WINDOWS\setupact.log
2015-04-18 11:42 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-18 11:42 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-18 11:39 - 2014-12-26 13:35 - 00000000 ____D () C:\Users\bcdra_000
2015-04-17 22:52 - 2014-06-27 12:09 - 00000000 ____D () C:\Users\bcdra_000\AppData\Roaming\vlc
2015-04-16 20:00 - 2014-07-22 10:39 - 00000000 ____D () C:\Users\bcdra_000\Desktop\SCWS
2015-04-16 19:40 - 2014-02-17 22:27 - 00000000 ____D () C:\Users\bcdra_000\AppData\Roaming\Skype
2015-04-16 19:39 - 2014-11-01 05:57 - 00000000 ____D () C:\Users\bcdra_000\AppData\Roaming\LibreOffice
2015-04-16 19:39 - 2014-03-23 12:44 - 00000000 ____D () C:\Users\bcdra_000\AppData\Roaming\AVAST Software
2015-04-16 19:39 - 2014-03-23 12:41 - 00000000 ____D () C:\Users\bcdra_000\AppData\Local\Google
2015-04-16 19:39 - 2014-02-17 22:27 - 00000000 ____D () C:\Users\bcdra_000\AppData\Local\Skype
2015-04-16 19:39 - 2014-02-10 21:11 - 00000000 ____D () C:\Users\bcdra_000\AppData\Roaming\Adobe
2015-04-16 19:38 - 2014-10-18 09:03 - 00000000 ____D () C:\Users\bcdra_000\AppData\Local\Ankama
2015-04-16 19:38 - 2014-10-11 13:23 - 00000000 ____D () C:\Users\bcdra_000\AppData\Local\Facebook
2015-04-16 19:38 - 2014-02-10 21:13 - 00000000 ____D () C:\Users\bcdra_000\AppData\Local\ASUS
2015-04-16 13:28 - 2014-10-11 13:23 - 00000938 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2527169477-3933765654-3061340152-1001Core.job
2015-04-16 12:58 - 2014-03-23 12:43 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-04-14 20:01 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-11 21:11 - 2014-10-16 12:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-11 21:10 - 2014-09-24 02:15 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-11 21:09 - 2014-02-17 22:27 - 00000000 ____D () C:\ProgramData\Skype
2015-04-11 21:07 - 2014-06-27 12:07 - 00001088 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-11 19:12 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-11 18:59 - 2014-06-01 06:18 - 00029168 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-04-11 18:59 - 2014-03-23 12:40 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-04-11 18:59 - 2014-03-23 12:40 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-04-11 18:59 - 2014-03-23 12:40 - 00271200 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-04-11 18:59 - 2014-03-23 12:40 - 00136752 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-04-11 18:59 - 2014-03-23 12:40 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-04-11 18:59 - 2014-03-23 12:40 - 00088408 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-04-11 18:59 - 2014-03-23 12:40 - 00065736 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-04-10 18:27 - 2013-05-01 04:37 - 00000000 ____D () C:\WINDOWS\es
2015-03-28 10:12 - 2014-08-11 06:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-28 10:12 - 2014-08-11 06:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-28 10:08 - 2015-01-31 09:28 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-03-28 10:08 - 2014-09-24 04:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-03-24 15:44 - 2013-05-01 04:34 - 06182656 _____ () C:\WINDOWS\AsDebug.log
2015-03-23 20:24 - 2015-03-15 17:51 - 00021808 _____ () C:\Users\bcdra_000\Desktop\Addition.txt
2015-03-22 18:45 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-21 16:30 - 2013-05-01 04:34 - 01039566 _____ () C:\WINDOWS\AsCDProc.log

==================== Files in the root of some directories =======

2014-10-19 05:50 - 2014-11-02 02:56 - 0000117 _____ () C:\Users\bcdra_000\AppData\Roaming\D2Info0
2014-10-19 05:50 - 2014-11-02 03:11 - 0000008 _____ () C:\Users\bcdra_000\AppData\Roaming\DofusAppId0_1
2014-10-19 12:12 - 2014-11-01 07:34 - 0000008 _____ () C:\Users\bcdra_000\AppData\Roaming\DofusAppId0_2
2015-04-16 19:40 - 2015-04-16 19:40 - 0008650 _____ () C:\Users\bcdra_000\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-16 19:40 - 2015-04-16 19:40 - 0045786 _____ () C:\Users\bcdra_000\AppData\Roaming\HELP_DECRYPT.PNG
2015-04-16 19:40 - 2015-04-16 19:40 - 0004268 _____ () C:\Users\bcdra_000\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-16 19:40 - 2015-04-16 19:40 - 0000296 _____ () C:\Users\bcdra_000\AppData\Roaming\HELP_DECRYPT.URL
2014-07-25 23:19 - 2014-07-25 23:19 - 0000044 _____ () C:\Users\bcdra_000\AppData\Roaming\mbam.context.scan
2014-02-10 21:14 - 2015-04-18 11:46 - 0000062 _____ () C:\Users\bcdra_000\AppData\Roaming\sp_data.sys
2014-08-27 07:20 - 2014-08-27 07:20 - 0003584 _____ () C:\Users\bcdra_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-16 19:39 - 2015-04-16 19:39 - 0008650 _____ () C:\Users\bcdra_000\AppData\Local\HELP_DECRYPT.HTML
2015-04-16 19:39 - 2015-04-16 19:39 - 0045786 _____ () C:\Users\bcdra_000\AppData\Local\HELP_DECRYPT.PNG
2015-04-16 19:39 - 2015-04-16 19:39 - 0004268 _____ () C:\Users\bcdra_000\AppData\Local\HELP_DECRYPT.TXT
2015-04-16 19:39 - 2015-04-16 19:39 - 0000296 _____ () C:\Users\bcdra_000\AppData\Local\HELP_DECRYPT.URL
2015-04-16 19:38 - 2015-04-16 19:38 - 0008650 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-04-16 19:38 - 2015-04-16 19:38 - 0045786 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-04-16 19:38 - 2015-04-16 19:38 - 0004268 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-04-16 19:38 - 2015-04-16 19:38 - 0000296 _____ () C:\ProgramData\HELP_DECRYPT.URL
2013-05-01 04:34 - 2012-09-07 06:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-05-01 04:34 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-05-01 04:34 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-19 15:02

==================== End Of Log ============================


  • 0

#4
bcdraco83

bcdraco83

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by bcdra_000 at 2015-04-20 20:22:45
Running from C:\Users\bcdra_000\Desktop\FRST-OlderVersion
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.1 - ASUS)
ASUS S200 Product Demo (HKLM-x32\...\{5E396FE4-6110-41C9-9B1F-2F30A4A13715}) (Version: 1.0.0 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.0.1 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.27 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)
Avast Pro Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Chrome Launcher (HKLM-x32\...\{8B5E8E15-7229-4C46-887A-27E1F62AC7FC}) (Version: 1.0.0 - TopTab)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
LibreOffice 4.3.3.2 (HKLM-x32\...\{87C753BB-81E3-403B-BD87-6293F870B20B}) (Version: 4.3.3.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
OAS (HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\...\Online Ad Scanner) (Version: 1.00 - OAS Corp)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6798 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2527169477-3933765654-3061340152-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\bcdra_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2527169477-3933765654-3061340152-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\bcdra_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2527169477-3933765654-3061340152-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\bcdra_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2527169477-3933765654-3061340152-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\bcdra_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

28-03-2015 10:06:55 Windows Update
10-04-2015 18:40:17 Scheduled Checkpoint
11-04-2015 18:56:03 avast! antivirus system restore point
16-04-2015 14:29:12 Windows Update
19-04-2015 15:02:48 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03ECD4FA-0A66-4470-A8C7-0D8C48E4F785} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {0E716F08-E592-429C-B930-B1D6230F829A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-23] (Google Inc.)
Task: {13FCC3C2-AEB3-465A-83D6-D7BDCB185EFC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2527169477-3933765654-3061340152-1001UA => C:\Users\bcdra_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-11] (Facebook Inc.)
Task: {267490C6-D0E0-4C9E-899C-977448CFA7EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-23] (Google Inc.)
Task: {2A60A946-52BE-4963-BAB8-5D68DE62C860} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {2A71437F-DAD7-4864-93AA-4B5CB4E611E4} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {2E8CA2E5-82E8-49FD-A9C1-E5074D92E26E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2527169477-3933765654-3061340152-1001Core => C:\Users\bcdra_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-11] (Facebook Inc.)
Task: {5B933739-E067-4049-8441-FB3A4A6B06A3} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-03-26] (ASUS)
Task: {5C204187-A3C4-4D4E-8996-B571533EA211} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-02-06] (AsusTek)
Task: {5FC140DC-9FAE-4394-BB02-9690BD5081EB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {63A0788C-0626-4CF1-BBED-FF9B4D8E4CD6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-11] (Avast Software s.r.o.)
Task: {6F77B700-C016-495E-8F77-0A96B395BDD6} - System32\Tasks\boosterpop => C:\Program Files (x86)\Portable Booster\WarningPopUp.exe
Task: {797E9C6D-69D8-44B4-8072-ACB2124BD195} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {81985B02-5A62-434A-9D7D-5A8220368C72} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {846C89F9-755E-4985-AD18-168781F86A35} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {902D7CD3-0E45-4658-BB5D-EC3E94655D6F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-15] (Microsoft Corporation)
Task: {DA589A6E-1F5F-4BBB-B2AB-67773D70B9B7} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-29] ()
Task: {E0CE8654-7BAF-47DE-BB02-8F2608B63307} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-29] (ASUS)
Task: {E5D6771F-791E-4DA3-AA21-4467C989626E} - System32\Tasks\ASUS VivoBook => C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe [2013-01-29] (ASUSTeK Computer Inc.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2527169477-3933765654-3061340152-1001Core.job => C:\Users\bcdra_000\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2527169477-3933765654-3061340152-1001UA.job => C:\Users\bcdra_000\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-10-01 14:02 - 2013-10-01 14:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-01 16:39 - 2014-11-01 16:39 - 00091136 _____ () C:\Program Files (x86)\TopTab\Chrome Launcher\ChromeLauncher.exe
2014-09-23 02:09 - 2014-09-23 02:09 - 00007168 _____ () C:\Users\bcdra_000\AppData\Roaming\oas\mcc.exe
2012-12-19 01:10 - 2012-12-19 01:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2013-03-26 16:38 - 2013-03-26 16:38 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-11-29 19:15 - 2012-11-29 19:15 - 00171224 _____ () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
2014-09-22 06:36 - 2014-09-22 06:36 - 00177152 _____ () C:\Users\bcdra_000\AppData\Roaming\oas\oas.exe
2015-04-11 18:59 - 2015-04-11 18:59 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-11 18:59 - 2015-04-11 18:59 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-16 13:00 - 2015-04-16 13:00 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15041601\algo.dll
2015-04-20 20:19 - 2015-04-20 20:19 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15042000\algo.dll
2015-04-11 18:59 - 2015-04-11 18:59 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-07-17 19:34 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-03-28 15:59 - 2014-03-28 15:59 - 01100784 _____ () C:\Users\bcdra_000\AppData\Roaming\oas\avcodec-53.dll
2014-03-28 15:59 - 2014-03-28 15:59 - 00124400 _____ () C:\Users\bcdra_000\AppData\Roaming\oas\avutil-51.dll
2014-03-28 15:59 - 2014-03-28 15:59 - 00191984 _____ () C:\Users\bcdra_000\AppData\Roaming\oas\avformat-53.dll
2014-07-08 11:31 - 2014-07-08 11:31 - 17029808 _____ () C:\Users\bcdra_000\AppData\Roaming\oas\plugins\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\bcdra_000\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\bcdra_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\asus.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe"
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== Accounts: =============================

Administrator (S-1-5-21-2527169477-3933765654-3061340152-500 - Administrator - Disabled)
bcdra_000 (S-1-5-21-2527169477-3933765654-3061340152-1001 - Administrator - Enabled) => C:\Users\bcdra_000
Guest (S-1-5-21-2527169477-3933765654-3061340152-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2527169477-3933765654-3061340152-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2015 08:12:05 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (04/20/2015 08:12:00 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (04/20/2015 08:11:57 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (04/20/2015 08:11:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4

Error: (04/20/2015 08:11:49 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (04/20/2015 08:11:49 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4

Error: (04/20/2015 08:11:49 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (04/20/2015 08:11:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll4

Error: (04/20/2015 07:39:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (04/20/2015 07:39:51 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

System errors:
=============
Error: (04/19/2015 07:38:23 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/19/2015 06:58:38 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/19/2015 06:47:39 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/19/2015 03:02:20 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.

The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x100000000335b2.  The name of the file is "<unable to determine file name>".

Error: (04/18/2015 05:16:19 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/18/2015 11:25:31 AM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}wuauserv

Error: (04/18/2015 09:51:42 AM) (Source: DCOM) (EventID: 10010) (User: CALVERT)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (04/16/2015 07:38:12 PM) (Source: DCOM) (EventID: 10016) (User: CALVERT)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}Calvertbcdra_000S-1-5-21-2527169477-3933765654-3061340152-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/16/2015 05:07:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (04/16/2015 05:07:23 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Microsoft Office Sessions:
=========================
Error: (04/20/2015 08:12:05 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (04/20/2015 08:12:00 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (04/20/2015 08:11:57 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (04/20/2015 08:11:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4

Error: (04/20/2015 08:11:49 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (04/20/2015 08:11:49 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4

Error: (04/20/2015 08:11:49 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (04/20/2015 08:11:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll4

Error: (04/20/2015 07:39:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (04/20/2015 07:39:51 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

==================== Memory info ===========================

Processor: Intel® Pentium® CPU 2117U @ 1.80GHz
Percentage of memory in use: 56%
Total physical RAM: 3981.82 MB
Available physical RAM: 1725.54 MB
Total Pagefile: 5005.82 MB
Available Pagefile: 2202.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.87 GB) (Free:132.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:241.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3E1AB738)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

#5
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi Bryan,

My name is Radek and Donna asked me to take care about your topic. I will be glad to help :)


I see that the infection here is still active, so do not add any other files. They may get encrypted as well. Also, as you are probably aware, there is no well-known way to retrieve the files, so I can't help you with that.


Let's start with the following fix.




FRST.gif Fix with Farbar Recovery Scan Tool



icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    CreateRestorePoint:
    CloseProcesses: 
    Winlogon\Notify\ScCertProp: wlnotify.dll [X]
    HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\...\Run: [uvjsfua] => rundll32 "C:\Users\bcdra_000\AppData\Local\uvjsfua.dll",uvjsfua <===== ATTENTION
    C:\Users\bcdra_000\AppData\Local\uvjsfua.dll
    HKU\S-1-5-21-2527169477-3933765654-3061340152-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uvjsfua] => rundll32 "C:\Users\bcdra_000\AppData\Local\uvjsfua.dll",uvjsfua <===== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
    HKU\S-1-5-21-2527169477-3933765654-3061340152-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Online Ad Scanner] => C:\Users\bcdra_000\AppData\Roaming\OAS\oasupd.exe [28672 2014-10-20] ()
    HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\...\Run: [Online Ad Scanner] => C:\Users\bcdra_000\AppData\Roaming\OAS\oasupd.exe [28672 2014-10-20] ()
    C:\Users\bcdra_000\AppData\Roaming\OAS
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
    FF Plugin HKU\S-1-5-21-2527169477-3933765654-3061340152-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\bcdra_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
    2015-04-18 09:53 - 2015-04-18 09:53 - 00008650 _____ () C:\Users\Public\HELP_DECRYPT.HTML
    2015-04-18 09:53 - 2015-04-18 09:53 - 00008650 _____ () C:\Users\bcdra_000\HELP_DECRYPT.HTML
    2015-04-18 09:53 - 2015-04-18 09:53 - 00004268 _____ () C:\Users\Public\HELP_DECRYPT.TXT
    2015-04-18 09:53 - 2015-04-18 09:53 - 00004268 _____ () C:\Users\bcdra_000\HELP_DECRYPT.TXT
    2015-04-18 09:53 - 2015-04-18 09:53 - 00000296 _____ () C:\Users\Public\HELP_DECRYPT.URL
    2015-04-18 09:53 - 2015-04-18 09:53 - 00000296 _____ () C:\Users\bcdra_000\HELP_DECRYPT.URL
    2015-04-17 22:52 - 2015-04-17 22:52 - 00008650 _____ () C:\Users\bcdra_000\Downloads\HELP_DECRYPT.HTML
    2015-04-17 22:52 - 2015-04-17 22:52 - 00008650 _____ () C:\Users\bcdra_000\Documents\HELP_DECRYPT.HTML
    2015-04-17 22:52 - 2015-04-17 22:52 - 00004268 _____ () C:\Users\bcdra_000\Downloads\HELP_DECRYPT.TXT
    2015-04-17 22:52 - 2015-04-17 22:52 - 00004268 _____ () C:\Users\bcdra_000\Documents\HELP_DECRYPT.TXT
    2015-04-17 22:52 - 2015-04-17 22:52 - 00000296 _____ () C:\Users\bcdra_000\Downloads\HELP_DECRYPT.URL
    2015-04-17 22:52 - 2015-04-17 22:52 - 00000296 _____ () C:\Users\bcdra_000\Documents\HELP_DECRYPT.URL
    2015-04-16 19:40 - 2015-04-16 19:40 - 00008650 _____ () C:\Users\bcdra_000\AppData\Roaming\HELP_DECRYPT.HTML
    2015-04-16 19:40 - 2015-04-16 19:40 - 00008650 _____ () C:\Users\bcdra_000\AppData\HELP_DECRYPT.HTML
    2015-04-16 19:40 - 2015-04-16 19:40 - 00004268 _____ () C:\Users\bcdra_000\AppData\Roaming\HELP_DECRYPT.TXT
    2015-04-16 19:40 - 2015-04-16 19:40 - 00004268 _____ () C:\Users\bcdra_000\AppData\HELP_DECRYPT.TXT
    2015-04-16 19:40 - 2015-04-16 19:40 - 00000296 _____ () C:\Users\bcdra_000\AppData\Roaming\HELP_DECRYPT.URL
    2015-04-16 19:40 - 2015-04-16 19:40 - 00000296 _____ () C:\Users\bcdra_000\AppData\HELP_DECRYPT.URL
    2015-04-16 19:39 - 2015-04-16 19:39 - 00008650 _____ () C:\Users\bcdra_000\AppData\Local\HELP_DECRYPT.HTML
    2015-04-16 19:39 - 2015-04-16 19:39 - 00004268 _____ () C:\Users\bcdra_000\AppData\Local\HELP_DECRYPT.TXT
    2015-04-16 19:39 - 2015-04-16 19:39 - 00000296 _____ () C:\Users\bcdra_000\AppData\Local\HELP_DECRYPT.URL
    2015-04-16 19:38 - 2015-04-16 19:38 - 00008650 _____ () C:\ProgramData\HELP_DECRYPT.HTML
    2015-04-16 19:38 - 2015-04-16 19:38 - 00004268 _____ () C:\ProgramData\HELP_DECRYPT.TXT
    2015-04-16 19:38 - 2015-04-16 19:38 - 00000296 _____ () C:\ProgramData\HELP_DECRYPT.URL
    CMD: bitsadmin /reset /allusers
    RemoveProxy:
    EmptyTemp:
    Reboot: 
    end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.
  • 0

#6
bcdraco83

bcdraco83

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Radek, I believe that I have followed your directions correctly. Here is the report from the FRST scan:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by bcdra_000 at 2015-04-22 20:17:03 Run:1
Running from C:\Users\bcdra_000\Desktop\FRST
Loaded Profiles: bcdra_000 (Available profiles: bcdra_000)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\...\Run: [uvjsfua] => rundll32 "C:\Users\bcdra_000\AppData\Local\uvjsfua.dll",uvjsfua <===== ATTENTION
C:\Users\bcdra_000\AppData\Local\uvjsfua.dll
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uvjsfua] => rundll32 "C:\Users\bcdra_000\AppData\Local\uvjsfua.dll",uvjsfua <===== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Online Ad Scanner] => C:\Users\bcdra_000\AppData\Roaming\OAS\oasupd.exe [28672 2014-10-20] ()
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\...\Run: [Online Ad Scanner] => C:\Users\bcdra_000\AppData\Roaming\OAS\oasupd.exe [28672 2014-10-20] ()
C:\Users\bcdra_000\AppData\Roaming\OAS
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin HKU\S-1-5-21-2527169477-3933765654-3061340152-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\bcdra_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
2015-04-18 09:53 - 2015-04-18 09:53 - 00008650 _____ () C:\Users\Public\HELP_DECRYPT.HTML
2015-04-18 09:53 - 2015-04-18 09:53 - 00008650 _____ () C:\Users\bcdra_000\HELP_DECRYPT.HTML
2015-04-18 09:53 - 2015-04-18 09:53 - 00004268 _____ () C:\Users\Public\HELP_DECRYPT.TXT
2015-04-18 09:53 - 2015-04-18 09:53 - 00004268 _____ () C:\Users\bcdra_000\HELP_DECRYPT.TXT
2015-04-18 09:53 - 2015-04-18 09:53 - 00000296 _____ () C:\Users\Public\HELP_DECRYPT.URL
2015-04-18 09:53 - 2015-04-18 09:53 - 00000296 _____ () C:\Users\bcdra_000\HELP_DECRYPT.URL
2015-04-17 22:52 - 2015-04-17 22:52 - 00008650 _____ () C:\Users\bcdra_000\Downloads\HELP_DECRYPT.HTML
2015-04-17 22:52 - 2015-04-17 22:52 - 00008650 _____ () C:\Users\bcdra_000\Documents\HELP_DECRYPT.HTML
2015-04-17 22:52 - 2015-04-17 22:52 - 00004268 _____ () C:\Users\bcdra_000\Downloads\HELP_DECRYPT.TXT
2015-04-17 22:52 - 2015-04-17 22:52 - 00004268 _____ () C:\Users\bcdra_000\Documents\HELP_DECRYPT.TXT
2015-04-17 22:52 - 2015-04-17 22:52 - 00000296 _____ () C:\Users\bcdra_000\Downloads\HELP_DECRYPT.URL
2015-04-17 22:52 - 2015-04-17 22:52 - 00000296 _____ () C:\Users\bcdra_000\Documents\HELP_DECRYPT.URL
2015-04-16 19:40 - 2015-04-16 19:40 - 00008650 _____ () C:\Users\bcdra_000\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-16 19:40 - 2015-04-16 19:40 - 00008650 _____ () C:\Users\bcdra_000\AppData\HELP_DECRYPT.HTML
2015-04-16 19:40 - 2015-04-16 19:40 - 00004268 _____ () C:\Users\bcdra_000\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-16 19:40 - 2015-04-16 19:40 - 00004268 _____ () C:\Users\bcdra_000\AppData\HELP_DECRYPT.TXT
2015-04-16 19:40 - 2015-04-16 19:40 - 00000296 _____ () C:\Users\bcdra_000\AppData\Roaming\HELP_DECRYPT.URL
2015-04-16 19:40 - 2015-04-16 19:40 - 00000296 _____ () C:\Users\bcdra_000\AppData\HELP_DECRYPT.URL
2015-04-16 19:39 - 2015-04-16 19:39 - 00008650 _____ () C:\Users\bcdra_000\AppData\Local\HELP_DECRYPT.HTML
2015-04-16 19:39 - 2015-04-16 19:39 - 00004268 _____ () C:\Users\bcdra_000\AppData\Local\HELP_DECRYPT.TXT
2015-04-16 19:39 - 2015-04-16 19:39 - 00000296 _____ () C:\Users\bcdra_000\AppData\Local\HELP_DECRYPT.URL
2015-04-16 19:38 - 2015-04-16 19:38 - 00008650 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-04-16 19:38 - 2015-04-16 19:38 - 00004268 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-04-16 19:38 - 2015-04-16 19:38 - 00000296 _____ () C:\ProgramData\HELP_DECRYPT.URL
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => Key deleted successfully.
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\Software\Microsoft\Windows\CurrentVersion\Run\\uvjsfua => value deleted successfully.
"C:\Users\bcdra_000\AppData\Local\uvjsfua.dll" => File/Directory not found.
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\uvjsfua => Value not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKCR\PROTOCOLS\Filter\application/x-mfe-ipt" => Key deleted successfully.
HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => Key not found.
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Online Ad Scanner => Value not found.
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Online Ad Scanner => value deleted successfully.
C:\Users\bcdra_000\AppData\Roaming\OAS => Moved successfully.
"HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10" => Key deleted successfully.
"HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin" => Key deleted successfully.
C:\Users\bcdra_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll not found.
C:\Users\Public\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\bcdra_000\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Public\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\bcdra_000\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Public\HELP_DECRYPT.URL => Moved successfully.
C:\Users\bcdra_000\HELP_DECRYPT.URL => Moved successfully.
C:\Users\bcdra_000\Downloads\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\bcdra_000\Documents\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\bcdra_000\Downloads\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\bcdra_000\Documents\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\bcdra_000\Downloads\HELP_DECRYPT.URL => Moved successfully.
C:\Users\bcdra_000\Documents\HELP_DECRYPT.URL => Moved successfully.
C:\Users\bcdra_000\AppData\Roaming\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\bcdra_000\AppData\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\bcdra_000\AppData\Roaming\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\bcdra_000\AppData\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\bcdra_000\AppData\Roaming\HELP_DECRYPT.URL => Moved successfully.
C:\Users\bcdra_000\AppData\HELP_DECRYPT.URL => Moved successfully.
C:\Users\bcdra_000\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\bcdra_000\AppData\Local\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\bcdra_000\AppData\Local\HELP_DECRYPT.URL => Moved successfully.
C:\ProgramData\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\HELP_DECRYPT.URL => Moved successfully.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{1C293487-10D8-4012-8F8E-961659E20ED5} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-2527169477-3933765654-3061340152-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

========= End of RemoveProxy: =========

EmptyTemp: => Removed 1 GB temporary data.

The system needed a reboot.

==== End of Fixlog 20:20:23 ====


  • 0

#7
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi,

I am sorry - I went to visit my family living on Belarus, there was a huge storm, we had 3 days without any electricity and the internet connection was totally broken down for almost two weeks. It's the first day I am able to reply and I am really sorry for that. Nobody expected that :(



Since a couple of days have passed, I'm gonna need a fresh set of logfiles.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
  • 0

#8
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,493 posts
Hi Naathim,

I have Bryan's notebook in my possession. It is in pretty bad shape and I have decided to recover to factory defaults. He's just going to have to deal with the loss of over 1700 files that ListCWall found that were encrypted.

I'll send you his ID number for MBAM in a PM.

He also has Avast Pro Antivirus installed for which I will need to get the license number as well.

He wants me to thank you for your help. And I thank you for coming to his aide.

Donna :)
  • 0

#9
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Thank you for the heads up Donna :)

So I will close this thread as resolved, warm regardgs to both of you :)
  • 0

#10
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP