Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with fixlist to start removing Cryptowall 3.0 please!


  • This topic is locked This topic is locked
15 replies to this topic

#1 Cstevens0713

Cstevens0713

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 05 February 2015 - 12:52 AM

Hello there! This is a first for me. Any malware I've encountered before I've been able to get rid of with Malwarebytes. This Cryptowall is a whole new beast. I've done a lot of researching and reading up on it to educate myself and my research shows you guys might be my best bet.

Please keep in mind that I'm a real beginner to all this so be patient with me. I'm good at following instructions though!

I'm on a Toshiba laptop running Windows Vista 64. I'd love to save some of my files but I'm prepared that it's unlikely that will happen. At the very least I need to get this removed so I don't have to buy a new computer.

After reading your intro and tutuorials I've downloaded the Farbar Recovery Scan Tool and here is my FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Owner (administrator) on CHRISTI on 04-02-2015 23:45:49
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [5682688 2008-01-29] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1573160 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431968 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52560 2007-12-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [518008 2008-06-02] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [865280 2008-05-09] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.)
HKLM-x32\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1311296964\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAC0AQQAzAFoAOAA4AC0ANgBHAEIASgBLAC0ANgBSAFcARwBBAC0AQQBNAEgAOQBQAC0AVgBBAFkAVgBIAA"&"inst=NwA2AC0AMQAyADIAMQAwADAAMgA (the data entry has 240 more characters).
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-01-29] (TOSHIBA)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [160592 2010-01-23] (Siber Systems)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-02] (Google Inc.)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [Facebook Update] => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-30] (Facebook Inc.)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [Uxhsmedia] => regsvr32.exe C:\Users\Owner\AppData\Local\Uxhsmedia\LX___view.DLL <===== ATTENTION
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-10-02] (Apple Inc.)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-04-22] (NETGEAR Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()
InternetURL: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.torpaysolutions.com/1Np19pd

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
URLSearchHook: HKLM-x32 - AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} -  No File
URLSearchHook: HKLM-x32 - AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
URLSearchHook: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 - (No Name) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - No File
SearchScopes: HKLM -> DefaultScope {E98BCE4D-1517-4E84-9888-B8E79ADEA8D7} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM -> {E98BCE4D-1517-4E84-9888-B8E79ADEA8D7} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM-x32 -> DefaultScope {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM-x32 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
SearchScopes: HKLM-x32 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> DefaultScope {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7MXGB_en
SearchScopes: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL =
SearchScopes: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7MXGB_en
SearchScopes: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> {C9909EE9-71B1-4F02-8FCC-9AABC84C97E4} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> {E0CDF45F-615C-4C0E-954D-D339B8BE76C2} URL = http://www.youtube.com/results?search_query={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
BHO-x32: No Name -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: PDFLite Toolbar Helper -> {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} -> C:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {78875F5C-A685-4405-8DC5-D48DC65452B0} ->  No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: AIM Toolbar Loader -> {b0cda128-b425-4eef-a174-61a11ac5dbf8} -> C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
Toolbar: HKLM-x32 - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - PDFLite Toolbar - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - C:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> No Name - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> No Name - {37153479-1976-43C3-A1EE-557513977B64} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} http://cma2.globalcam.net:82/activex/AMC.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF DefaultSearchEngine: Mysearchdial
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @ei.CouponAlert_2p.com/Plugin -> C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4063313619-1723515617-2976088434-1002: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKU\S-1-5-21-4063313619-1723515617-2976088434-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-4063313619-1723515617-2976088434-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4063313619-1723515617-2976088434-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4063313619-1723515617-2976088434-1002: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Owner\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-4063313619-1723515617-2976088434-1002: google.com/WidevineMediaOptimizer -> C:\Users\Owner\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.)
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npunagi2.dll (America Online, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF Extension: CFlashFileBuilder Object - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\Extensions\{D3A6A848-B20D-62BA-1FDA-F6584BD3070C} [2014-03-22]
FF Extension: Search-Results Toolbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\Extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [2012-11-11]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-16]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-03]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} [Not Found]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Coupon Alert Installer Plugin Stub) - C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (CFlashFileBuilder Object) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-03-22]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-11-05]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR Extension: (Default Extension) - C:\Users\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadhdbdgdjgcgedddhdgdddbdegbdbgd [2012-06-07]
CHR Extension: (Default Extension) - C:\Users\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aaflefmnlongdfabhhcldnjeiilaclcg [2012-05-06]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\Users\Owner\AppData\Local\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2012-09-06] (Two Pilots) [File not signed]
S2 ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [File not signed]
S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-12-03] (Coupons.com Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [937984 2007-10-30] (Atheros Communications, Inc.) [File not signed]
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093872 2008-06-30] (Symantec Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]
S3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [84992 2008-04-24] (Toshiba) [File not signed]
S2 TNaviSrv; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-01-21] (TOSHIBA Corporation)
S2 TODDSrv; C:\Windows\system32\TODDSrv.exe [135168 2007-11-21] (TOSHIBA Corporation) [File not signed]
S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [175104 2007-12-03] (TOSHIBA Corporation) [File not signed]
S2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2009-02-25] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [131632 2009-02-25] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-06-15] (CACE Technologies, Inc.)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [19544 2009-09-28] ()
R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2012-02-24] (TuneClone Software)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SABKUTIL; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
S3 SABProcEnum; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X]
S3 SVRPEDRV; \??\C:\Windows\SysWOW64\sysprep\UP_date\PEDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 23:14 - 2015-02-04 23:14 - 04437680 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-04 22:46 - 2015-02-04 22:46 - 02131968 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
2015-02-04 22:36 - 2015-02-04 23:45 - 00010685 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-02-04 22:29 - 2015-02-04 22:29 - 02131968 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-02-04 13:35 - 2015-02-04 13:35 - 00038747 _____ () C:\Users\Owner\Desktop\Addition.txt
2015-02-04 13:34 - 2015-02-04 13:34 - 00051829 _____ () C:\FRST.txt
2015-02-04 13:23 - 2015-02-04 23:45 - 00000000 ____D () C:\FRST
2015-02-03 22:04 - 2015-02-03 22:04 - 00000000 _____ () C:\autoexec.bat
2015-02-03 22:03 - 2015-02-03 22:03 - 00003324 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-02-03 22:00 - 2015-02-03 22:00 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Desktop\SpyHunter-Installer.exe
2015-02-03 14:46 - 2015-02-04 12:42 - 00000000 ____D () C:\ProgramData\IopfEbepu
2015-02-03 13:36 - 2015-02-03 13:36 - 00008658 _____ () C:\Users\Public\HELP_DECRYPT.HTML
2015-02-03 13:36 - 2015-02-03 13:36 - 00008658 _____ () C:\Users\Owner\Desktop\HELP_DECRYPT.HTML
2015-02-03 13:36 - 2015-02-03 13:36 - 00004272 _____ () C:\Users\Public\HELP_DECRYPT.TXT
2015-02-03 13:36 - 2015-02-03 13:36 - 00004272 _____ () C:\Users\Owner\Desktop\HELP_DECRYPT.TXT
2015-02-03 13:36 - 2015-02-03 13:36 - 00000304 _____ () C:\Users\Public\HELP_DECRYPT.URL
2015-02-03 13:36 - 2015-02-03 13:36 - 00000304 _____ () C:\Users\Owner\Desktop\HELP_DECRYPT.URL
2015-02-03 13:32 - 2015-02-03 13:32 - 00008658 _____ () C:\Users\Owner\HELP_DECRYPT.HTML
2015-02-03 13:32 - 2015-02-03 13:32 - 00004272 _____ () C:\Users\Owner\HELP_DECRYPT.TXT
2015-02-03 13:32 - 2015-02-03 13:32 - 00000304 _____ () C:\Users\Owner\HELP_DECRYPT.URL
2015-02-02 22:02 - 2015-02-02 22:02 - 00008658 _____ () C:\Users\Owner\Downloads\HELP_DECRYPT.HTML
2015-02-02 22:02 - 2015-02-02 22:02 - 00004272 _____ () C:\Users\Owner\Downloads\HELP_DECRYPT.TXT
2015-02-02 22:02 - 2015-02-02 22:02 - 00000304 _____ () C:\Users\Owner\Downloads\HELP_DECRYPT.URL
2015-02-02 16:55 - 2015-02-02 16:55 - 00008658 _____ () C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.HTML
2015-02-02 16:55 - 2015-02-02 16:55 - 00004272 _____ () C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.TXT
2015-02-02 16:55 - 2015-02-02 16:55 - 00000304 _____ () C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.URL
2015-02-02 16:09 - 2015-02-02 16:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Valassis
2015-02-02 16:09 - 2015-02-02 16:09 - 00000000 ____D () C:\Program Files (x86)\Valassis
2015-02-02 15:58 - 2015-02-02 15:58 - 00008658 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-02 15:58 - 2015-02-02 15:58 - 00008658 _____ () C:\Users\Owner\AppData\HELP_DECRYPT.HTML
2015-02-02 15:58 - 2015-02-02 15:58 - 00004272 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.TXT
2015-02-02 15:58 - 2015-02-02 15:58 - 00004272 _____ () C:\Users\Owner\AppData\HELP_DECRYPT.TXT
2015-02-02 15:58 - 2015-02-02 15:58 - 00000304 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.URL
2015-02-02 15:58 - 2015-02-02 15:58 - 00000304 _____ () C:\Users\Owner\AppData\HELP_DECRYPT.URL
2015-02-02 15:48 - 2015-02-02 15:48 - 00008658 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.HTML
2015-02-02 15:48 - 2015-02-02 15:48 - 00004272 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.TXT
2015-02-02 15:48 - 2015-02-02 15:48 - 00000304 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.URL
2015-02-02 15:21 - 2015-02-02 15:21 - 00008658 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-02-02 15:21 - 2015-02-02 15:21 - 00004272 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-02-02 15:21 - 2015-02-02 15:21 - 00000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-02-01 15:43 - 2015-02-01 15:43 - 00001815 _____ () C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2015-02-01 15:43 - 2015-02-01 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP560 series
2015-02-01 15:43 - 2015-02-01 15:43 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2015-02-01 15:42 - 2009-04-03 15:57 - 00106496 _____ (CANON INC.) C:\Windows\SysWOW64\CNC560U.dll
2015-02-01 15:42 - 2009-03-19 14:38 - 00303104 _____ (CANON INC.) C:\Windows\SysWOW64\CNC560L.dll
2015-02-01 15:42 - 2009-02-16 12:19 - 00012800 _____ () C:\Windows\SysWOW64\CNC173ED.TBL
2015-02-01 15:42 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2015-01-31 20:18 - 2015-01-31 20:18 - 00003004 _____ () C:\Windows\System32\Tasks\{4ABFC483-C4BE-4DF9-89A0-4121181AD57B}
2015-01-30 19:27 - 2015-01-30 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-30 17:49 - 2015-02-01 17:18 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-30 17:48 - 2015-01-30 17:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina – Print Savings
2015-01-30 17:48 - 2015-01-30 17:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Catalina – Print Savings
2015-01-30 17:37 - 2015-01-30 17:37 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2015-01-30 17:21 - 2015-02-04 12:53 - 00094688 _____ () C:\Windows\PFRO.log
2015-01-30 17:12 - 2015-01-30 17:12 - 00001827 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk
2015-01-30 17:12 - 2015-01-30 17:12 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2015-01-30 17:05 - 2015-01-30 17:05 - 00000000 ____D () C:\Program Files\Canon
2015-01-30 17:04 - 2015-01-30 17:04 - 00002160 _____ () C:\Users\Public\Desktop\Canon MG5500 series On-screen Manual.lnk
2015-01-30 17:04 - 2015-01-30 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5500 series Manual
2015-01-29 20:54 - 2013-04-04 05:00 - 00391168 _____ (CANON INC.) C:\Windows\system32\CNMLMBU.DLL
2015-01-29 18:27 - 2015-01-29 18:27 - 560326843 _____ () C:\Windows\MEMORY.DMP
2015-01-29 18:27 - 2015-01-29 18:27 - 00274504 _____ () C:\Windows\Minidump\Mini012915-01.dmp
2015-01-29 01:07 - 2015-02-02 21:18 - 00000000 ____D () C:\Users\Owner\Downloads\Odd Thomas-2013-DVDrip-pixie09
2015-01-28 23:02 - 2015-01-28 23:36 - 1767072368 ____R () C:\Users\Owner\Downloads\Jessabelle 2014.mp4
2015-01-28 23:00 - 2015-02-02 21:55 - 00000000 ____D () C:\Users\Owner\Downloads\The.Remaining.2014.BRRip.XviD.AC3-EVO
2015-01-28 22:43 - 2015-01-28 22:43 - 00000000 ____D () C:\Users\Owner\Downloads\American.Sniper.2014.V2.SCR.AC3.x264-LEGi0N
2015-01-26 15:58 - 2015-02-02 21:36 - 00000000 ____D () C:\Users\Owner\Downloads\The Ouija Resurrection 2015 HDRIP AAC X264-KREW
2015-01-26 15:27 - 2015-01-26 15:48 - 00000000 ____D () C:\Users\Owner\Downloads\Taken.3.2014.720p.WEB-DL.x264.AAC-iFT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 23:34 - 2008-08-20 14:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-04 23:22 - 2012-10-24 11:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\BitTorrent
2015-02-04 23:13 - 2014-08-23 02:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 23:13 - 2012-12-01 14:36 - 00000402 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2015-02-04 23:13 - 2012-09-13 15:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 23:13 - 2009-10-11 01:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 23:10 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 23:10 - 2006-11-02 10:22 - 00005952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 23:10 - 2006-11-02 10:22 - 00005952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 23:04 - 2013-01-17 02:52 - 00000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
2015-02-04 21:37 - 2011-10-27 09:32 - 00001356 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2015-02-04 12:45 - 2014-08-23 02:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-04 12:42 - 2012-05-23 10:36 - 00000000 ____D () C:\Users\Owner\AppData\Local\CRE
2015-02-04 12:09 - 2014-08-23 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-04 12:09 - 2012-05-06 15:39 - 00000912 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-03 22:04 - 2009-10-11 01:02 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 22:04 - 2008-09-19 15:15 - 01758140 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 21:59 - 2013-08-30 17:54 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4063313619-1723515617-2976088434-1002UA.job
2015-02-03 21:55 - 2011-11-03 09:23 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4063313619-1723515617-2976088434-1002UA.job
2015-02-03 21:36 - 2011-01-15 22:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2015-02-03 18:59 - 2013-08-30 17:54 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4063313619-1723515617-2976088434-1002Core.job
2015-02-03 13:36 - 2009-07-31 20:32 - 00001839 _____ () C:\Users\Owner\Desktop\FreeCell.lnk
2015-02-03 13:32 - 2009-05-20 10:45 - 00000000 ____D () C:\Users\Owner
2015-02-03 12:57 - 2011-11-03 09:23 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4063313619-1723515617-2976088434-1002Core.job
2015-02-03 00:04 - 2014-01-22 21:33 - 00000000 ____D () C:\Users\Owner\Pics to print
2015-02-02 22:02 - 2014-11-22 18:47 - 00000000 ____D () C:\Users\Owner\Downloads\WinRAR.5.11.32bit.64bit..FFF.Anonymous.DM999
2015-02-02 22:02 - 2014-10-20 16:00 - 00000000 ____D () C:\Users\Owner\Downloads\The.Town.That.Dreaded.Sundown.2014.READNFO.CUSTOM.HDRip.NTSC.DVDR-REKoDE
2015-02-02 21:46 - 2014-08-04 19:45 - 00000000 ____D () C:\Users\Owner\Downloads\The.Purge.Anarchy.2014.blurred Subtitles Xvid AC3-STINKBOMB
2015-02-02 21:44 - 2014-11-23 22:08 - 00000000 ____D () C:\Users\Owner\Downloads\The.November.Man.2014.DVDRip.XviD-iFT
2015-02-02 21:33 - 2014-11-23 22:17 - 00000000 ____D () C:\Users\Owner\Downloads\Predestination.2014.DVDRip.XviD.AC3-EVO
2015-02-02 21:24 - 2014-08-13 16:12 - 00000000 ____D () C:\Users\Owner\Downloads\Pitbull_Feat._Kesha-Timber__Remixes-WEB-2014-UKHx
2015-02-02 21:24 - 2014-05-09 18:08 - 00000000 ____D () C:\Users\Owner\Downloads\Paranormal.Activity.The.Marked.Ones.2014.Mp4.Mobile-eXceSs
2015-02-02 21:16 - 2013-10-06 10:23 - 00000000 ____D () C:\Users\Owner\Downloads\Now That's What I Call The 80s
2015-02-02 21:12 - 2014-11-09 13:54 - 00000000 ____D () C:\Users\Owner\Downloads\Now That's What I Call Country - Volume 7 (2014)
2015-02-02 21:11 - 2014-11-22 18:33 - 00000000 ____D () C:\Users\Owner\Downloads\Malwarebytes.Anti-Malware.Premium.v2.0.2.1012.Multilingual.Incl.Keygen-BRD
2015-02-02 21:11 - 2014-11-02 06:34 - 00000000 ____D () C:\Users\Owner\Downloads\Left.Behind.2014.HDRip.XviD.AC3-EVO
2015-02-02 21:05 - 2014-12-21 19:54 - 00000000 ____D () C:\Users\Owner\Downloads\Jingle.All.the.Way.2.2014.HDRip.XviD-iFT
2015-02-02 20:53 - 2014-08-13 16:09 - 00000000 ____D () C:\Users\Owner\Downloads\Iggy_Azalea-The_New_Classic-Limited_Deluxe_Edition-CD-FLAC-2014-PERFECT
2015-02-02 20:45 - 2014-10-20 17:28 - 00000000 ____D () C:\Users\Owner\Downloads\Earth to Echo 2014 720p BluRay x264 AAC - Ozlem
2015-02-02 20:42 - 2014-11-02 01:47 - 00000000 ____D () C:\Users\Owner\Downloads\Dont.Blink.2014.HDRip.XviD-ViP3R
2015-02-02 20:38 - 2014-11-09 13:16 - 00000000 ____D () C:\Users\Owner\Downloads\Brantley Gilbert - Just As I Am [2014-MP3-320]
2015-02-02 17:55 - 2011-11-03 09:24 - 00002053 _____ () C:\Users\Owner\Desktop\Google Chrome.lnk
2015-02-02 16:55 - 2012-12-10 19:57 - 00000000 ____D () C:\Users\Owner\Desktop\Documents\Neat Data
2015-02-02 16:55 - 2010-01-23 04:42 - 00000000 ____D () C:\Users\Owner\Desktop\Documents\My RoboForm Data
2015-02-02 16:53 - 2013-01-20 20:21 - 00000000 ____D () C:\Users\Owner\Desktop\Documents\Farm Files
2015-02-02 16:53 - 2012-06-24 01:02 - 00000000 ____D () C:\Users\Owner\Desktop\Convert to iTunes
2015-02-02 16:53 - 2009-07-31 21:06 - 00000000 ____D () C:\Users\Owner\Desktop\Documents\DivXAudioCompressor_4.02
2015-02-02 16:02 - 2010-04-18 20:26 - 00000000 ____D () C:\Users\Owner\Desktop\All Music Backup
2015-02-02 15:58 - 2012-07-08 16:35 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SuperAdBlocker.com
2015-02-02 15:58 - 2011-02-19 16:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TOSHIBA
2015-02-02 15:58 - 2009-07-31 21:12 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\UseNeXT
2015-02-02 15:57 - 2009-08-21 04:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Real
2015-02-02 15:57 - 2009-08-05 18:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2015-02-02 15:56 - 2014-08-23 05:12 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Hobbyist Software
2015-02-02 15:56 - 2014-08-22 23:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2015-02-02 15:56 - 2014-08-14 21:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Babylon
2015-02-02 15:56 - 2011-06-30 09:23 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Canon
2015-02-02 15:56 - 2009-07-31 22:26 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Apple Computer
2015-02-02 15:55 - 2009-07-31 23:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AOL
2015-02-02 15:55 - 2009-07-31 19:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe
2015-02-02 15:48 - 2014-06-15 23:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\NETGEARGenie
2015-02-02 15:48 - 2014-03-22 02:32 - 00000000 ____D () C:\Users\Owner\AppData\Local\Uxhsmedia
2015-02-02 15:47 - 2009-11-27 17:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Games
2015-02-02 15:47 - 2009-08-05 18:42 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
2015-02-02 15:45 - 2012-11-11 04:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\iLivid
2015-02-02 15:23 - 2009-05-20 14:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2015-02-02 15:22 - 2013-08-30 17:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\Facebook
2015-02-02 15:22 - 2009-07-31 22:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple Computer
2015-02-02 15:21 - 2014-05-09 20:42 - 00000000 ____D () C:\Users\Owner\AppData\Local\7B0D958E-E6E7-42F7-A538-7E874F6C82AE.aplzod
2015-02-02 15:21 - 2009-08-20 16:05 - 00000000 ____D () C:\ProgramData\Skype
2015-02-02 15:21 - 2009-07-31 23:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\AOL
2015-02-02 15:20 - 2009-07-31 23:44 - 00000000 ____D () C:\ProgramData\AOL
2015-02-01 21:30 - 2011-12-09 21:12 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-01 15:45 - 2006-11-02 10:42 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-01 15:43 - 2010-10-16 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
2015-02-01 15:43 - 2010-10-16 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-02-01 15:43 - 2010-10-16 12:06 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-02-01 15:43 - 2006-11-02 08:33 - 00000000 __RSD () C:\Windows\Media
2015-01-30 17:21 - 2010-10-16 12:09 - 00000000 ____D () C:\Windows\system32\STRING
2015-01-30 17:03 - 2010-10-16 12:09 - 00000000 ___HD () C:\Program Files\CanonBJ
2015-01-30 16:48 - 2011-04-07 18:50 - 00000000 ____D () C:\Program Files (x86)\Coupons
2015-01-30 16:47 - 2011-04-07 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-01-30 16:36 - 2008-08-20 14:37 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-29 18:27 - 2009-02-01 14:49 - 00000000 ____D () C:\Windows\Minidump
2015-01-26 16:13 - 2012-09-13 15:42 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-26 16:13 - 2012-05-27 01:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 16:13 - 2011-08-28 23:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 14:43 - 2013-10-02 04:36 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-08 09:55 - 2009-10-02 11:29 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-02-02 15:58 - 2015-02-02 15:58 - 0008658 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-02 15:58 - 2015-02-02 15:58 - 0045933 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.PNG
2015-02-02 15:58 - 2015-02-02 15:58 - 0004272 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.TXT
2015-02-02 15:58 - 2015-02-02 15:58 - 0000304 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.URL
2009-08-04 09:06 - 2009-11-24 18:48 - 0026311 _____ () C:\Users\Owner\AppData\Roaming\UserTile.png
2014-03-01 17:35 - 2014-03-28 23:40 - 0000080 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2009-11-11 23:09 - 2014-11-02 09:17 - 0002690 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2011-10-27 09:32 - 2015-02-04 21:37 - 0001356 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2013-01-17 02:52 - 2015-02-04 23:04 - 0000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
2009-07-31 22:09 - 2014-12-22 00:25 - 0247296 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-15 23:27 - 2014-06-15 23:28 - 0435616 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI71E4.txt
2012-03-30 05:51 - 2012-03-30 05:52 - 0463200 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI7C85.txt
2014-06-15 23:27 - 2014-06-15 23:28 - 0014848 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI71E4.txt
2012-03-30 05:51 - 2012-03-30 05:52 - 0013952 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI7C85.txt
2015-02-02 15:48 - 2015-02-02 15:48 - 0008658 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.HTML
2015-02-02 15:48 - 2015-02-02 15:48 - 0045933 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.PNG
2015-02-02 15:48 - 2015-02-02 15:48 - 0004272 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.TXT
2015-02-02 15:48 - 2015-02-02 15:48 - 0000304 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.URL
2009-08-20 16:10 - 2009-08-20 16:10 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-02-02 15:21 - 2015-02-02 15:21 - 0008658 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-02-02 15:21 - 2015-02-02 15:21 - 0045933 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-02-02 15:21 - 2015-02-02 15:21 - 0004272 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-02-02 15:21 - 2015-02-02 15:21 - 0000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
2009-08-03 08:48 - 2012-08-02 22:38 - 0016283 _____ () C:\ProgramData\LUUnInstall.LiveUpdate

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplpvnxu.dll
C:\Users\Owner\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\MSETUP4.EXE

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-04 23:36

==================== End Of Log ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Cstevens0713

Cstevens0713
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 06 February 2015 - 02:46 PM

Bump - trying to be patient but desperately need help and no response yet...

#3 Cstevens0713

Cstevens0713
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 08 February 2015 - 04:51 PM

It's been four days now and still no response. I know you guys are volunteers but lots of people who posted after me are getting help and I feel forgotten. Won't someone please help me? I can't do any work until I get this crap off my laptop and I'm scared to use my husbands laptop for fear it will spread through our network from mine to his. Please!

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:25 PM

Posted 09 February 2015 - 10:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I strongly suggest you remove the programs using the Add/Remove Programs applet.
The are PUP (Potentially Unwanted Program) installed without your consent. Generating adds.
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Conduit Engine (HKLM-x32\...\conduitEngine) (Version: - Conduit Ltd.) <==== ATTENTION
Free File Viewer 2012 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2012.10.9.0 - Bitberry Software) <==== ATTENTION
===

After reading this topic you will understand and there is not much we can do to restore your files.
http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

The folllowing fix will remove all the bad registry entries and files found on your computer.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAC0AQQAzAFoAOAA4AC0ANgBHAEIASgBLAC0ANgBSAFcARwBBAC0AQQBNAEgAOQBQAC0AVgBBAFkAVgBIAA"&"inst=NwA2AC0AMQAyADIAMQAwADAAMgA (the data entry has 240 more characters).
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [Uxhsmedia] => regsvr32.exe C:\Users\Owner\AppData\Local\Uxhsmedia\LX___view.DLL <===== ATTENTION
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()
InternetURL: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.torpaysolutions.com/1Np19pd
URLSearchHook: HKLM-x32 - AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} -  No File
URLSearchHook: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 - (No Name) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - No File
SearchScopes: HKLM -> DefaultScope {E98BCE4D-1517-4E84-9888-B8E79ADEA8D7} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM -> {E98BCE4D-1517-4E84-9888-B8E79ADEA8D7} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM-x32 -> DefaultScope {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM-x32 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
SearchScopes: HKLM-x32 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: PDFLite Toolbar Helper -> {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} -> C:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
BHO-x32: No Name -> {78875F5C-A685-4405-8DC5-D48DC65452B0} ->  No File
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - PDFLite Toolbar - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - C:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> No Name - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> No Name - {37153479-1976-43C3-A1EE-557513977B64} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} -  No File
FF DefaultSearchEngine: Mysearchdial
FF Plugin-x32: @ei.CouponAlert_2p.com/Plugin -> C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin HKU\S-1-5-21-4063313619-1723515617-2976088434-1002: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Owner\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF Extension: CFlashFileBuilder Object - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\Extensions\{D3A6A848-B20D-62BA-1FDA-F6584BD3070C} [2014-03-22]
FF Extension: Search-Results Toolbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\Extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [2012-11-11]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} [Not Found]
CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Native Client) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll No File
CHR Plugin: (Coupon Alert Installer Plugin Stub) - C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR Extension: (Default Extension) - C:\Users\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadhdbdgdjgcgedddhdgdddbdegbdbgd [2012-06-07]
CHR Extension: (Default Extension) - C:\Users\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aaflefmnlongdfabhhcldnjeiilaclcg [2012-05-06]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\Users\Owner\AppData\Local\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [Not Found]
S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-12-03] (Coupons.com Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SABKUTIL; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
S3 SABProcEnum; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X]
S3 SVRPEDRV; \??\C:\Windows\SysWOW64\sysprep\UP_date\PEDrv.sys [X]
Task: {23A41BF3-AB2A-469D-B6F9-33E614698F1A} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {C45EC757-8256-4689-9F97-2F148AC0F531} - System32\Tasks\4704 => Wscript.exe C:\Users\Owner\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C69BEB9B-0FBC-4E91-B1B1-FB29AB6894CD} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {FD1F97B2-76A9-41B0-A072-7F56CDC20A57} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-10-13] (Bitberry Software) <==== ATTENTION
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE
AlternateDataStreams: C:\ProgramData\TEMP:66E02052
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
C:\Users\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadhdbdgdjgcgedddhdgdddbdegbdbgd
C:\Users\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aaflefmnlongdfabhhcldnjeiilaclcg
C:\ProgramData\IopfEbepu
C:\Users\Public\HELP_DECRYPT.HTML
C:\Users\Owner\Desktop\HELP_DECRYPT.HTML
C:\Users\Public\HELP_DECRYPT.TXT
C:\Users\Owner\Desktop\HELP_DECRYPT.TXT
C:\Users\Public\HELP_DECRYPT.URL
C:\Users\Owner\Desktop\HELP_DECRYPT.URL
C:\Users\Owner\HELP_DECRYPT.HTML
C:\Users\Owner\HELP_DECRYPT.TXT
C:\Users\Owner\HELP_DECRYPT.URL
C:\Users\Owner\Downloads\HELP_DECRYPT.HTML
C:\Users\Owner\Downloads\HELP_DECRYPT.TXT
C:\Users\Owner\Downloads\HELP_DECRYPT.URL
C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.HTML
C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.TXT
C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.URL
C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.HTML
C:\Users\Owner\AppData\HELP_DECRYPT.HTML
C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.TXT
C:\Users\Owner\AppData\HELP_DECRYPT.TXT
C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.URL
C:\Users\Owner\AppData\HELP_DECRYPT.URL
C:\Users\Owner\AppData\Local\HELP_DECRYPT.HTML
C:\Users\Owner\AppData\Local\HELP_DECRYPT.TXT
C:\Users\Owner\AppData\Local\HELP_DECRYPT.URL
C:\ProgramData\HELP_DECRYPT.HTML
C:\ProgramData\HELP_DECRYPT.TXT
C:\ProgramData\HELP_DECRYPT.URL
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Please post the logs and let me know what problem persists.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:25 PM

Posted 15 February 2015 - 10:18 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:25 PM

Posted 20 February 2015 - 08:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:25 PM

Posted 02 March 2015 - 07:59 AM

This topic has been re-opened at the request of the person who originally posted.

#8 Cstevens0713

Cstevens0713
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 02 March 2015 - 08:17 AM

fixlog.text:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by Owner at 2015-03-01 17:25:02 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAC0AQQAzAFoAOAA4AC0ANgBHAEIASgBLAC0ANgBSAFcARwBBAC0AQQBNAEgAOQBQAC0AVgBBAFkAVgBIAA"&"inst=NwA2AC0AMQAyADIAMQAwADAAMgA (the data entry has 240 more characters).
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [Uxhsmedia] => regsvr32.exe C:\Users\Owner\AppData\Local\Uxhsmedia\LX___view.DLL <===== ATTENTION
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()
InternetURL: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.torpaysolutions.com/1Np19pd
URLSearchHook: HKLM-x32 - AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} -  No File
URLSearchHook: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 - (No Name) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - No File
SearchScopes: HKLM -> DefaultScope {E98BCE4D-1517-4E84-9888-B8E79ADEA8D7} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM -> {E98BCE4D-1517-4E84-9888-B8E79ADEA8D7} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM-x32 -> DefaultScope {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM-x32 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
SearchScopes: HKLM-x32 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: PDFLite Toolbar Helper -> {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} -> C:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
BHO-x32: No Name -> {78875F5C-A685-4405-8DC5-D48DC65452B0} ->  No File
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - PDFLite Toolbar - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - C:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> No Name - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> No Name - {37153479-1976-43C3-A1EE-557513977B64} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} -  No File
FF DefaultSearchEngine: Mysearchdial
FF Plugin-x32: @ei.CouponAlert_2p.com/Plugin -> C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin HKU\S-1-5-21-4063313619-1723515617-2976088434-1002: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Owner\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF Extension: CFlashFileBuilder Object - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\Extensions\{D3A6A848-B20D-62BA-1FDA-F6584BD3070C} [2014-03-22]
FF Extension: Search-Results Toolbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\Extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [2012-11-11]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} [Not Found]
CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Native Client) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll No File
CHR Plugin: (Coupon Alert Installer Plugin Stub) - C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR Extension: (Default Extension) - C:\Users\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadhdbdgdjgcgedddhdgdddbdegbdbgd [2012-06-07]
CHR Extension: (Default Extension) - C:\Users\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aaflefmnlongdfabhhcldnjeiilaclcg [2012-05-06]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\Users\Owner\AppData\Local\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [Not Found]
S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-12-03] (Coupons.com Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SABKUTIL; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
S3 SABProcEnum; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X]
S3 SVRPEDRV; \??\C:\Windows\SysWOW64\sysprep\UP_date\PEDrv.sys [X]
Task: {23A41BF3-AB2A-469D-B6F9-33E614698F1A} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {C45EC757-8256-4689-9F97-2F148AC0F531} - System32\Tasks\4704 => Wscript.exe C:\Users\Owner\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C69BEB9B-0FBC-4E91-B1B1-FB29AB6894CD} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {FD1F97B2-76A9-41B0-A072-7F56CDC20A57} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-10-13] (Bitberry Software) <==== ATTENTION
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE
AlternateDataStreams: C:\ProgramData\TEMP:66E02052
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
C:\Users\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadhdbdgdjgcgedddhdgdddbdegbdbgd
C:\Users\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aaflefmnlongdfabhhcldnjeiilaclcg
C:\ProgramData\IopfEbepu
C:\Users\Public\HELP_DECRYPT.HTML
C:\Users\Owner\Desktop\HELP_DECRYPT.HTML
C:\Users\Public\HELP_DECRYPT.TXT
C:\Users\Owner\Desktop\HELP_DECRYPT.TXT
C:\Users\Public\HELP_DECRYPT.URL
C:\Users\Owner\Desktop\HELP_DECRYPT.URL
C:\Users\Owner\HELP_DECRYPT.HTML
C:\Users\Owner\HELP_DECRYPT.TXT
C:\Users\Owner\HELP_DECRYPT.URL
C:\Users\Owner\Downloads\HELP_DECRYPT.HTML
C:\Users\Owner\Downloads\HELP_DECRYPT.TXT
C:\Users\Owner\Downloads\HELP_DECRYPT.URL
C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.HTML
C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.TXT
C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.URL
C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.HTML
C:\Users\Owner\AppData\HELP_DECRYPT.HTML
C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.TXT
C:\Users\Owner\AppData\HELP_DECRYPT.TXT
C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.URL
C:\Users\Owner\AppData\HELP_DECRYPT.URL
C:\Users\Owner\AppData\Local\HELP_DECRYPT.HTML
C:\Users\Owner\AppData\Local\HELP_DECRYPT.TXT
C:\Users\Owner\AppData\Local\HELP_DECRYPT.URL
C:\ProgramData\HELP_DECRYPT.HTML
C:\ProgramData\HELP_DECRYPT.TXT
C:\ProgramData\HELP_DECRYPT.URL
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT

End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => value deleted successfully.
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => Key deleted successfully.
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Uxhsmedia => value deleted successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG => Moved successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL => Moved successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{03402f96-3dc7-4285-bc50-9e81fefafe43} => value deleted successfully.
"HKCR\CLSID\{03402f96-3dc7-4285-bc50-9e81fefafe43}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{03402f96-3dc7-4285-bc50-9e81fefafe43}" => Key deleted successfully.
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9565115d-c7d6-46d3-bd63-b67b481a4368} => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E98BCE4D-1517-4E84-9888-B8E79ADEA8D7}" => Key deleted successfully.
HKCR\CLSID\{E98BCE4D-1517-4E84-9888-B8E79ADEA8D7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7413F9FC-8E54-4c93-BEB7-1225EB0970CA}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{7413F9FC-8E54-4c93-BEB7-1225EB0970CA}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78875F5C-A685-4405-8DC5-D48DC65452B0}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{78875F5C-A685-4405-8DC5-D48DC65452B0} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7C8ACEEB-B1D8-43cc-A387-DA838515368D} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{7C8ACEEB-B1D8-43cc-A387-DA838515368D}" => Key deleted successfully.
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => value deleted successfully.
"HKCR\CLSID\{BA00B7B1-0351-477A-B948-23E3EE5A73D4}" => Key deleted successfully.
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61D1C847-DF80-423A-8C6D-DC03B97E6EBE} => value deleted successfully.
HKCR\CLSID\{61D1C847-DF80-423A-8C6D-DC03B97E6EBE} => Key not found.
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} => value deleted successfully.
HKCR\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A} => Key not found.
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value deleted successfully.
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => Key not found.
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37153479-1976-43C3-A1EE-557513977B64} => value deleted successfully.
HKCR\CLSID\{37153479-1976-43C3-A1EE-557513977B64} => Key not found.
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9565115D-C7D6-46D3-BD63-B67B481A4368} => value deleted successfully.
HKCR\CLSID\{9565115D-C7D6-46D3-BD63-B67B481A4368} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@viewpoint.com/VMP" => Key deleted successfully.
C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll => Moved successfully.
"HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator" => Key deleted successfully.
C:\Users\Owner\AppData\Roaming\CATALI~2\NPBCSK~1.DLL => Moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\user.js => Moved successfully.
C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll => Moved successfully.
C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml => Moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\Extensions\{D3A6A848-B20D-62BA-1FDA-F6584BD3070C} => Moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\Extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} => Moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} not found.
C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll not found.
c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll not found.
c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll not found.
C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll not found.
C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll not found.
C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.
c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
C:\Users\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadhdbdgdjgcgedddhdgdddbdegbdbgd => Moved successfully.
C:\Users\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aaflefmnlongdfabhhcldnjeiilaclcg => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ghnpfkmgeiojiaheaiefkilmjinpoccb" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nneajnkjbffgblleaoojgaacokifdkhm" => Key deleted successfully.
CouponPrinterService => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
SABKUTIL => Service deleted successfully.
SABProcEnum => Service deleted successfully.
SVRPEDRV => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23A41BF3-AB2A-469D-B6F9-33E614698F1A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23A41BF3-AB2A-469D-B6F9-33E614698F1A}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C45EC757-8256-4689-9F97-2F148AC0F531}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C45EC757-8256-4689-9F97-2F148AC0F531}" => Key deleted successfully.
C:\Windows\System32\Tasks\4704 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4704" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C69BEB9B-0FBC-4E91-B1B1-FB29AB6894CD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C69BEB9B-0FBC-4E91-B1B1-FB29AB6894CD}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FD1F97B2-76A9-41B0-A072-7F56CDC20A57}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD1F97B2-76A9-41B0-A072-7F56CDC20A57}" => Key deleted successfully.
C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker" => Key deleted successfully.
C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => Moved successfully.
C:\ProgramData\TEMP => ":0B174FAE" ADS removed successfully.
C:\ProgramData\TEMP => ":66E02052" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
"C:\Users\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadhdbdgdjgcgedddhdgdddbdegbdbgd" => File/Directory not found.
"C:\Users\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aaflefmnlongdfabhhcldnjeiilaclcg" => File/Directory not found.
C:\ProgramData\IopfEbepu => Moved successfully.
C:\Users\Public\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Owner\Desktop\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Public\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Owner\Desktop\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Public\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Owner\Desktop\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Owner\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Owner\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Owner\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Owner\Downloads\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Owner\Downloads\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Owner\Downloads\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Owner\AppData\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Owner\AppData\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Owner\AppData\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Owner\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Owner\AppData\Local\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Owner\AppData\Local\HELP_DECRYPT.URL => Moved successfully.
C:\ProgramData\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\HELP_DECRYPT.URL => Moved successfully.
"C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG" => File/Directory not found.
"C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT" => File/Directory not found.

The system needed a reboot.

==== End of Fixlog 17:25:06 ====

 

 

AdwCleaner.txt report:

 

# AdwCleaner v4.111 - Logfile created 01/03/2015 at 18:15:35
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : Owner - CHRISTI
# Running from : C:\Users\Owner\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\AOL Toolbar
[!] Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\ProgramData\FileCure
[!] Folder Deleted : C:\ProgramData\Viewpoint
[!] Folder Deleted : C:\ProgramData\w3i
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[!] Folder Deleted : C:\Program Files (x86)\AOL Toolbar
[!] Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\ConduitEngine
[!] Folder Deleted : C:\Program Files (x86)\delicious add-on for internet explorer
[!] Folder Deleted : C:\Program Files (x86)\Search Results Toolbar
[!] Folder Deleted : C:\Program Files (x86)\Viewpoint
[!] Folder Deleted : C:\Program Files (x86)\w3i
[!] Folder Deleted : C:\Program Files (x86)\Coupons
[!] Folder Deleted : C:\Program Files (x86)\Coupons
[!] Folder Deleted : C:\Program Files (x86)\SuperAdBlocker.com
[!] Folder Deleted : C:\Users\Owner\AppData\Local\AOL Toolbar
[!] Folder Deleted : C:\Users\Owner\AppData\Local\Babylon
[!] Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
[!] Folder Deleted : C:\Users\Owner\AppData\Local\iLivid
[!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\AVG Security Toolbar
[!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\ConduitEngine
[!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\ilividtoolbarguid
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\Babylon
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\Systweak
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\catalina – print savings
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\SuperAdBlocker.com
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_toolbar.utorrent.com_0.localstorage
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\.bdc
Key Deleted : HKLM\SOFTWARE\Classes\.bgl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKCU\Software\Bitberry
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\firstsearch
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\SuperAdBlocker.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.4
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BitTorrentControl_v12 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.1.4
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16545

-\\ Mozilla Firefox v13.0 (en-US)

[ucu2csp6.default\prefs.js] - Line Deleted : user_pref("CT3225826.embeddedsData", "[{\"appId\":\"129830626805552092\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[ucu2csp6.default\prefs.js] - Line Deleted : user_pref("CT3225826.isPerformedSmartBarTransition", "true");
[ucu2csp6.default\prefs.js] - Line Deleted : user_pref("CT3225826.mam_gk_appsData", "{\"apps\":[{\"id\":\"PriceGong\",\"url\":\"hxxp://pricegong.conduitapps.com/MAM/v1/html_comp.html\",\"optionsDialog\":{\"displayName\":\"PriceGong\",\"appDesc\"[...]
[ucu2csp6.default\prefs.js] - Line Deleted : user_pref("CT3225826.mam_gk_localization", "{\"gadgetContentPolicy\":{\"Text\":\"Content Policy\"},\"gadgetDescriptionPrimary\":{\"Text\":\"Value Apps enriches your web experience by offering you grea[...]
[ucu2csp6.default\prefs.js] - Line Deleted : user_pref("CT3225826.mam_gk_settings1.8.0.4", "{\"Status\":\"succeeded\",\"Data\":{\"interval\":240,\"stamp\":\"215_-1\",\"isTest\":false,\"isWelcomeExperienceEnabledByDefault\":true,\"HadPG\":false,\[...]
[ucu2csp6.default\prefs.js] - Line Deleted : user_pref("CT3225826.smartbar.CTID", "CT3225826");
[ucu2csp6.default\prefs.js] - Line Deleted : user_pref("CT3225826.smartbar.Uninstall", "0");
[ucu2csp6.default\prefs.js] - Line Deleted : user_pref("CT3225826.smartbar.homepage", true);
[ucu2csp6.default\prefs.js] - Line Deleted : user_pref("CT3225826.smartbar.toolbarName", "BitTorrentControl_v12 ");
[ucu2csp6.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=13");
[ucu2csp6.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "BitTorrentControl_v12 Customized Web Search");
[ucu2csp6.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&SearchSource=2&q=");
[ucu2csp6.default\prefs.js] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3225826");

-\\ Google Chrome v

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3225826
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={7FAF1B30-FF13-4842-A127-49336460978B}&mid=5ddb72ed46cc7c05195caee2f9f95e55-b97228f481952b26a3ebd8edfb43cc9d478ea21e&lang=us&ds=AVG&pr=pa&d=2011-12-06 03:27:30&v=11.1.0.12&sap=dsp&q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&AF=109930&babsrc=SP_ss&mntrId=62d4b6fa0000000000000021636dacdf
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&AF=109930&babsrc=SP_ss&mntrId=62d4b6fa0000000000000021636dacdf
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5925430258254040&q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_19_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtCyCtAyC0D0A0C0D0F0ByC0F0AtN0D0Tzu0SzzyCtDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyD0CyDzytB0FyC0EtGzztAyD0EtGtD0AyEtCtGyBtDtCyDtGtD0C0AyDtCtAzzyDyE0A0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0C0D0BzzyCtD0BtGzz0BzyyBtGtC0E0AzytGzyzz0A0CtGtDtC0DyBtCzz0DtBzyzytByB2Q&cr=1252017445&ir=
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_3&ent=ch_5036&q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : dknkjnkhedbanphkkpbpcgoblmkbfhlf
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pacgpkgadgmibnhpdidcnfafllnmeomc

*************************

AdwCleaner[R0].txt - [16343 bytes] - [01/03/2015 18:00:21]
AdwCleaner[S0].txt - [15817 bytes] - [01/03/2015 18:15:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15877  bytes] ##########



#9 Cstevens0713

Cstevens0713
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 02 March 2015 - 08:19 AM

Also, FYI, the "decrypt" files that appeared in all my files, folders and directories when I got the virus are still there.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:25 PM

Posted 02 March 2015 - 09:54 AM

Restart the computer normally.

Run the Farbar tool again and submit a fresh FRST log for my review..

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#11 Cstevens0713

Cstevens0713
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 02 March 2015 - 05:09 PM

Here's the new FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Owner (administrator) on CHRISTI on 02-03-2015 10:18:26
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Two Pilots) C:\Windows\VPDAgent_x64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1311296964\ee\aolsoftware.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [5682688 2008-01-29] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1573160 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431968 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52560 2007-12-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [518008 2008-06-02] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [865280 2008-05-09] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.)
HKLM-x32\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1311296964\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-01-29] (TOSHIBA)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [160592 2010-01-23] (Siber Systems)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-02] (Google Inc.)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [Facebook Update] => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-30] (Facebook Inc.)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-10-02] (Apple Inc.)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-04-22] (NETGEAR Inc.)
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2006-11-02] (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-4063313619-1723515617-2976088434-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> DefaultScope {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7MXGB_en
SearchScopes: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL =
SearchScopes: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7MXGB_en
SearchScopes: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> {C9909EE9-71B1-4F02-8FCC-9AABC84C97E4} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> {E0CDF45F-615C-4C0E-954D-D339B8BE76C2} URL = http://www.youtube.com/results?search_query={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
BHO-x32: No Name -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: AIM Toolbar Loader -> {b0cda128-b425-4eef-a174-61a11ac5dbf8} -> C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Toolbar: HKLM-x32 - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4063313619-1723515617-2976088434-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} http://cma2.globalcam.net:82/activex/AMC.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4063313619-1723515617-2976088434-1002: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKU\S-1-5-21-4063313619-1723515617-2976088434-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-4063313619-1723515617-2976088434-1002: google.com/WidevineMediaOptimizer -> C:\Users\Owner\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npunagi2.dll (America Online, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\googledesktop.xml
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-16]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-03]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [Not Found]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} [Not Found]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Coupon Alert Installer Plugin Stub) - C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (CFlashFileBuilder Object) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-03-22]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-11-05]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2012-09-06] (Two Pilots) [File not signed]
R2 ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [937984 2007-10-30] (Atheros Communications, Inc.) [File not signed]
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093872 2008-06-30] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [84992 2008-04-24] (Toshiba) [File not signed]
R2 TNaviSrv; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-01-21] (TOSHIBA Corporation)
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [135168 2007-11-21] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [175104 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2009-02-25] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [131632 2009-02-25] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-06-15] (CACE Technologies, Inc.)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [19544 2009-09-28] ()
R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2012-02-24] (TuneClone Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 10:16 - 2015-03-02 10:16 - 00009508 _____ () C:\Windows\WindowsUpdate.log
2015-03-01 18:44 - 2015-03-01 18:44 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\0BB72656.sys
2015-03-01 18:00 - 2015-03-01 18:16 - 00000000 ____D () C:\AdwCleaner
2015-03-01 17:52 - 2015-03-01 17:52 - 02126848 _____ () C:\Users\Owner\Desktop\adwcleaner_4.111.exe
2015-03-01 17:32 - 2015-03-01 17:32 - 00000000 _____ () C:\Users\Owner\AppData\Local\{EA2BAD89-8AA9-4856-9E3B-9AE978A92290}
2015-03-01 17:24 - 2015-03-01 17:24 - 00000000 ____D () C:\Users\Owner\Desktop\FRST-OlderVersion
2015-02-04 22:46 - 2015-02-04 22:46 - 02131968 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
2015-02-04 22:36 - 2015-03-02 10:18 - 00027023 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-02-04 22:29 - 2015-03-01 17:24 - 02092544 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-02-04 13:35 - 2015-02-04 13:35 - 00038747 _____ () C:\Users\Owner\Desktop\Addition.txt
2015-02-04 13:34 - 2015-02-04 13:34 - 00051829 _____ () C:\FRST.txt
2015-02-04 13:23 - 2015-03-02 10:18 - 00000000 ____D () C:\FRST
2015-02-03 22:04 - 2015-02-03 22:04 - 00000000 _____ () C:\autoexec.bat
2015-02-03 22:03 - 2015-02-03 22:03 - 00003324 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-02-03 22:00 - 2015-02-03 22:00 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Desktop\SpyHunter-Installer.exe
2015-02-02 16:09 - 2015-02-02 16:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Valassis
2015-02-02 16:09 - 2015-02-02 16:09 - 00000000 ____D () C:\Program Files (x86)\Valassis
2015-02-01 15:43 - 2015-02-01 15:43 - 00001815 _____ () C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2015-02-01 15:43 - 2015-02-01 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP560 series
2015-02-01 15:43 - 2015-02-01 15:43 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2015-02-01 15:42 - 2009-04-03 15:57 - 00106496 _____ (CANON INC.) C:\Windows\SysWOW64\CNC560U.dll
2015-02-01 15:42 - 2009-03-19 14:38 - 00303104 _____ (CANON INC.) C:\Windows\SysWOW64\CNC560L.dll
2015-02-01 15:42 - 2009-02-16 12:19 - 00012800 _____ () C:\Windows\SysWOW64\CNC173ED.TBL
2015-02-01 15:42 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2015-01-31 20:18 - 2015-01-31 20:18 - 00003004 _____ () C:\Windows\System32\Tasks\{4ABFC483-C4BE-4DF9-89A0-4121181AD57B}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 10:16 - 2012-09-13 15:42 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-02 10:16 - 2012-09-13 15:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-02 10:16 - 2012-05-27 01:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-02 10:16 - 2011-08-28 23:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-02 10:12 - 2009-10-11 01:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-02 10:10 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-02 10:10 - 2006-11-02 10:22 - 00005952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-02 10:10 - 2006-11-02 10:22 - 00005952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-01 19:26 - 2009-02-01 14:49 - 00000000 ____D () C:\Windows\Minidump
2015-03-01 18:44 - 2014-08-23 02:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-01 18:39 - 2011-11-03 09:23 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4063313619-1723515617-2976088434-1002UA.job
2015-03-01 18:39 - 2011-11-03 09:23 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4063313619-1723515617-2976088434-1002Core.job
2015-03-01 18:33 - 2011-11-03 09:23 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4063313619-1723515617-2976088434-1002UA
2015-03-01 18:33 - 2011-11-03 09:23 - 00003396 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4063313619-1723515617-2976088434-1002Core
2015-03-01 18:28 - 2011-06-30 09:23 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Canon
2015-03-01 18:28 - 2009-10-11 01:02 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 18:22 - 2009-10-11 01:02 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-01 18:22 - 2009-10-11 01:02 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-01 17:25 - 2009-05-20 10:45 - 00000000 ____D () C:\Users\Owner
2015-02-26 15:37 - 2011-10-27 09:32 - 00001356 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2015-02-04 23:34 - 2008-08-20 14:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-04 23:22 - 2012-10-24 11:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\BitTorrent
2015-02-04 23:04 - 2013-01-17 02:52 - 00000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
2015-02-04 12:45 - 2014-08-23 02:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-04 12:42 - 2012-05-23 10:36 - 00000000 ____D () C:\Users\Owner\AppData\Local\CRE
2015-02-04 12:09 - 2014-08-23 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-04 12:09 - 2012-05-06 15:39 - 00000912 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-03 21:59 - 2013-08-30 17:54 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4063313619-1723515617-2976088434-1002UA.job
2015-02-03 21:36 - 2011-01-15 22:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2015-02-03 18:59 - 2013-08-30 17:54 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4063313619-1723515617-2976088434-1002Core.job
2015-02-03 13:36 - 2009-07-31 20:32 - 00001839 _____ () C:\Users\Owner\Desktop\FreeCell.lnk
2015-02-03 00:04 - 2014-01-22 21:33 - 00000000 ____D () C:\Users\Owner\Pics to print
2015-02-02 22:02 - 2014-11-22 18:47 - 00000000 ____D () C:\Users\Owner\Downloads\WinRAR.5.11.32bit.64bit..FFF.Anonymous.DM999
2015-02-02 22:02 - 2014-10-20 16:00 - 00000000 ____D () C:\Users\Owner\Downloads\The.Town.That.Dreaded.Sundown.2014.READNFO.CUSTOM.HDRip.NTSC.DVDR-REKoDE
2015-02-02 21:55 - 2015-01-28 23:00 - 00000000 ____D () C:\Users\Owner\Downloads\The.Remaining.2014.BRRip.XviD.AC3-EVO
2015-02-02 21:46 - 2014-08-04 19:45 - 00000000 ____D () C:\Users\Owner\Downloads\The.Purge.Anarchy.2014.blurred Subtitles Xvid AC3-STINKBOMB
2015-02-02 21:44 - 2014-11-23 22:08 - 00000000 ____D () C:\Users\Owner\Downloads\The.November.Man.2014.DVDRip.XviD-iFT
2015-02-02 21:36 - 2015-01-26 15:58 - 00000000 ____D () C:\Users\Owner\Downloads\The Ouija Resurrection 2015 HDRIP AAC X264-KREW
2015-02-02 21:33 - 2014-11-23 22:17 - 00000000 ____D () C:\Users\Owner\Downloads\Predestination.2014.DVDRip.XviD.AC3-EVO
2015-02-02 21:24 - 2014-08-13 16:12 - 00000000 ____D () C:\Users\Owner\Downloads\Pitbull_Feat._Kesha-Timber__Remixes-WEB-2014-UKHx
2015-02-02 21:24 - 2014-05-09 18:08 - 00000000 ____D () C:\Users\Owner\Downloads\Paranormal.Activity.The.Marked.Ones.2014.Mp4.Mobile-eXceSs
2015-02-02 21:18 - 2015-01-29 01:07 - 00000000 ____D () C:\Users\Owner\Downloads\Odd Thomas-2013-DVDrip-pixie09
2015-02-02 21:16 - 2013-10-06 10:23 - 00000000 ____D () C:\Users\Owner\Downloads\Now That's What I Call The 80s
2015-02-02 21:12 - 2014-11-09 13:54 - 00000000 ____D () C:\Users\Owner\Downloads\Now That's What I Call Country - Volume 7 (2014)
2015-02-02 21:11 - 2014-11-22 18:33 - 00000000 ____D () C:\Users\Owner\Downloads\Malwarebytes.Anti-Malware.Premium.v2.0.2.1012.Multilingual.Incl.Keygen-BRD
2015-02-02 21:11 - 2014-11-02 06:34 - 00000000 ____D () C:\Users\Owner\Downloads\Left.Behind.2014.HDRip.XviD.AC3-EVO
2015-02-02 21:05 - 2014-12-21 19:54 - 00000000 ____D () C:\Users\Owner\Downloads\Jingle.All.the.Way.2.2014.HDRip.XviD-iFT
2015-02-02 20:53 - 2014-08-13 16:09 - 00000000 ____D () C:\Users\Owner\Downloads\Iggy_Azalea-The_New_Classic-Limited_Deluxe_Edition-CD-FLAC-2014-PERFECT
2015-02-02 20:45 - 2014-10-20 17:28 - 00000000 ____D () C:\Users\Owner\Downloads\Earth to Echo 2014 720p BluRay x264 AAC - Ozlem
2015-02-02 20:42 - 2014-11-02 01:47 - 00000000 ____D () C:\Users\Owner\Downloads\Dont.Blink.2014.HDRip.XviD-ViP3R
2015-02-02 20:38 - 2014-11-09 13:16 - 00000000 ____D () C:\Users\Owner\Downloads\Brantley Gilbert - Just As I Am [2014-MP3-320]
2015-02-02 17:55 - 2011-11-03 09:24 - 00002053 _____ () C:\Users\Owner\Desktop\Google Chrome.lnk
2015-02-02 16:55 - 2012-12-10 19:57 - 00000000 ____D () C:\Users\Owner\Desktop\Documents\Neat Data
2015-02-02 16:55 - 2010-01-23 04:42 - 00000000 ____D () C:\Users\Owner\Desktop\Documents\My RoboForm Data
2015-02-02 16:53 - 2013-01-20 20:21 - 00000000 ____D () C:\Users\Owner\Desktop\Documents\Farm Files
2015-02-02 16:53 - 2012-06-24 01:02 - 00000000 ____D () C:\Users\Owner\Desktop\Convert to iTunes
2015-02-02 16:53 - 2009-07-31 21:06 - 00000000 ____D () C:\Users\Owner\Desktop\Documents\DivXAudioCompressor_4.02
2015-02-02 16:02 - 2010-04-18 20:26 - 00000000 ____D () C:\Users\Owner\Desktop\All Music Backup
2015-02-02 15:58 - 2011-02-19 16:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TOSHIBA
2015-02-02 15:58 - 2009-07-31 21:12 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\UseNeXT
2015-02-02 15:57 - 2009-08-21 04:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Real
2015-02-02 15:57 - 2009-08-05 18:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2015-02-02 15:56 - 2014-08-23 05:12 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Hobbyist Software
2015-02-02 15:56 - 2014-08-22 23:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2015-02-02 15:56 - 2009-07-31 22:26 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Apple Computer
2015-02-02 15:55 - 2009-07-31 23:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AOL
2015-02-02 15:55 - 2009-07-31 19:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe
2015-02-02 15:48 - 2014-06-15 23:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\NETGEARGenie
2015-02-02 15:48 - 2014-03-22 02:32 - 00000000 ____D () C:\Users\Owner\AppData\Local\Uxhsmedia
2015-02-02 15:47 - 2009-11-27 17:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Games
2015-02-02 15:47 - 2009-08-05 18:42 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
2015-02-02 15:23 - 2009-05-20 14:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2015-02-02 15:22 - 2013-08-30 17:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\Facebook
2015-02-02 15:22 - 2009-07-31 22:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple Computer
2015-02-02 15:21 - 2014-05-09 20:42 - 00000000 ____D () C:\Users\Owner\AppData\Local\7B0D958E-E6E7-42F7-A538-7E874F6C82AE.aplzod
2015-02-02 15:21 - 2009-08-20 16:05 - 00000000 ____D () C:\ProgramData\Skype
2015-02-02 15:21 - 2009-07-31 23:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\AOL
2015-02-02 15:20 - 2009-07-31 23:44 - 00000000 ____D () C:\ProgramData\AOL
2015-02-01 21:30 - 2011-12-09 21:12 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-01 17:18 - 2015-01-30 17:49 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-02-01 15:45 - 2006-11-02 10:42 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-01 15:43 - 2010-10-16 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
2015-02-01 15:43 - 2010-10-16 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-02-01 15:43 - 2010-10-16 12:06 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-02-01 15:43 - 2006-11-02 08:33 - 00000000 __RSD () C:\Windows\Media

==================== Files in the root of some directories =======

2015-02-02 15:58 - 2015-02-02 15:58 - 0045933 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.PNG
2009-08-04 09:06 - 2009-11-24 18:48 - 0026311 _____ () C:\Users\Owner\AppData\Roaming\UserTile.png
2014-03-01 17:35 - 2014-03-28 23:40 - 0000080 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2009-11-11 23:09 - 2014-11-02 09:17 - 0002690 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2011-10-27 09:32 - 2015-02-26 15:37 - 0001356 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2013-01-17 02:52 - 2015-02-04 23:04 - 0000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
2009-07-31 22:09 - 2014-12-22 00:25 - 0247296 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-15 23:27 - 2014-06-15 23:28 - 0435616 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI71E4.txt
2012-03-30 05:51 - 2012-03-30 05:52 - 0463200 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI7C85.txt
2014-06-15 23:27 - 2014-06-15 23:28 - 0014848 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI71E4.txt
2012-03-30 05:51 - 2012-03-30 05:52 - 0013952 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI7C85.txt
2015-02-02 15:48 - 2015-02-02 15:48 - 0045933 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.PNG
2015-03-01 17:32 - 2015-03-01 17:32 - 0000000 _____ () C:\Users\Owner\AppData\Local\{EA2BAD89-8AA9-4856-9E3B-9AE978A92290}
2009-08-20 16:10 - 2009-08-20 16:10 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-02-02 15:21 - 2015-02-02 15:21 - 0045933 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2009-08-03 08:48 - 2012-08-02 22:38 - 0016283 _____ () C:\ProgramData\LUUnInstall.LiveUpdate

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphwpmjd.dll
C:\Users\Owner\AppData\Local\Temp\GURC2B2.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-02 10:16

==================== End Of Log ============================



#12 Cstevens0713

Cstevens0713
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 02 March 2015 - 05:25 PM

Computer seems to be running fine but I still have the HELP_DECRYPT files in my directories and folders where the encrypted files are located. What do I do about those? Just delete them? How do I know when this virus is gone?

 

 

Security Check Results:

 

Results of screen317's Security Check version 0.99.97 
 Windows Vista Service Pack 2 x64 (UAC is enabled) 
 Internet Explorer 5 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
  Java 64-bit 8 Update 31 
 Adobe Flash Player  16.0.0.305 
 Adobe Reader 10.1.13 Adobe Reader out of Date! 
 Mozilla Firefox 13.0 Firefox out of Date! 
 Google Chrome (40.0.2214.115)
 Google Chrome (40.0.2214.94)
 Google Chrome (HELP_DECRYPT.HTML..)
 Google Chrome (HELP_DECRYPT.PNG..)
 Google Chrome (HELP_DECRYPT.TXT..)
 Google Chrome (HELP_DECRYPT.URL..)
 Google Chrome (plugins...)
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSASCui.exe
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
 Windows Defender MSASCui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 53 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:25 PM

Posted 03 March 2015 - 08:16 AM

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

HELP_DECRYPT files in my directories and folders where the encrypted files are located. What do I do about those? Just delete them?

This fix will remove them.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [Not Found]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} [Not Found]
CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Native Client) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll No File
CHR Plugin: (Coupon Alert Installer Plugin Stub) - C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphwpmjd.dll
C:\Users\Owner\AppData\Local\Temp\GURC2B2.exe
C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.PNG
C:\ProgramData\HELP_DECRYPT.PNG
C:\Users\Public\HELP_DECRYPT.HTML
C:\Users\Owner\Desktop\HELP_DECRYPT.HTML
C:\Users\Public\HELP_DECRYPT.TXT
C:\Users\Owner\Desktop\HELP_DECRYPT.TXT
C:\Users\Public\HELP_DECRYPT.URL
C:\Users\Owner\Desktop\HELP_DECRYPT.URL
C:\Users\Owner\HELP_DECRYPT.HTML
C:\Users\Owner\HELP_DECRYPT.TXT
C:\Users\Owner\HELP_DECRYPT.URL
C:\Users\Owner\Downloads\HELP_DECRYPT.HTML
C:\Users\Owner\Downloads\HELP_DECRYPT.TXT
C:\Users\Owner\Downloads\HELP_DECRYPT.URL
C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.HTML
C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.TXT
C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.URL
C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.HTML
C:\Users\Owner\AppData\HELP_DECRYPT.HTML
C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.TXT
C:\Users\Owner\AppData\HELP_DECRYPT.TXT
C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.URL
C:\Users\Owner\AppData\HELP_DECRYPT.URL
C:\Users\Owner\AppData\Local\HELP_DECRYPT.HTML
C:\Users\Owner\AppData\Local\HELP_DECRYPT.TXT
C:\Users\Owner\AppData\Local\HELP_DECRYPT.URL
C:\ProgramData\HELP_DECRYPT.HTML
C:\ProgramData\HELP_DECRYPT.TXT
C:\ProgramData\HELP_DECRYPT.URL

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

#14 Cstevens0713

Cstevens0713
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 03 March 2015 - 10:18 AM

OK I installed Adobe Reader ran Farbar and rebooted. The fixlog is below. I'm still seeing the same four DECRYPT files in folders like photo and music folders but I'm guessing that just means those folders are encrypted and nothing can be done right? So just delete them? How do I know when the actual virus is gone and all I'm left with is the encrypted files it left behind? (Thanks again for all your help!)

 

Fixlog results:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by Owner at 2015-03-03 09:57:30 Run:2
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [Not Found]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} [Not Found]
CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Native Client) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll No File
CHR Plugin: (Coupon Alert Installer Plugin Stub) - C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphwpmjd.dll
C:\Users\Owner\AppData\Local\Temp\GURC2B2.exe
C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.PNG
C:\ProgramData\HELP_DECRYPT.PNG
C:\Users\Public\HELP_DECRYPT.HTML
C:\Users\Owner\Desktop\HELP_DECRYPT.HTML
C:\Users\Public\HELP_DECRYPT.TXT
C:\Users\Owner\Desktop\HELP_DECRYPT.TXT
C:\Users\Public\HELP_DECRYPT.URL
C:\Users\Owner\Desktop\HELP_DECRYPT.URL
C:\Users\Owner\HELP_DECRYPT.HTML
C:\Users\Owner\HELP_DECRYPT.TXT
C:\Users\Owner\HELP_DECRYPT.URL
C:\Users\Owner\Downloads\HELP_DECRYPT.HTML
C:\Users\Owner\Downloads\HELP_DECRYPT.TXT
C:\Users\Owner\Downloads\HELP_DECRYPT.URL
C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.HTML
C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.TXT
C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.URL
C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.HTML
C:\Users\Owner\AppData\HELP_DECRYPT.HTML
C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.TXT
C:\Users\Owner\AppData\HELP_DECRYPT.TXT
C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.URL
C:\Users\Owner\AppData\HELP_DECRYPT.URL
C:\Users\Owner\AppData\Local\HELP_DECRYPT.HTML
C:\Users\Owner\AppData\Local\HELP_DECRYPT.TXT
C:\Users\Owner\AppData\Local\HELP_DECRYPT.URL
C:\ProgramData\HELP_DECRYPT.HTML
C:\ProgramData\HELP_DECRYPT.TXT
C:\ProgramData\HELP_DECRYPT.URL

End
*****************

Processes closed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ef64538-8b54-4573-b48f-4d34b0238ab2}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{3ef64538-8b54-4573-b48f-4d34b0238ab2}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}" => Key deleted successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} not found.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ucu2csp6.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} not found.
C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll not found.
c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll not found.
c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll not found.
C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll not found.
C:\Users\Owner\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll not found.
C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.
c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll not found.
"C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphwpmjd.dll" => File/Directory not found.
C:\Users\Owner\AppData\Local\Temp\GURC2B2.exe => Moved successfully.
C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.PNG => Moved successfully.
C:\ProgramData\HELP_DECRYPT.PNG => Moved successfully.
"C:\Users\Public\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\Owner\Desktop\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\Public\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\Owner\Desktop\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\Public\HELP_DECRYPT.URL" => File/Directory not found.
"C:\Users\Owner\Desktop\HELP_DECRYPT.URL" => File/Directory not found.
"C:\Users\Owner\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\Owner\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\Owner\HELP_DECRYPT.URL" => File/Directory not found.
"C:\Users\Owner\Downloads\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\Owner\Downloads\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\Owner\Downloads\HELP_DECRYPT.URL" => File/Directory not found.
"C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\Owner\Desktop\Documents\HELP_DECRYPT.URL" => File/Directory not found.
"C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\Owner\AppData\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\Owner\AppData\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.URL" => File/Directory not found.
"C:\Users\Owner\AppData\HELP_DECRYPT.URL" => File/Directory not found.
"C:\Users\Owner\AppData\Local\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\Owner\AppData\Local\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\Owner\AppData\Local\HELP_DECRYPT.URL" => File/Directory not found.
"C:\ProgramData\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\ProgramData\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\ProgramData\HELP_DECRYPT.URL" => File/Directory not found.

The system needed a reboot.

==== End of Fixlog 09:57:32 ====



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:25 PM

Posted 03 March 2015 - 02:27 PM

All the virus does is encrypt your files.

Delete the remnant folders that you find.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users