treefarm

Delfix was great and did what I was already thinking about, but a lot faster, and a ton better too!. YES, we can close this out. Anyone who reads this should have at least 2 separate back up systems that are NOT connected to the system all the time. The crypto locker variant that attacked my machine/data got into my external drive too! Thanks again

microsoft log, thanks again! --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.7, April 2012Started On Tue May 01 13:10:29 2012 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Tue May 01 13:12:20 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.8, May 2012Started On Fri May 11 03:11:01 2012->Scan ERROR: resource process://pid:5448 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri May 11 03:12:52 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.9, June 2012Started On Wed Jun 13 03:06:47 2012->Scan ERROR: resource process://pid:5880 (code 0x00000005 (5)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 13 03:10:08 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.10, July 2012Started On Wed Jul 11 03:05:58 2012->Scan ERROR: resource process://pid:8892 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:2128 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:7628 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:2120 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 11 03:12:33 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.11, August 2012Started On Thu Aug 16 03:00:33 2012->Scan ERROR: resource process://pid:6340 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:6392 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 16 03:03:31 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.12, September 2012Started On Thu Sep 13 03:01:27 2012 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 13 03:03:24 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.13, October 2012Started On Thu Oct 11 03:05:54 2012 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 11 03:07:57 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.14, November 2012Started On Fri Nov 16 03:03:09 2012->Scan ERROR: resource process://pid:6596 (code 0x00000005 (5))->Scan ERROR: resource process://pid:2504 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:5604 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri Nov 16 03:05:37 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.15, December 2012Started On Thu Dec 13 03:06:10 2012->Scan ERROR: resource process://pid:4616 (code 0x00000005 (5)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 13 03:08:28 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.16, January 2013Started On Mon Jan 21 08:06:10 2013->Scan ERROR: resource process://pid:11384 (code 0x00000005 (5)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Mon Jan 21 08:08:36 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.17, February 2013Started On Wed Feb 13 03:06:34 2013 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 13 03:09:39 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.18, March 2013Started On Wed Mar 13 03:04:54 2013 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 13 03:07:20 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.19, April 2013Started On Wed Apr 10 03:03:21 2013->Scan ERROR: resource process://pid:11816 (code 0x00000005 (5))->Scan ERROR: resource process://pid:4452 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:9464 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:10856 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 10 03:05:57 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.20, May 2013Started On Thu May 16 03:07:49 2013->Scan ERROR: resource process://pid:9488 (code 0x00000005 (5)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu May 16 03:10:53 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.21, June 2013Started On Wed Jun 12 03:02:27 2013 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 12 03:05:16 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.22, July 2013Started On Thu Jul 11 03:12:05 2013 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 11 03:15:36 2013 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.2, July 2013 (build 5.2.9201.0)Started On Thu Jul 18 03:01:50 2013 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 18 03:04:42 2013 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0)Started On Wed Aug 14 03:02:49 2013 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 14 03:05:56 2013 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0)Started On Thu Sep 12 03:08:39 2013 Engine: 1.1.9800.0Signatures: 1.157.932.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 12 03:12:00 2013 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0)Started On Wed Oct 09 03:04:04 2013 Engine: 1.1.9901.0Signatures: 1.159.530.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 09 03:07:13 2013 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)Started On Wed Nov 13 03:02:29 2013 Engine: 1.1.10003.0Signatures: 1.161.1618.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 13 03:05:34 2013 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0)Started On Sun Dec 15 10:23:23 2013 Engine: 1.1.10100.0Signatures: 1.163.1013.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sun Dec 15 10:28:27 2013 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0)Started On Thu Jan 16 03:01:32 2014 Engine: 1.1.10201.0Signatures: 1.165.1273.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 16 03:05:46 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0)Started On Sun Feb 16 03:05:03 2014 Engine: 1.1.10201.0Signatures: 1.165.3163.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 16 03:08:11 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)Started On Wed Mar 19 03:00:47 2014 Engine: 1.1.10302.0Signatures: 1.167.1001.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 19 03:04:39 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0)Started On Thu Apr 10 03:04:13 2014 Engine: 1.1.10401.0Signatures: 1.169.1258.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 10 03:08:01 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0)Started On Thu May 15 03:03:34 2014 Engine: 1.1.10502.0Signatures: 1.173.1305.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu May 15 03:09:05 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0)Started On Wed Jun 11 03:09:40 2014 Engine: 1.1.10600.0Signatures: 1.175.1113.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 11 03:12:30 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0)Started On Fri Jul 25 07:13:11 2014 Engine: 1.1.10701.0Signatures: 1.177.949.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri Jul 25 07:16:37 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)Started On Wed Aug 13 03:08:19 2014 Engine: 1.1.10802.0Signatures: 1.179.1796.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 13 03:17:39 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)Started On Wed Sep 10 03:02:45 2014 Engine: 1.1.10904.0Signatures: 1.183.882.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 10 03:11:33 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Thu Oct 16 03:01:07 2014 Engine: 1.1.11005.0Signatures: 1.185.2035.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 16 03:08:50 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Wed Oct 29 08:10:26 2014 Engine: 1.1.11005.0Signatures: 1.185.2035.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 30 07:29:22 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Sun Nov 02 18:22:41 2014 Engine: 1.1.11005.0Signatures: 1.185.2035.0Microsoft Windows Malicious Software Removal Tool Finished On Sun Nov 02 18:23:10 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Sun Nov 02 18:23:18 2014 Engine: 1.1.11005.0Signatures: 1.185.2035.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sun Nov 02 18:29:04 2014 Return code: 0 (0x0)

junkware removal text is attached. i will again run the the microsoft "malicious software removal tool" as directed, but i have no faith in it, i ran it a few days ago and it found nothing, I then found and deleted hundreds and hundreds of install_tor files that were no doubt responsible for encrypting most/all of my doc and jpeg files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.3.5 (10.31.2014:1)OS: Windows 7 Home Premium x64Ran by Scott on Sun 11/02/2014 at 18:12:57.97~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 11/02/2014 at 18:16:37.96End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I will run the other steps, just to be sure. This is the malware text; Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 11/2/2014Scan Time: 1:32:02 PMLogfile: Administrator: Yes Version: 2.00.3.1025Malware Database: v2014.11.02.05Rootkit Database: v2014.11.01.02License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Scott Scan Type: Threat ScanResult: CompletedObjects Scanned: 399593Time Elapsed: 25 min, 16 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)

Kevin, I ran your fixlist using FRST and it appears to have cured the problem, I hope it sticks. i have attached the fixlog in case it has value to your efforts. Lets hope this is done and I will sending you a little stipend for the effort. Thank you again for the good work! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014Ran by Scott at 2014-11-02 13:18:50 Run:1Running from C:\Users\Scott\DownloadsLoaded Profile: Scott (Available profiles: Scott & QBDataServiceUser22)Boot Mode: Normal============================================== Content of fixlist:*****************StartHKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.com <====== ATTENTIONHKLM Group Policy restriction on software: syskey.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: syskey.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.com <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.com <====== ATTENTIONHKLM Group Policy restriction on software: cipher.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *?* <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.com <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTIONHKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.com <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.com <====== ATTENTIONHKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.com <====== ATTENTIONHKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTIONHKLM Group Policy restriction on software: cipher.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.com <====== ATTENTIONHKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.com <====== ATTENTIONHKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTIONHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1731095417-3852314170-1902563222-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONS3 catchme; \??\C:\ComboFix\catchme.sys [X]U3 TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [X]2014-10-26 18:39 - 2014-10-26 18:39 - 00000028 _____ () C:\windows\SysWOW64\u2014-10-26 17:51 - 2014-10-26 17:51 - 00070656 _____ () C:\windows\system32\jzxggq.dll2014-10-26 17:51 - 2014-10-26 17:51 - 00003858 _____ () C:\windows\System32\Tasks\{FD86A472-F3A0-1AAE-531D-879D00393C2D}2014-10-26 17:51 - 2014-10-26 17:51 - 00000000 _____ () C:\windows\system32\uzwhy.dll2014-10-24 10:34 - 2014-10-24 10:34 - 00000944 ____H () C:\ProgramData\@system2.att2014-10-24 10:31 - 2014-10-28 06:39 - 00000000 ____D () C:\47a52c02014-10-24 10:17 - 2014-10-30 19:56 - 00000000 ____D () C:\ProgramData\Windows Genuine AdvantageC:\ProgramData\flashax10.exeTask: {D1540F44-129F-484E-AAEF-EF6D48808AD9} - System32\Tasks\{FD86A472-F3A0-1AAE-531D-879D00393C2D} => C:\windows\system32\jzxggq.dll [2014-10-26] ()C:\windows\system32\jzxggq.dllEmptyTemp:End ***************** HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully."HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully."HKU\S-1-5-21-1731095417-3852314170-1902563222-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.catchme => Service deleted successfully.TrueSight => Service deleted successfully.C:\windows\SysWOW64\u => Moved successfully.C:\windows\system32\jzxggq.dll => Moved successfully.C:\windows\System32\Tasks\{FD86A472-F3A0-1AAE-531D-879D00393C2D} => Moved successfully.Could not move "C:\windows\system32\uzwhy.dll" => Scheduled to move on reboot.C:\ProgramData\@system2.att => Moved successfully.C:\47a52c0 => Moved successfully.C:\ProgramData\Windows Genuine Advantage => Moved successfully.C:\ProgramData\flashax10.exe => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1540F44-129F-484E-AAEF-EF6D48808AD9}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1540F44-129F-484E-AAEF-EF6D48808AD9}" => Key deleted successfully.C:\Windows\System32\Tasks\{FD86A472-F3A0-1AAE-531D-879D00393C2D} not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FD86A472-F3A0-1AAE-531D-879D00393C2D}" => Key deleted successfully."C:\windows\system32\jzxggq.dll" => File/Directory not found.EmptyTemp: => Removed 105.5 MB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-02 13:24:35)<= C:\windows\system32\uzwhy.dll => Is moved successfully. ==== End of Fixlog ====

Kevin, i just don't see the fixlist.txt file, did i miss something?

I have cleaned my system with almost every one of the forum suggestions (many issues fixed, including a version of crypto that locked a bunch of my datat and jpeg files). I am running premium malwarebytes and kaspersky pure 3.0 but approx 10 internet explorer apps continue to show up in task manager after a new reboot? FRST and addition text attached, thanks in advance Addition.txtFRST.txt