Jump to content

multiple internet explorer apps running

treefarm

By treefarm
in Resolved Malware Removal Logs

 Share

Recommended Posts

treefarm

treefarm

Posted
Posted

I have cleaned my system with almost every one of the forum suggestions (many issues fixed, including a version of crypto that locked a bunch of my datat and jpeg files). I am running premium malwarebytes and kaspersky pure 3.0 but approx 10 internet explorer apps continue to show up in task manager after a new reboot? FRST and addition text attached, thanks in advance  Addition.txtFRST.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs in your next reply, also give an update on any remaining issues or concerns....

 

Kevin.....

Link to post
Share on other sites
treefarm

treefarm

Posted
  • Author
Posted

Kevin, I ran your fixlist using FRST and it appears to have cured the problem, I hope it sticks. i have attached the fixlog in case it has value to your efforts. Lets hope this is done and I will sending you a little stipend for the effort. Thank you again for the good work!

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Scott at 2014-11-02 13:18:50 Run:1
Running from C:\Users\Scott\Downloads
Loaded Profile: Scott (Available profiles: Scott & QBDataServiceUser22)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *?* <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1731095417-3852314170-1902563222-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [X]
2014-10-26 18:39 - 2014-10-26 18:39 - 00000028 _____ () C:\windows\SysWOW64\u
2014-10-26 17:51 - 2014-10-26 17:51 - 00070656 _____ () C:\windows\system32\jzxggq.dll
2014-10-26 17:51 - 2014-10-26 17:51 - 00003858 _____ () C:\windows\System32\Tasks\{FD86A472-F3A0-1AAE-531D-879D00393C2D}
2014-10-26 17:51 - 2014-10-26 17:51 - 00000000 _____ () C:\windows\system32\uzwhy.dll
2014-10-24 10:34 - 2014-10-24 10:34 - 00000944 ____H () C:\ProgramData\@system2.att
2014-10-24 10:31 - 2014-10-28 06:39 - 00000000 ____D () C:\47a52c0
2014-10-24 10:17 - 2014-10-30 19:56 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
C:\ProgramData\flashax10.exe
Task: {D1540F44-129F-484E-AAEF-EF6D48808AD9} - System32\Tasks\{FD86A472-F3A0-1AAE-531D-879D00393C2D} => C:\windows\system32\jzxggq.dll [2014-10-26] ()
C:\windows\system32\jzxggq.dll
EmptyTemp:
End
 
 
*****************
 
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1731095417-3852314170-1902563222-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
catchme => Service deleted successfully.
TrueSight => Service deleted successfully.
C:\windows\SysWOW64\u => Moved successfully.
C:\windows\system32\jzxggq.dll => Moved successfully.
C:\windows\System32\Tasks\{FD86A472-F3A0-1AAE-531D-879D00393C2D} => Moved successfully.
Could not move "C:\windows\system32\uzwhy.dll" => Scheduled to move on reboot.
C:\ProgramData\@system2.att => Moved successfully.
C:\47a52c0 => Moved successfully.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.
C:\ProgramData\flashax10.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1540F44-129F-484E-AAEF-EF6D48808AD9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1540F44-129F-484E-AAEF-EF6D48808AD9}" => Key deleted successfully.
C:\Windows\System32\Tasks\{FD86A472-F3A0-1AAE-531D-879D00393C2D} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FD86A472-F3A0-1AAE-531D-879D00393C2D}" => Key deleted successfully.
"C:\windows\system32\jzxggq.dll" => File/Directory not found.
EmptyTemp: => Removed 105.5 MB temporary data.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-02 13:24:35)<=
 
C:\windows\system32\uzwhy.dll => Is moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites
treefarm

treefarm

Posted
  • Author
Posted

I will run the other steps, just to be sure. This is the malware text;

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/2/2014
Scan Time: 1:32:02 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.02.05
Rootkit Database: v2014.11.01.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Scott
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 399593
Time Elapsed: 25 min, 16 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites
treefarm

treefarm

Posted
  • Author
Posted

junkware removal text is attached. i will again run the the microsoft "malicious software removal tool" as directed, but i have no faith in it, i ran it a few days ago and it found nothing, I then found and deleted hundreds and hundreds of install_tor files that were no doubt responsible for encrypting most/all of my doc and jpeg files.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 7 Home Premium x64
Ran by Scott on Sun 11/02/2014 at 18:12:57.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/02/2014 at 18:16:37.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites
treefarm

treefarm

Posted
  • Author
Posted

microsoft log, thanks again!

 

 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.7, April 2012
Started On Tue May 01 13:10:29 2012
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue May 01 13:12:20 2012
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.8, May 2012
Started On Fri May 11 03:11:01 2012
->Scan ERROR: resource process://pid:5448 (code 0x00000490 (1168))
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 11 03:12:52 2012
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.9, June 2012
Started On Wed Jun 13 03:06:47 2012
->Scan ERROR: resource process://pid:5880 (code 0x00000005 (5))
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 13 03:10:08 2012
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.10, July 2012
Started On Wed Jul 11 03:05:58 2012
->Scan ERROR: resource process://pid:8892 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:2128 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:7628 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:2120 (code 0x00000490 (1168))
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 11 03:12:33 2012
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.11, August 2012
Started On Thu Aug 16 03:00:33 2012
->Scan ERROR: resource process://pid:6340 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:6392 (code 0x00000490 (1168))
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 16 03:03:31 2012
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.12, September 2012
Started On Thu Sep 13 03:01:27 2012
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 13 03:03:24 2012
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.13, October 2012
Started On Thu Oct 11 03:05:54 2012
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 11 03:07:57 2012
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.14, November 2012
Started On Fri Nov 16 03:03:09 2012
->Scan ERROR: resource process://pid:6596 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2504 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:5604 (code 0x00000490 (1168))
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Nov 16 03:05:37 2012
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.15, December 2012
Started On Thu Dec 13 03:06:10 2012
->Scan ERROR: resource process://pid:4616 (code 0x00000005 (5))
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 13 03:08:28 2012
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.16, January 2013
Started On Mon Jan 21 08:06:10 2013
->Scan ERROR: resource process://pid:11384 (code 0x00000005 (5))
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon Jan 21 08:08:36 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.17, February 2013
Started On Wed Feb 13 03:06:34 2013
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 13 03:09:39 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.18, March 2013
Started On Wed Mar 13 03:04:54 2013
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 13 03:07:20 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.19, April 2013
Started On Wed Apr 10 03:03:21 2013
->Scan ERROR: resource process://pid:11816 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4452 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:9464 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:10856 (code 0x00000490 (1168))
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 10 03:05:57 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.20, May 2013
Started On Thu May 16 03:07:49 2013
->Scan ERROR: resource process://pid:9488 (code 0x00000005 (5))
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 16 03:10:53 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.21, June 2013
Started On Wed Jun 12 03:02:27 2013
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 12 03:05:16 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
 
Microsoft Windows Malicious Software Removal Tool v4.22, July 2013
Started On Thu Jul 11 03:12:05 2013
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 11 03:15:36 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.2, July 2013 (build 5.2.9201.0)
Started On Thu Jul 18 03:01:50 2013
 
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 18 03:04:42 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0)
Started On Wed Aug 14 03:02:49 2013
 
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 14 03:05:56 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0)
Started On Thu Sep 12 03:08:39 2013
 
Engine: 1.1.9800.0
Signatures: 1.157.932.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 12 03:12:00 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0)
Started On Wed Oct 09 03:04:04 2013
 
Engine: 1.1.9901.0
Signatures: 1.159.530.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 09 03:07:13 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)
Started On Wed Nov 13 03:02:29 2013
 
Engine: 1.1.10003.0
Signatures: 1.161.1618.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 13 03:05:34 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0)
Started On Sun Dec 15 10:23:23 2013
 
Engine: 1.1.10100.0
Signatures: 1.163.1013.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Dec 15 10:28:27 2013
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0)
Started On Thu Jan 16 03:01:32 2014
 
Engine: 1.1.10201.0
Signatures: 1.165.1273.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 16 03:05:46 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0)
Started On Sun Feb 16 03:05:03 2014
 
Engine: 1.1.10201.0
Signatures: 1.165.3163.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 16 03:08:11 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)
Started On Wed Mar 19 03:00:47 2014
 
Engine: 1.1.10302.0
Signatures: 1.167.1001.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 19 03:04:39 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0)
Started On Thu Apr 10 03:04:13 2014
 
Engine: 1.1.10401.0
Signatures: 1.169.1258.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 10 03:08:01 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0)
Started On Thu May 15 03:03:34 2014
 
Engine: 1.1.10502.0
Signatures: 1.173.1305.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 15 03:09:05 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0)
Started On Wed Jun 11 03:09:40 2014
 
Engine: 1.1.10600.0
Signatures: 1.175.1113.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 11 03:12:30 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0)
Started On Fri Jul 25 07:13:11 2014
 
Engine: 1.1.10701.0
Signatures: 1.177.949.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jul 25 07:16:37 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)
Started On Wed Aug 13 03:08:19 2014
 
Engine: 1.1.10802.0
Signatures: 1.179.1796.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 13 03:17:39 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
Started On Wed Sep 10 03:02:45 2014
 
Engine: 1.1.10904.0
Signatures: 1.183.882.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 10 03:11:33 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)
Started On Thu Oct 16 03:01:07 2014
 
Engine: 1.1.11005.0
Signatures: 1.185.2035.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 16 03:08:50 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)
Started On Wed Oct 29 08:10:26 2014
 
Engine: 1.1.11005.0
Signatures: 1.185.2035.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 30 07:29:22 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)
Started On Sun Nov 02 18:22:41 2014
 
Engine: 1.1.11005.0
Signatures: 1.185.2035.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Nov 02 18:23:10 2014
 
 
Return code: 0 (0x0)
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)
Started On Sun Nov 02 18:23:18 2014
 
Engine: 1.1.11005.0
Signatures: 1.185.2035.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Nov 02 18:29:04 2014
 
 
Return code: 0 (0x0)
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Excellent, thanks for the logs. All looks good now, clean up as follows...

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we can close out, thanks,

 

Kevin....

Link to post
Share on other sites
treefarm

treefarm

Posted
  • Author
Posted

Delfix was great and did what I was already thinking about, but a lot faster, and a ton better too!.

 

YES, we can close this out. Anyone who reads this should have at least 2 separate back up systems that are NOT connected to the system all the time. The crypto locker variant that attacked my machine/data got into my external drive too!

 

Thanks again 

Link to post
Share on other sites
  • 3 weeks later...
LDTate

LDTate

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.