1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HELP-DECRYPT - Help, I don't understand what to do.

Discussion in 'Virus & Other Malware Removal' started by midser, Mar 4, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. midser

    midser Thread Starter

    Joined:
    Jan 3, 2012
    Messages:
    99
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz, x86 Family 6 Model 15 Stepping 13
    Processor Count: 2
    RAM: 2047 Mb
    Graphics Card: NVIDIA GeForce 7300 SE/7200 GS, 512 Mb
    Hard Drives: C: Total - 238472 MB, Free - 204310 MB;
    Motherboard: MSI, MS-7267
    Antivirus: Panda Antivirus Pro 2014, Updated: Yes, On-Demand Scanner: Enabled

    I went into a previous help question about this HELP-DECRYPYT but don't understand the answer. Do I go into Farbar Recovery website? This problem happened after I went into Spyware to check if any spyware so am thinking that they are corrupted. I also have Panda and have just completed a complete scan from them but they say that there are no threats, etc. WORD will not open the documents and this HELP-DECRYPT have files everywhere. Also, my pictures will not preview, etc.

    I did read one of these HELP-DECRYPT documents and they want $500. Fortunately, I had just bought another computer and have transferred a lot of my files to it so all is not lost but I still have some on this computer as I like the workings of my old XP and would like it fixed (I will not pay $500.00 though, will just take my loss if necessary).

    Help Help !! Thanks.
    Midser
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Welcome . :)

    Unfortunately we have not been able to find a solution to this issue. Click here for information and some guidelines concerning this virus. If the recommendations there won't help, we can always remove the pup-ups created by the infection. How big is the loss?

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also produce another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.

    Once the above has finished, while on FRST, type the following in the edit box on FRST, after "Search:".

    HELP_DECRYPT.*

    It then should look like:

    Search: HELP_DECRYPT.*

    Click Search Files button and post the log (Search.txt) it makes on the same location FRST is saved in your next reply.
     
  3. midser

    midser Thread Starter

    Joined:
    Jan 3, 2012
    Messages:
    99
    Thanks for your reply, I really appreciate it. Have been into one of the sites, will try the others tomorrow. By the way, in my address space on the net, it is now coming up "InPrivate" and I don't want it as feel they are checking my websites, etc. but when I go in to switch it Off and click the Off, and then O.K. it is still not going off. Any suggestions?

    Thanks
    Midser
     
  4. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    I don't understand your question. Are you referring to the htpps?
     
  5. midser

    midser Thread Starter

    Joined:
    Jan 3, 2012
    Messages:
    99
    Yes, the htpps. All the websites have this "InPrivate" in front of the http: As well, there's a box that comes up saying about "debugging" the site which I'm pretty sure is coming from this "InPrivate" sign. I do everything it says to switch it Off but it does its own thing anyway and stays on - so I think it's from this virus.

    Thanks for your concern.
     
  6. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    You will need to scan your computer. Run the program on post 2 to view your settings.
     
  7. midser

    midser Thread Starter

    Joined:
    Jan 3, 2012
    Messages:
    99
    Will try this JSntgRvr - thanks everyone.
     
  8. midser

    midser Thread Starter

    Joined:
    Jan 3, 2012
    Messages:
    99
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
    Ran by Administrator at 2015-03-06 13:24:14
    Running from C:\Documents and Settings\Administrator.ADMIN-CB774A63A\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Panda Antivirus Pro 2014 (Enabled - Up to date) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
    FW: Panda Personal Firewall 2014 (Disabled) {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
    Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Brother MFL-Pro Suite MFC-J415W (HKLM\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    EmailStripper 2.2 (HKLM\...\EmailStripper_is1) (Version: - PaperCut Software Pty Ltd)
    Free File Opener (HKLM\...\Free File Opener) (Version: 2011.8.0.0 - Free File Opener, LLC)
    Freemake Video Converter version 4.0.2 (HKLM\...\Freemake Video Converter_is1) (Version: 4.0.2 - Ellora Assets Corporation)
    Greetings Workshop (HKLM\...\Greetings Workshop) (Version: - )
    iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Picture It! Photo 7.0 (HKLM\...\{369B36BE-3D64-4641-9AEA-808D436FE132}) (Version: 7.0.0.0000 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
    Microsoft Works 2002 Setup Launcher (HKLM\...\Works2002Setup) (Version: - )
    Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0710.1 - Microsoft Corporation)
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NVIDIA Graphics Driver 307.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.90 - NVIDIA Corporation)
    NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
    NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
    Panda Antivirus Pro 2014 (HKLM\...\{E55FB276-73C9-4776-AB53-BC028C0509ED}) (Version: 13.02.00 - Panda Security)
    Panda Antivirus Pro 2014 (Version: 13.01.01 - Panda Security) Hidden
    Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
    PaperPort Image Printer (HKLM\...\{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}) (Version: 1.00.0000 - Nuance Communications, Inc.)
    Password Depot 7 - Panda Secure Vault Edition (HKLM\...\{A6144BFB-45FB-4DDB-BC4F-AB10E9FF0395}_is1) (Version: 7.1.0 - AceBIT GmbH)
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Rapport (Version: 3.5.1403.67 - Trusteer) Hidden
    RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6849 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    ScanSoft PaperPort 11 (HKLM\...\{B6C89654-A6A2-477C-873B-724EC1C56407}) (Version: 11.1.0000 - Nuance Communications, Inc.)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1403.67 - Trusteer)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Works Suite OS Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
    Works Suite OS Pack (Version: 3.0.0.0000 - Microsoft Corporation) Hidden
    Works Synchronization (Version: 1.0.0.0000 - Your Company Name) Hidden
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    ==================== Restore Points =========================
    04-12-2014 20:17:56 System Checkpoint
    05-12-2014 21:11:44 System Checkpoint
    06-12-2014 21:43:31 System Checkpoint
    07-12-2014 22:13:57 System Checkpoint
    09-12-2014 17:04:14 System Checkpoint
    09-12-2014 21:28:44 Software Distribution Service 3.0
    11-12-2014 06:23:53 System Checkpoint
    12-12-2014 10:10:19 System Checkpoint
    13-12-2014 19:44:45 System Checkpoint
    14-12-2014 20:03:58 System Checkpoint
    15-12-2014 20:44:30 System Checkpoint
    16-12-2014 14:53:01 Installed QuickTime 7
    16-12-2014 15:31:55 Installed iTunes
    17-12-2014 16:50:07 System Checkpoint
    18-12-2014 16:59:16 System Checkpoint
    19-12-2014 17:10:58 System Checkpoint
    20-12-2014 17:23:10 System Checkpoint
    21-12-2014 21:02:16 System Checkpoint
    22-12-2014 21:46:40 System Checkpoint
    23-12-2014 22:32:32 System Checkpoint
    24-12-2014 22:36:31 System Checkpoint
    25-12-2014 22:44:20 System Checkpoint
    26-12-2014 23:27:12 System Checkpoint
    28-12-2014 14:02:37 System Checkpoint
    29-12-2014 14:30:29 System Checkpoint
    30-12-2014 15:13:18 System Checkpoint
    31-12-2014 15:35:10 System Checkpoint
    01-01-2015 16:01:31 System Checkpoint
    02-01-2015 17:20:41 System Checkpoint
    03-01-2015 17:38:06 System Checkpoint
    04-01-2015 18:30:05 System Checkpoint
    05-01-2015 19:07:55 System Checkpoint
    06-01-2015 19:11:26 System Checkpoint
    07-01-2015 20:28:23 System Checkpoint
    08-01-2015 21:23:33 System Checkpoint
    09-01-2015 14:52:10 Installed Compatibility Pack for the 2007 Office system
    10-01-2015 09:00:20 Software Distribution Service 3.0
    10-01-2015 23:04:37 Software Distribution Service 3.0
    11-01-2015 06:48:51 Software Distribution Service 3.0
    12-01-2015 09:40:51 System Checkpoint
    13-01-2015 22:38:06 System Checkpoint
    13-01-2015 23:59:45 Software Distribution Service 3.0
    15-01-2015 14:19:12 System Checkpoint
    16-01-2015 20:52:16 System Checkpoint
    17-01-2015 22:09:34 System Checkpoint
    18-01-2015 22:17:41 System Checkpoint
    20-01-2015 19:26:17 System Checkpoint
    22-01-2015 11:39:51 System Checkpoint
    23-01-2015 13:25:31 System Checkpoint
    24-01-2015 14:22:01 System Checkpoint
    25-01-2015 14:33:07 System Checkpoint
    26-01-2015 15:39:27 System Checkpoint
    27-01-2015 17:39:46 System Checkpoint
    28-01-2015 19:19:18 System Checkpoint
    29-01-2015 19:39:45 System Checkpoint
    30-01-2015 19:57:25 System Checkpoint
    31-01-2015 20:00:18 System Checkpoint
    02-02-2015 09:43:31 System Checkpoint
    03-02-2015 19:44:25 System Checkpoint
    04-02-2015 20:18:30 System Checkpoint
    05-02-2015 20:37:23 System Checkpoint
    06-02-2015 21:35:25 System Checkpoint
    07-02-2015 22:23:08 System Checkpoint
    08-02-2015 23:08:50 System Checkpoint
    10-02-2015 19:24:07 System Checkpoint
    11-02-2015 00:21:31 Software Distribution Service 3.0
    12-02-2015 13:17:49 System Checkpoint
    13-02-2015 22:30:48 System Checkpoint
    15-02-2015 13:21:02 System Checkpoint
    16-02-2015 14:18:50 System Checkpoint
    17-02-2015 15:45:26 System Checkpoint
    18-02-2015 16:40:49 System Checkpoint
    19-02-2015 17:25:54 System Checkpoint
    20-02-2015 18:04:56 System Checkpoint
    22-02-2015 14:48:09 System Checkpoint
    23-02-2015 15:32:54 System Checkpoint
    24-02-2015 16:11:45 System Checkpoint
    25-02-2015 16:43:56 System Checkpoint
    26-02-2015 17:37:03 System Checkpoint
    27-02-2015 21:09:56 System Checkpoint
    28-02-2015 21:42:08 System Checkpoint
    02-03-2015 07:01:35 System Checkpoint
    03-03-2015 17:53:56 System Checkpoint
    04-03-2015 18:13:17 System Checkpoint
    06-03-2015 12:13:54 System Checkpoint
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2012-10-25 20:43 - 2007-08-11 01:58 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 mpa.one.microsoft.com

    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\Driver Tool-RTMRules.job => C:\Program Files\Driver Tool\Driver Tool\DriverTool.exe
    Task: C:\WINDOWS\Tasks\Driver Tool-RTMScan.job => C:\Program Files\Driver Tool\Driver Tool\DriverTool.exe
    Task: C:\WINDOWS\Tasks\Driver Tool-RTMUpdater.job => C:\Program Files\Driver Tool\Driver Tool\DriverTool.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-299502267-838170752-1177238915-500.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-299502267-838170752-1177238915-500.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-299502267-838170752-1177238915-500.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-299502267-838170752-1177238915-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-299502267-838170752-1177238915-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\ReimageUpdater.job => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
    ==================== Loaded Modules (whitelisted) ==============
    2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-11-27 11:05 - 2007-02-14 12:55 - 00165424 _____ () C:\Program Files\Panda Security\Panda Antivirus Pro 2014\MiniCrypto.dll
    2013-11-27 11:05 - 2004-05-19 10:33 - 00507904 _____ () C:\Program Files\Panda Security\Panda Antivirus Pro 2014\libxml2.dll
    2013-11-27 11:05 - 2007-02-14 12:55 - 00099888 _____ () C:\Program Files\Panda Security\Panda Antivirus Pro 2014\APIcr.dll
    2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    2013-08-04 14:45 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
    2015-03-04 16:52 - 2015-03-04 16:52 - 00084992 _____ () C:\Documents and Settings\Administrator.ADMIN-CB774A63A\Local Settings\Application Data\Ummedia\New.dll
    2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
    2015-03-04 16:52 - 2015-03-04 16:52 - 00084992 _____ () C:\Documents and Settings\Administrator.ADMIN-CB774A63A\Local Settings\Application Data\Abdworks\New.dll
    2012-10-25 20:43 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail => ""="Service"
    ==================== EXE Association (whitelisted) ===============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-299502267-838170752-1177238915-1004\Control Panel\Desktop\\Wallpaper -> (None)
    HKU\S-1-5-21-299502267-838170752-1177238915-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator.ADMIN-CB774A63A\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    DNS Servers: 192.168.0.1
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    (Currently there is no automatic fix for this section.)

    ==================== Accounts: =============================
    Administrator (S-1-5-21-299502267-838170752-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.ADMIN-CB774A63A
    Guest (S-1-5-21-299502267-838170752-1177238915-501 - Limited - Enabled)
    HelpAssistant (S-1-5-21-299502267-838170752-1177238915-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-299502267-838170752-1177238915-1002 - Limited - Disabled)
    UpdatusUser (S-1-5-21-299502267-838170752-1177238915-1004 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser
    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (03/06/2015 10:18:09 AM) (Source: Sentinel) (EventID: 31424) (User: )
    Description: Unexpected failure scanning file C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ADMIN-CB774A63A\LOCAL SETTINGS\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\NG4UNY13\IFTFL[2].JS.
    If the problem persists, please contact with support.
    Error: (03/06/2015 10:18:09 AM) (Source: Sentinel) (EventID: 31424) (User: )
    Description: Unexpected failure scanning file C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ADMIN-CB774A63A\LOCAL SETTINGS\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\NG4UNY13\IFTFL[1].JS.
    If the problem persists, please contact with support.
    Error: (03/06/2015 09:32:00 AM) (Source: Ci) (EventID: 4126) (User: )
    Description: Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will
    be automatically restored by refiltering all documents.
    Error: (03/06/2015 09:02:04 AM) (Source: Ci) (EventID: 4126) (User: )
    Description: Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will
    be automatically restored by refiltering all documents.
    Error: (03/06/2015 09:02:04 AM) (Source: Ci) (EventID: 4124) (User: )
    Description: Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart
    the Indexing Service (cisvc).
    Error: (02/23/2015 09:22:10 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: CTLCN BrtCTLCN: [2015/02/23 09:22:10.140]: [00000964]: brccMCtl.exe: ControlCenter3Dlg.cpp (0683) : -------- Button ID Not Found.
    Error: (02/22/2015 10:21:05 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: WIA BrtWIA: [2015/02/22 22:21:05.171]: [00003064]: ChkMk:: ES Error[-4]
    Error: (02/22/2015 10:21:05 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: WIA BrtWIA: [2015/02/22 22:21:05.171]: [00003064]: ChkMk:: ED Error[-4]
    Error: (02/19/2015 05:01:24 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: CTLCN BrtCTLCN: [2015/02/19 17:01:24.065]: [00003440]: brccMCtl.exe: ControlCenter3Dlg.cpp (0683) : -------- Button ID Not Found.
    Error: (02/04/2015 08:23:22 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: WIA BrtWIA: [2015/02/04 20:23:22.859]: [00002636]: ChkMk:: ES Error[-4]

    System errors:
    =============
    Error: (03/06/2015 01:25:45 PM) (Source: DCOM) (EventID: 10005) (User: ADMIN-CB774A63A)
    Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
    in order to run the server:
    {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    Error: (03/06/2015 00:34:21 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
    in order to run the server:
    {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    Error: (03/06/2015 00:25:44 PM) (Source: DCOM) (EventID: 10005) (User: ADMIN-CB774A63A)
    Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
    in order to run the server:
    {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    Error: (03/06/2015 11:34:23 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
    in order to run the server:
    {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    Error: (03/06/2015 11:25:44 AM) (Source: DCOM) (EventID: 10005) (User: ADMIN-CB774A63A)
    Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
    in order to run the server:
    {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    Error: (03/06/2015 10:34:21 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
    in order to run the server:
    {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    Error: (03/06/2015 10:25:43 AM) (Source: DCOM) (EventID: 10005) (User: ADMIN-CB774A63A)
    Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
    in order to run the server:
    {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    Error: (03/06/2015 09:34:18 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
    in order to run the server:
    {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    Error: (03/06/2015 09:26:06 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Freemake Improver service hung on starting.
    Error: (03/06/2015 09:25:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Util AppEnable service failed to start due to the following error:
    %%3

    Microsoft Office Sessions:
    =========================
    Error: (03/06/2015 10:18:09 AM) (Source: Sentinel) (EventID: 31424) (User: )
    Description: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ADMIN-CB774A63A\LOCAL SETTINGS\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\NG4UNY13\IFTFL[2].JS
    Error: (03/06/2015 10:18:09 AM) (Source: Sentinel) (EventID: 31424) (User: )
    Description: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.ADMIN-CB774A63A\LOCAL SETTINGS\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\NG4UNY13\IFTFL[1].JS
    Error: (03/06/2015 09:32:00 AM) (Source: Ci) (EventID: 4126) (User: )
    Description: c:\system volume information\catalog.wci
    Error: (03/06/2015 09:02:04 AM) (Source: Ci) (EventID: 4126) (User: )
    Description: c:\system volume information\catalog.wci
    Error: (03/06/2015 09:02:04 AM) (Source: Ci) (EventID: 4124) (User: )
    Description: c:\system volume information\catalog.wci
    Error: (02/23/2015 09:22:10 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: CTLCNBrtCTLCN: [2015/02/23 09:22:10.140]: [00000964]: brccMCtl.exe: ControlCenter3Dlg.cpp (0683) : -------- Button ID Not Found.
    Error: (02/22/2015 10:21:05 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: WIABrtWIA: [2015/02/22 22:21:05.171]: [00003064]: ChkMk:: ES Error[-4]
    Error: (02/22/2015 10:21:05 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: WIABrtWIA: [2015/02/22 22:21:05.171]: [00003064]: ChkMk:: ED Error[-4]
    Error: (02/19/2015 05:01:24 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: CTLCNBrtCTLCN: [2015/02/19 17:01:24.065]: [00003440]: brccMCtl.exe: ControlCenter3Dlg.cpp (0683) : -------- Button ID Not Found.
    Error: (02/04/2015 08:23:22 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: WIABrtWIA: [2015/02/04 20:23:22.859]: [00002636]: ChkMk:: ES Error[-4]

    ==================== Memory info ===========================
    Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
    Percentage of memory in use: 66%
    Total physical RAM: 2047.29 MB
    Available physical RAM: 680.37 MB
    Total Pagefile: 5986.15 MB
    Available Pagefile: 3327.43 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1936.96 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:232.88 GB) (Free:200.43 GB) NTFS ==>[Drive with boot components (Windows XP)]
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: F164F164)
    Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
    ==================== End Of Log ============================
     
  9. midser

    midser Thread Starter

    Joined:
    Jan 3, 2012
    Messages:
    99
    Here's the second part of it:

    ==================== End Of Log ============================

    Farbar Recovery Scan Tool (x86) Version: 04-03-2015
    Ran by Administrator at 2015-03-06 13:36:54
    Running from C:\Documents and Settings\Administrator.ADMIN-CB774A63A\Desktop
    Boot Mode: Normal

    ================== Search Files: "HELP_DECRYPT.*
    HELP-DECRYPT.*" =============

    ====== End Of Search ======
     
  10. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    The FRST.txt is missing.

    Please download the attached file and save it in the same directory as FRST.
    • Start FRST with Administrator privileges.
    • Press the Fix button.
    • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
      Please copy and paste its contents in your next reply.

    Please also post the FRST.txt.
     

    Attached Files:

  11. midser

    midser Thread Starter

    Joined:
    Jan 3, 2012
    Messages:
    99
    Am having problems doing this as the virus restarted my comp and then this notice comes up stating that it is not a genuine copy of microsoft and all my desktop was black and it wouldn't do anything. However, I switched it off and then switched it on again with the same thing but I clicked a big picture that came up on the screen, clicked on the email and it opened and then went directly here. I have the feeling that if I try to do what you told me that the same thing might happen. As well, when I do the FRST it doesn't give me the option to click "Fix" but closes saying that it has recorded it on Desktop.

    I have a feeling that this computer is finally dying and am fortunate that I have been in the process of copying all my data to a new computer. I had most of it on a USB plug and it is okay, not encrypted so I thank God for that. It's still very annoying as I like XP and was to use it as long as it was going. However, I think I'm going to have to get used to the new one. I'm wondering if I got this virus from a website I was in. I was looking to see if I could buy Outlook Express and this website came up "ZINSTALL zExpress at $99.00. It had that Microsoft had approved it and to click on here to see that. Well it was a pdf file and thought it would be okay but I have the feeling that is where I may have got this virus that has encrypted my files. Do you know if this programme is safe or not? I don't want to click on this pdf file in case it is where I got it.

    I will try to follow your instructions once again but if the same things happen then I will have to admit defeat on this computer. If I can't get back into this computer, I will email you from my new computer (it is working fine - no encryption there, thank the Lord).

    In the meantime, thank you for your efforts and as I said, I will try to follow your instructions once again.
    Midser
     
  12. midser

    midser Thread Starter

    Joined:
    Jan 3, 2012
    Messages:
    99
    Here's from the Fixit:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-03-2015 03
    Ran by Administrator at 2015-03-08 20:13:15 Run:2
    Running from C:\Documents and Settings\Administrator.ADMIN-CB774A63A\Desktop
    Loaded Profiles: UpdatusUser & Administrator (Available profiles: UpdatusUser & Administrator)
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    Start
    Task: C:\WINDOWS\Tasks\ReimageUpdater.job => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
    Hosts:
    Emptytemp:
    End


    *****************
    C:\WINDOWS\Tasks\ReimageUpdater.job not found.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 16.9 MB temporary data.

    The system needed a reboot.
    ==== End of Fixlog 20:13:23 ====
     
  13. midser

    midser Thread Starter

    Joined:
    Jan 3, 2012
    Messages:
    99
    Hi Again:

    Do you know where I could purchase Outlook Express from a legitimate source because I'm not fond of Windows Live Mail which I have on the new comp on Windows 7.

    Thanks so much for all your time.
    Midser
     
  14. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
  15. midser

    midser Thread Starter

    Joined:
    Jan 3, 2012
    Messages:
    99
    Thanks JSntgRvr


    I hate to give up but between trying to learn this new Windows 7 and a new computer, my time is running out so I'd better not continue and waste your time either. It's Windows Live Essentials that I have for my email. It's not a patch on Outlook Express (for residents anyway, maybe for businesses) but I don't want a calendar, etc. taking up space on my comp. I have a calendar on my desk anyway. As well I wish it would list the Sent List, just with the sents, not with the letter I received, etc. I went into the website you gave me and will have a go at the support for the mail there. Thanks so much again for all your time and effort, I really do appreciate it. I think I'll just retire my old computer and save the frustration, so I guess we close this thread. Thanks.
    Midser
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1144196

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice