Hi there, you have been attacked by a file encryptor and you have five antivirus programmes running :
Avast Free Antivirus
AVG 2015
COMODO Internet Security
Symantec
Ad-Aware Antivirus
You will need to uninstall four of these. Let me know which ones and I will give you the links for the removal tools
This will be a quick and dirty fix to get things running again, I will need a fresh FRST scan to see what the major problems are
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software\Avast <====== ATTENTION HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => No File U5 BFE; <===== ATTENTION Locked Service CMD: del /F /Q /S "C:\HELP_DECRYPT.HTML" CMD: del /F /Q /S "C:\HELP_DECRYPT.PNG" CMD: del /F /Q /S "C:\HELP_DECRYPT.URL" CMD: del /F /Q /S "C:\HELP_DECRYPT.TXT" Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that