Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error on Reboot After Removing Malware


  • Please log in to reply
13 replies to this topic

#1 charismatic100

charismatic100

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 23 December 2013 - 07:14 AM

I am attempting to clean a HP G72 laptop, OS Windows7 Home Premium.  User was not reading webpages completely, therefore was unaware that bundled software packages were being loaded onto the computer until it did not respond in the expected manner.

 

I uninstalled PC Fix Speed and a number of PUPs using uninstall in Programs and Features and have disabled addons for all PUPs in IE. IE is still going to dosearches.com for home page and I am unable to change this in IE options.  I have run Malwarebytes, removed selected entry, but there are a lot of registry keys listed that probably need to be deleted or changed that were not selected. 

 

Any assistance would be greatly appreciated.



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:10 AM

Posted 23 December 2013 - 08:22 AM

Hi charismatic100,
 
Can you expand on the title (i.e. what does the message say) as this will help me figure out how to deal with it?
 
Also, run these for me:
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

---------

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

---------
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 charismatic100

charismatic100
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 23 December 2013 - 08:57 AM

My apologies, I did neglect to put that information in.  The error message is:  RunDLL, There was a problem starting C:\UsersIKGA\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll  The specified module could not be found.

 

I am working on your list and will post log files as I complete each step.



#4 charismatic100

charismatic100
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 23 December 2013 - 09:18 AM

# AdwCleaner v3.016 - Report created 23/12/2013 at 09:08:26
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : IKGA - IKGAREGISTRAR
# Running from : C:\Users\IKGA\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater17.1.3

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\IminentToolbar
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Level Quality Watcher
[!] Folder Deleted : C:\Users\IKGA\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\IKGA\AppData\Local\Conduit
Folder Deleted : C:\Users\IKGA\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\IKGA\AppData\Local\visualbeeexe
Folder Deleted : C:\Users\IKGA\AppData\Local\Temp\CT3287808
Folder Deleted : C:\Users\IKGA\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\IKGA\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\IKGA\AppData\LocalLow\IminentToolbar
Folder Deleted : C:\Users\IKGA\AppData\Roaming\IminentToolbar
Folder Deleted : C:\Users\IKGA\AppData\Roaming\strongvault
Folder Deleted : C:\Users\IKGA\AppData\Roaming\Mozilla\Firefox\Profiles\4s8chxeu.default\CT3287808
Folder Deleted : C:\Users\IKGA\AppData\Roaming\Mozilla\Firefox\Profiles\4s8chxeu.default\Extensions\plugin@yontoo.com
Folder Deleted : C:\Users\IKGA\AppData\Roaming\Mozilla\Firefox\Profiles\4s8chxeu.default\Extensions\{01e86e69-a2f8-48a0-b068-83869bdba3d0}
Folder Deleted : C:\Users\IKGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Folder Deleted : C:\Users\IKGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
File Deleted : C:\END
File Deleted : C:\Users\IKGA\AppData\Roaming\Mozilla\Firefox\Profiles\4s8chxeu.default\searchplugins\Askcom.xml
File Deleted : C:\Users\IKGA\AppData\Roaming\Mozilla\Firefox\Profiles\4s8chxeu.default\searchplugins\Conduit.xml
File Deleted : C:\Users\IKGA\AppData\Roaming\Mozilla\Firefox\Profiles\4s8chxeu.default\searchplugins\conduit-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\dosearches.xml
File Deleted : C:\Users\IKGA\AppData\Roaming\Mozilla\Firefox\Profiles\4s8chxeu.default\searchplugins\iminent.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\IKGA\AppData\Roaming\Mozilla\Firefox\Profiles\4s8chxeu.default\user.js
File Deleted : C:\Users\IKGA\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
File Deleted : C:\Users\IKGA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
File Deleted : C:\Users\IKGA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\IKGA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\IKGA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\IKGA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\IKGA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\IKGA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\IKGA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\IKGA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287808
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\SocialBit
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Scorpion Saver
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\dosearchessoftware
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v3.6.13 (en-US)

[ File : C:\Users\IKGA\AppData\Roaming\Mozilla\Firefox\Profiles\4s8chxeu.default\prefs.js ]

Line Deleted : user_pref("CT3287808.FF19Solved", "true");
Line Deleted : user_pref("CT3287808.UserID", "UN35913729232256126");
Line Deleted : user_pref("CT3287808.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3287808.fullUserID", "UN35913729232256126.IN.20131216113410");
Line Deleted : user_pref("CT3287808.installDate", "16/12/2013 11:34:34");
Line Deleted : user_pref("CT3287808.installSessionId", "{1D7CD780-ED8B-4BD8-80DB-007361B1C436}");
Line Deleted : user_pref("CT3287808.installSp", "TRUE");
Line Deleted : user_pref("CT3287808.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3287808.keyword", "true");
Line Deleted : user_pref("CT3287808.originalHomepage", "hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=WDCXWD3200BEVT-60A23T0_WD-WX61A602719027190&ts=1383930040"[...]
Line Deleted : user_pref("CT3287808.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3287808.originalSearchEngine", "dosearches");
Line Deleted : user_pref("CT3287808.originalSearchEngineName", "dosearches");
Line Deleted : user_pref("CT3287808.searchRevert", "false");
Line Deleted : user_pref("CT3287808.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3287808.searchUserMode", "2");
Line Deleted : user_pref("CT3287808.smartbar.homepage", "true");
Line Deleted : user_pref("CT3287808.toolbarInstallDate", "16-12-2013 11:34:11");
Line Deleted : user_pref("CT3287808.versionFromInstaller", "10.23.0.722");
Line Deleted : user_pref("CT3287808.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "VisualBee V.9 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287808&CUI=UN35913729232256126&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Deleted : user_pref("extensions.enabledItems", "smartwebprinting@hp.com:4.51,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26,{BBDA0591-3099-440a-AA10-41764D9DB4DB}:11[...]
Line Deleted : user_pref("iminent.enabledAds", "false");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3287808");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3287808&CUI=UN35913729232256126&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287808&SearchSource=2&CUI=UN35913729232256126&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3287808");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3287808");
Line Deleted : user_pref("smartbar.machineId", "4VGVHDNHNTZ/TUWQFEYF/YOMSMVOZC4BJ3QXQ9CERSK9XDQT971HGDAGM48AO7AULCDQVGVYIFTWWO+TRYK1/A");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.iminent.com/?appId=C99476C3-EEAB-49D1-8099-45E5BBE5FA77");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ff&tb_uuid=3795A4AFA2024C44BF4D5C795DD3142E&tb_oid=17-12-20[...]

*************************

AdwCleaner[R0].txt - [23712 octets] - [23/12/2013 09:07:38]
AdwCleaner[S0].txt - [19664 octets] - [23/12/2013 09:08:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19725 octets] ##########

#5 charismatic100

charismatic100
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 23 December 2013 - 09:38 AM

Junkware Removal log file

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by IKGA on Mon 12/23/2013 at  9:26:34.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SMessaging [Strongvault]

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dropdowndeals_132013-13E4_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dropdowndeals_132013-13E4_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dropdowndeals_132013-13E4_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dropdowndeals_132013-13E4_RASMANCS

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\IKGA\appdata\local\browsersafeguard"
Successfully deleted: [Folder] "C:\Users\IKGA\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\IKGA\appdata\local\stronghold_llc"
Successfully deleted: [Folder] "C:\Users\IKGA\appdata\local\strongvault online backup"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

 

~~~ FireFox

Successfully deleted: [Folder] C:\Users\IKGA\AppData\Roaming\mozilla\firefox\profiles\4s8chxeu.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/23/2013 at  9:34:21.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 charismatic100

charismatic100
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 23 December 2013 - 12:27 PM

ESTScan results

C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir a variant of Win64/Adware.Adpeak.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\IKGA\AppData\Local\Temp\tbVisu.dll a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\Users\IKGA\Downloads\Setup.exe a variant of Win32/DomaIQ.AQ application cleaned by deleting - quarantined
 



#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:10 AM

Posted 23 December 2013 - 12:34 PM

Hi charismatic100,

 

How is the computer running, and does the error still appear on startup?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 charismatic100

charismatic100
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 23 December 2013 - 06:19 PM

There is no error message on startup.

Laptop is responding well.  I have been able to correct homepage issue in IE.

It takes 2.5 minutes to bootup into Windows.  I have not yet received confirmation that it has always done that.



#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:10 AM

Posted 24 December 2013 - 07:25 AM

Hi charismatic100,
 
I can have a look at your startup programs and hopefully find some programs to disable if you run the program below:
 
Please download Autoruns.
 
Open Downloads in your browser and click on the Autoruns download.
 
Click on Run to initiate the installation.
 
When Autoruns loads you will see an image similar to the one below.
 
autorunsscreen_zps2ac55e2e.png
 
Click on File, then click on Save.
 
You will see an image similar to the one below.
 
autorunsscreen1_zps8a35cb1a.png
 
Choose Desktop as the destination, then click on the down arrow in the Save as type: box and click on Text (*.txt), then click on Save.
 
There will be a Text icon on the desktop titled AutoRuns, click on it to open the log.
 
Copy the log and paste it in your next post.
 
----------
 
Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

xXToffeeXx~


Edited by xXToffeeXx, 24 December 2013 - 07:25 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 charismatic100

charismatic100
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 24 December 2013 - 02:10 PM

Hi xXToffeeXx,

Results of Autoruns:
"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" "" "7/13/2009 11:49 PM"
+ "rdpclip" "" "" "File not found: rdpclip" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "12/6/2013 6:40 AM"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe" "8/25/2010 2:04 PM"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe" "8/25/2010 2:05 PM"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe" "8/25/2010 2:04 PM"
+ "RTHDVCPL" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\rtkngui64.exe" "9/20/2010 2:41 AM"
+ "RtkOSD" "Realtek OSD for Volume/Mute" "Realtek Semiconductor Corp." "c:\program files (x86)\realtek\audio\osd\rtvosd64.exe" "1/12/2010 3:32 AM"
+ "SunJavaUpdateSched" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jusched.exe" "10/11/2009 4:33 AM"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe" "9/10/2010 8:39 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "12/23/2013 5:56 PM"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe" "2/27/2009 8:10 PM"
+ "AVG_UI" "AVG User Interface" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2014\avgui.exe" "11/7/2013 4:03 PM"
+ "HP Quick Launch" "HP Message Service" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe" "11/9/2010 1:49 AM"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files (x86)\hp\hp software update\hpwuschd2.exe" "4/27/2010 3:58 AM"
+ "NortonOnlineBackupReminder" "Norton Online Backup Service" "Symantec Corporation" "c:\program files (x86)\symantec\norton online backup\activation\nobuactivation.exe" "6/29/2009 4:01 PM"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Oracle Corporation" "c:\program files (x86)\common files\java\java update\jusched.exe" "7/2/2013 11:16 AM"
+ "WirelessAssistant" "HP Wireless Assistant Main Program" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp wireless assistant\hpwamain.exe" "7/23/2009 10:45 AM"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" "" "" "" "12/6/2013 6:40 AM"
+ "NCPluginUpdater" "NCPluginUpdater" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\ncpluginupdater.exe" "10/21/2013 9:52 PM"
"C:\Users\IKGA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "12/22/2013 7:26 PM"
+ "Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk" "Print Driver Status Business Logic" "Hewlett-Packard Co." "c:\program files\hp\hp officejet pro 8600\bin\hpstatusbl.dll" "10/17/2012 6:37 AM"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "9/6/2009 8:56 PM"
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "7/13/2009 6:58 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "9/6/2009 8:56 PM"
+ "Google Chrome" "Google Chrome" "Google Inc." "c:\program files (x86)\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" "12/3/2013 8:54 PM"
+ "Internet Explorer" "" "" "File not found: C:\Windows\system32\ie4uinit.exe" ""
+ "LightScribe Control Panel" "" "Hewlett-Packard Company" "c:\program files (x86)\common files\lightscribe\lsrunonce.exe" "2/22/2010 2:38 PM"
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe" "7/13/2009 6:42 PM"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" "5/27/2013 8:31 AM"
+ "AVG-Secure-Search-Update_1213b" "" "" "File not found: C:\Users\IKGA\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=02a7c9915f9747d0ac40b1a22fe0863c-3f2f34a2a5a779780944a19406e59cd0fbd6780e /CMPID=1213b" ""
+ "HP Officejet Pro 8600 (NET)" "ScanToPCActivationApp" "Hewlett-Packard Co." "c:\program files\hp\hp officejet pro 8600\bin\scantopcactivationapp.exe" "10/17/2012 6:29 AM"
+ "LightScribe Control Panel" "" "Hewlett-Packard Company" "c:\program files (x86)\common files\lightscribe\lightscribecontrolpanel.exe" "2/22/2010 2:40 PM"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" "" "7/13/2009 11:53 PM"
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll" "2/26/2009 6:28 AM"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 11:53 PM"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2014\avgsea.dll" "10/7/2013 5:54 PM"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 11:53 PM"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2014\avgse.dll" "10/7/2013 6:38 PM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 11:53 PM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll" "2/28/2013 3:39 PM"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 11:53 PM"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll" "7/13/2009 8:32 PM"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll" "8/25/2010 2:04 PM"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 11:53 PM"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll" "7/13/2009 8:09 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "4/22/2010 1:42 AM"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll" "2/27/2009 3:16 PM"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "4/22/2010 1:42 AM"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2014\avgsea.dll" "10/7/2013 5:54 PM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll" "2/28/2013 3:39 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "4/22/2010 1:42 AM"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2014\avgse.dll" "10/7/2013 6:38 PM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "12/22/2013 8:03 PM"
+ "HP Network Check Helper" "HP Network Check IE Plug-in" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckpluginx64.dll" "8/28/2013 3:30 AM"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll" "10/11/2009 5:40 AM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "12/23/2013 5:56 PM"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll" "2/27/2009 3:07 PM"
+ "HP Network Check Helper" "HP Network Check IE Plug-in" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll" "8/28/2013 3:28 AM"
+ "HP Print Enhancer" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll" "6/30/2009 6:51 PM"
+ "HP Smart BHO Class" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll" "6/30/2009 6:51 PM"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll" "10/8/2013 9:43 AM"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll" "10/8/2013 9:43 AM"
+ "Microsoft Live Search Toolbar Helper" "MSN® Shell Extender" "Microsoft Corp." "c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll" "7/16/2009 1:31 PM"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll" "1/22/2009 6:42 PM"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" "" "12/16/2013 11:35 AM"
+ "Microsoft Live Search Toolbar" "MSN® Shell Extender" "Microsoft Corp." "c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll" "7/16/2009 1:31 PM"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "12/11/2013 7:39 AM"
+ "HP Network Check" "NCLauncherFromIE" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe" "7/9/2012 5:46 PM"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "12/16/2013 11:35 AM"
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll" "7/26/2009 10:12 PM"
+ "HP Network Check" "NCLauncherFromIE" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe" "7/9/2012 5:46 PM"
+ "HP Smart Print" "HP Smart Print Setup" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\smart print 2.0\smartprintsetup.exe" "7/27/2012 1:07 AM"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\onbttnie.dll" "7/20/2011 1:13 AM"
+ "Show or hide HP Smart Web Printing" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll" "6/30/2009 6:51 PM"
"Task Scheduler" "" "" "" ""
+ "\0" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe" "10/13/2013 10:37 PM"
+ "\4465" "" "" "File not found: C:\Users\IKGA\AppData\Local\Temp\launchie.vbs" ""
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe" "2/25/2013 12:39 PM"
+ "\HPCeeScheduleForIKGA" "HP Ceement" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe" "9/14/2010 12:11 AM"
+ "\HPCustParticipation HP Officejet Pro 8600" "HP Customer Participation." "Hewlett-Packard Co." "c:\program files\hp\hp officejet pro 8600\bin\hpcustpartic.exe" "10/17/2012 6:34 AM"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "6/10/2009 3:36 PM"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "7/13/2009 7:24 PM"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe" "11/20/2010 5:24 AM"
+ "\VisualBeeRecovery" "" "" "File not found: C:\Users\IKGA\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "12/22/2013 8:03 PM"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "12/1/2013 1:09 PM"
+ "AERTFilters" "Andrea filters APO access service (64-bit)" "Andrea Electronics Corporation" "c:\program files\realtek\audio\hda\aertsr64.exe" "11/17/2009 11:17 AM"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2014\avgidsagent.exe" "11/11/2013 4:02 PM"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2014\avgwdsvc.exe" "9/23/2013 6:33 PM"
+ "GameConsoleService" "GameConsole management services" "WildTangent, Inc." "c:\program files (x86)\hp games\hp game console\gameconsoleservice.exe" "1/4/2010 1:03 PM"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "3/9/2010 1:10 AM"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "3/9/2010 1:10 AM"
+ "HP Support Assistant Service" "HP Support Assistant Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe" "9/27/2012 6:55 AM"
+ "HPDrvMntSvc.exe" "HP Quick Synchronization Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\shared\hpdrvmntsvc.exe" "2/4/2011 5:24 PM"
+ "hpqwmiex" "HP Software Framework WMI Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe" "8/10/2012 3:34 PM"
+ "HPWMISVC" "HP Quick Launch WMI Service" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp quick launch\hpwmisvc.exe" "11/9/2010 1:48 AM"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files (x86)\common files\lightscribe\lssrvc.exe" "2/22/2010 2:36 PM"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe" "7/20/2011 12:12 AM"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe" "10/26/2006 4:00 PM"
+ "RichVideo" "RichVideo Module" "" "c:\program files (x86)\cyberlink\shared files\richvideo.exe" "6/27/2008 6:03 AM"
+ "RtVOsdService" "Realtek OSD Control" "Realtek Semiconductor Corp." "c:\program files\realtek\rtvosd\rtvosdservice.exe" "6/24/2010 2:24 AM"
+ "TeamViewer5" "TeamViewer Remote Software" "TeamViewer GmbH" "c:\program files (x86)\teamviewer\version5\teamviewer_service.exe" "10/19/2010 7:28 AM"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll" "5/27/2013 12:51 AM"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "11/20/2010 6:18 AM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "12/22/2013 8:03 PM"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys" "12/5/2008 6:54 PM"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys" "5/1/2007 12:30 PM"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys" "2/27/2007 7:04 PM"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys" "7/13/2009 6:19 PM"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "3/18/2010 7:45 PM"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "3/20/2009 1:36 PM"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "3/19/2010 11:18 AM"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys" "5/24/2007 4:27 PM"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys" "1/14/2009 2:27 PM"
+ "Avgdiska" "AVG File Vault Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgdiska.sys" "11/5/2013 3:55 PM"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgidsdrivera.sys" "11/4/2013 3:52 PM"
+ "AVGIDSHA" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgidsha.sys" "10/24/2013 3:25 PM"
+ "Avgldx64" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx64.sys" "10/31/2013 5:00 PM"
+ "Avgloga" "AVG Logging Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgloga.sys" "10/31/2013 4:49 PM"
+ "Avgmfx64" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx64.sys" "9/30/2013 5:49 PM"
+ "Avgrkx64" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx64.sys" "9/9/2013 5:42 PM"
+ "Avgtdia" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdia.sys" "8/1/2013 9:06 AM"
+ "avgtp" "" "AVG Technologies" "c:\windows\system32\drivers\avgtpx64.sys" "8/29/2013 2:25 AM"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys" "2/13/2009 5:18 PM"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys" "4/26/2009 6:14 AM"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys" "8/6/2006 8:51 PM"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys" "8/6/2006 8:51 PM"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys" "8/6/2006 8:51 PM"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys" "8/6/2006 8:51 PM"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys" "8/6/2006 8:51 PM"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys" "8/9/2006 7:11 AM"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys" "7/13/2009 6:19 PM"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys" "12/31/2008 11:29 AM"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys" "2/3/2009 5:52 PM"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys" "5/11/2009 3:26 AM"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "4/20/2010 1:32 PM"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys" "4/13/2010 11:44 AM"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "6/10/2010 7:46 PM"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys" "8/25/2010 2:35 PM"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys" "12/13/2005 4:47 PM"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys" "9/21/2010 3:09 AM"
+ "IntcHdmiAddService" "Intel® High Definition Audio HDMI" "Intel® Corporation" "c:\windows\system32\drivers\intchdmi.sys" "1/8/2010 5:12 AM"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys" "12/9/2008 5:46 PM"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "5/18/2009 7:20 PM"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys" "5/18/2009 7:31 PM"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys" "4/16/2009 5:13 PM"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys" "5/18/2009 8:09 PM"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "5/18/2009 8:25 PM"
+ "netw5v64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5v64.sys" "3/26/2009 11:21 AM"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys" "6/6/2006 4:11 PM"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "3/19/2010 3:59 PM"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "3/19/2010 3:45 PM"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys" "1/22/2009 6:05 PM"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys" "5/18/2009 8:18 PM"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys" "9/22/2009 4:39 AM"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys" "3/22/2010 4:57 AM"
+ "rtl8192se" "Realtek RTL81892SE NDIS Driverr" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtl8192se.sys" "1/19/2010 4:55 AM"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" "9/13/2006 8:18 AM"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "9/24/2008 1:28 PM"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "10/1/2008 4:56 PM"
+ "SrvHsfHDA" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl6.sys" "10/15/2008 7:53 PM"
+ "SrvHsfV92" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv6.sys" "10/15/2008 7:57 PM"
+ "SrvHsfWinac" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt6.sys" "10/15/2008 7:52 PM"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys" "2/17/2009 6:03 PM"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys" "9/10/2010 8:09 PM"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys" "7/13/2009 6:19 PM"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "1/30/2009 8:18 PM"
+ "yukonw7" "Miniport Driver for Marvell Yukon Ethernet Controller." "Marvell" "c:\windows\system32\drivers\yk62x64.sys" "2/23/2009 10:02 AM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "10/10/2013 9:42 AM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "7/13/2009 8:28 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "12/23/2013 5:56 PM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" "7/13/2009 8:06 PM"
+ "msacm.l3codecp" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codecp.acm" "7/13/2009 8:06 PM"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "11/20/2010 6:59 AM"
"HKLM\Software\Classes\Filter" "" "" "" "12/23/2013 9:46 AM"
+ "MainConcept (Muvee) MP4 Demultiplexer" "MPEG-4 Demultiplexer Direct Show Filter" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveemp4demux.ax" "12/2/2008 1:03 PM"
+ "MainConcept (Muvee) MPEG Demultiplexer" "MPEG-1/2 Demultiplexer" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveempgdmx.ax" "12/2/2008 12:19 PM"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "7/13/2009 11:53 PM"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "7/10/2009 2:08 PM"
+ "CyberLink Audio Decoder (PDVD8)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd8\audiofilter\claud.ax" "9/28/2009 5:00 AM"
+ "CyberLink Audio Decoder(PDVD8 UPnP)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd8\upnp\claud.ax" "2/16/2007 3:17 AM"
+ "CyberLink Audio Effect (PDVD8)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerdvd8\audiofilter\claudfx.ax" "5/24/2009 10:31 PM"
+ "CyberLink Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaunrwrapper.ax" "10/16/2005 9:34 PM"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaursmpl.ax" "2/24/2005 9:41 PM"
+ "CyberLink Audio Spectrum Analyzer (PDVD8)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd8\audiofilter\claudspa.ax" "9/24/2004 6:08 AM"
+ "CyberLink Audio Spectrum Analyzer(HomeNetwork)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd8\upnp\claudspa.ax" "9/24/2004 6:08 AM"
+ "CyberLink Audio VolumeBooster" "CyberLink Audio Volume Booster Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gvb.ax" "10/8/2004 3:36 AM"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd8\audiofilter\claudwizard.ax" "8/14/2009 8:26 AM"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudiocd.ax" "1/21/2008 5:35 AM"
+ "CyberLink AudioCD Filter (PDVD8)" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd8\audiofilter\claudiocd.ax" "5/15/2007 10:29 PM"
+ "CyberLink Demultiplexer(HomeNetwork)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd8\upnp\cldemuxer.ax" "9/13/2006 7:50 AM"
+ "CyberLink Demux (PDVD8)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd8\navfilter\cldemuxer.ax" "6/30/2009 6:20 AM"
+ "CyberLink Digest Filter (PDVD8)" "DigestFilter Dynamic Link Library" "" "c:\program files (x86)\cyberlink\powerdvd8\digestfilter.dll" "9/13/2009 9:21 PM"
+ "Cyberlink Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gdumpdispatch.ax" "12/12/2003 2:01 AM"
+ "Cyberlink Dump Filter" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gdump.ax" "11/22/2006 7:15 AM"
+ "CyberLink DVD Navigator (PDVD8)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd8\navfilter\clnavx.ax" "8/9/2009 8:58 PM"
+ "CyberLink Editing Service 3.0 (Source)" "CES Kernel" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gedtkrn.dll" "5/3/2007 1:18 AM"
+ "Cyberlink File Reader (Async.)" "Cyberlink MPEG File Reader" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2greader.ax" "6/15/2003 10:35 PM"
+ "CyberLink HD/BD Mixer (PDVD8.0)" "CLHBMixer" " " "c:\program files (x86)\cyberlink\powerdvd8\audiofilter\clhbmixer.ax" "9/17/2009 3:47 AM"
+ "CyberLink Line21 Decoder (PDVD8)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd8\videofilter\clline21.ax" "7/9/2009 1:06 AM"
+ "CyberLink Load Image Filter" "CLImage" "CyberLink" "c:\program files (x86)\cyberlink\shared files\climage.ax" "11/6/2006 11:16 PM"
+ "CyberLink M2V Writer" "CLM2VWriter" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gm2vwriter.ax" "8/17/2005 9:45 AM"
+ "CyberLink MP3/WAV Wrapper" "CyberLink MP3 Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gmp3wrap.ax" "1/13/2008 9:30 PM"
+ "CyberLink MPEG Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gmvd.ax" "9/29/2003 8:50 AM"
+ "CyberLink MPEG Muxer" "MpgMux" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gmpgmux.ax" "5/23/2008 2:27 AM"
+ "CyberLink MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd8\upnp\clsplter.ax" "6/22/2007 10:18 AM"
+ "CyberLink MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files (x86)\cyberlink\power2go\p2gvidenc.ax" "10/26/2005 6:41 AM"
+ "CyberLink MPEG-1 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gm1spliter.ax" "12/3/2007 10:11 PM"
+ "CyberLink MPEG-2 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gm2spliter.ax" "12/3/2007 10:10 PM"
+ "CyberLink MPEG-4 Splitter (PDVD8)" "CyberLink MPEG-4 Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd8\navfilter\clm4splt.ax" "6/25/2009 9:53 PM"
+ "CyberLink PCM Wrapper" "CyberLink PCM Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gpcmenc.ax" "3/21/2002 12:54 AM"
+ "CyberLink Push-Mode CLStream" "CLStream" "CyberLink" "c:\program files (x86)\cyberlink\powerdvd8\upnp\clstream(pushmode).ax" "4/27/2006 8:05 AM"
+ "Cyberlink Streamming Filter" "Cyberlink Streaming Source Filter(Scramble)" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd8\upnp\clstream.ax" "5/2/2007 1:12 AM"
+ "Cyberlink SubTitle Importor (PDVD8)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd8\videofilter\clsubtitle.ax" "5/19/2009 2:57 AM"
+ "CyberLink TimeStretch Filter (CES)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gauts.ax" "10/12/2004 9:32 AM"
+ "CyberLink TimeStretch Filter (PDVD8)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd8\audiofilter\clauts.ax" "7/7/2009 3:31 AM"
+ "CyberLink TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gtlmsplter.ax" "10/19/2006 12:33 AM"
+ "CyberLink Tzan Filter (PDVD8)" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd8\videofilter\cltzan.ax" "7/27/2009 11:17 PM"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gvidfx.ax" "8/29/2005 11:01 PM"
+ "CyberLink Video Regulator" "CLRGL" "Cyberlink" "c:\program files (x86)\cyberlink\power2go\p2grgl.ax" "9/28/2005 5:42 AM"
+ "CyberLink Video Stabilizer" "CLVideoDeShaking" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gvideostabilizer.ax" "10/17/2005 1:28 AM"
+ "CyberLink Video/SP Decoder (PDVD8)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd8\videofilter\clvsd.ax" "8/31/2009 10:41 PM"
+ "CyberLink Video/SP Decoder(HomeNetwork)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd8\upnp\clvsd.ax" "9/16/2009 1:48 AM"
+ "MainConcept (Muvee Consumer) AVC/H.264 Video Decoder" "AVC/H.264 Video Decoder" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveestdavcvd.ax" "12/2/2008 12:36 PM"
+ "MainConcept (Muvee) AAC Decoder" "AAC audio decoder filter" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveedaac.ax" "12/2/2008 12:47 PM"
+ "MainConcept (Muvee) MP4 Demultiplexer" "MPEG-4 Demultiplexer Direct Show Filter" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveemp4demux.ax" "12/2/2008 1:03 PM"
+ "MainConcept (Muvee) MPEG Demultiplexer" "MPEG-1/2 Demultiplexer" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveempgdmx.ax" "12/2/2008 12:19 PM"
+ "MainConcept (Muvee) MPEG-2 Video Decoder" "MPEG-2 Video Decoder" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveem2vd.ax" "12/2/2008 1:29 PM"
+ "MainConcept (Muvee) Stream Parser" "MPEG-1/2 Demultiplexer" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveempgdmx.ax" "12/2/2008 12:19 PM"
+ "MainConcept (Muvee2) Layer II Audio Decoder" "Layer II Audio Decoder" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muvee2l2ad.ax" "9/16/2008 8:36 AM"
+ "MainConcept MPEG Audio Encoder" "MPEG Audio Encoder" "MainConcept AG" "c:\program files (x86)\common files\muvee technologies\071203\mvburnerdll\mceampeg.ax" "6/19/2006 2:46 PM"
+ "MainConcept MPEG Encoder" "MPEG Encoder and Muxer" "MainConcept AG" "c:\program files (x86)\common files\muvee technologies\071203\mvburnerdll\mcesmpeg.ax" "6/19/2006 2:46 PM"
+ "MainConcept MPEG Multiplexer" "MPEG Multiplexer" "MainConcept AG" "c:\program files (x86)\common files\muvee technologies\071203\mvburnerdll\mcmuxmpeg.ax" "6/19/2006 2:46 PM"
+ "MainConcept MPEG Splitter" "Mpeg I/II Splitter" "MainConcept AG" "c:\program files (x86)\common files\muvee technologies\071203\mvburnerdll\mcspmpeg.ax" "6/19/2006 2:45 PM"
+ "MainConcept MPEG Video Encoder" "MPEG Video Encoder" "MainConcept AG" "c:\program files (x86)\common files\muvee technologies\071203\mvburnerdll\mcevmpeg.ax" "6/19/2006 2:46 PM"
+ "MediaWriter Filter" "MediaWriter Filter" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\mediawriter.ax" "11/25/2009 1:23 AM"
+ "MES Audio Source" "MESAudio Dynamic Link Library" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\mesaudiosource.ax" "11/25/2009 1:24 AM"
+ "MES Video Source" "MESVideo Dynamic Link Library" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\mesvideosource.ax" "11/25/2009 1:25 AM"
+ "muvee Audio Scope" "Audio Scope Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\mvaudioscope.ax" "11/25/2009 1:28 AM"
+ "muvee Deinterlace Filter" "mvDeInte Dynamic Link Library" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\mvdeinterlace.ax" "11/25/2009 1:33 AM"
+ "muvee FileDump Filter" "muvee FileDump Filter" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\mvfiledump.ax" "11/25/2009 1:29 AM"
+ "muvee media Type Filter" "mvDeInte Dynamic Link Library" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\mediatypeconvert.ax" "11/25/2009 1:35 AM"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\mvmanalyse.ax" "9/1/2009 12:58 AM"
+ "muvee Source Filter" "muveeSource Module" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\muveesource.ax" "11/25/2009 1:30 AM"
+ "muvee Video Analyser" "Video Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\mvvanalyse.ax" "9/1/2009 12:58 AM"
+ "muvee WAV Encoder" "muvee WAV Encoder Filter for muvee Reveal" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\mvwavencoder.ax" "11/25/2009 1:33 AM"
+ "P2G Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaud.ax" "12/1/2006 12:59 AM"
+ "P2G Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudenc.ax" "12/20/2006 4:20 AM"
+ "P2G Video Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gvsd.ax" "11/10/2005 7:36 AM"
+ "P2G Video Regulator" "CyberLink Video Regulator" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gresample.ax" "6/17/2002 10:32 PM"
+ "QuickTime Encoder" "QuickTim Dynamic Link Library" "" "c:\program files (x86)\common files\muvee technologies\071203\quicktimesink.ax" "11/25/2009 1:34 AM"
+ "QuickTime Source Filter" "QuickTim Dynamic Link Library" "" "c:\program files (x86)\common files\muvee technologies\071203\quicktimesource.dll" "11/25/2009 1:35 AM"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "7/10/2009 2:08 PM"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "7/10/2009 2:08 PM"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "7/10/2009 2:08 PM"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "7/10/2009 2:08 PM"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "7/10/2009 2:08 PM"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "7/10/2009 2:08 PM"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "7/10/2009 2:08 PM"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" "" "12/23/2013 5:56 PM"
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll" "8/25/2010 2:03 PM"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "12/23/2013 5:56 PM"
+ "HP 5312 Status Monitor" "Print Status Language Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpinksts5312lm.dll" "6/5/2010 4:13 AM"
+ "HP 5912 Status Monitor" "Print Status Language Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpinksts5912lm.dll" "6/18/2012 6:44 PM"
+ "HP Discovery Port Monitor (HP Officejet Pro 8600)" "HP Discovery Port Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpdiscopm5912.dll" "10/17/2012 6:31 AM"


Results of Securitycheck:
Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.1
Java™ 6 Update 38
Java™ 7
Java 7 Update 45
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (3.6.13) Firefox out of Date!
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:10 AM

Posted 24 December 2013 - 02:47 PM

Open up AutoRuns again and press ctrl and f. Then type IgfxTray and press enter, an entry should be highlighted. Remove the tick in the box by clicking on it. Repeat for each one listed here:

Persistence

Adobe Reader Speed Launcher

HP Quick Launch

HP Software Update

NCPluginUpdater

 

These ones are optional to uncheck, have a read through the links and decide for yourself:

HotKeysCmds

RtkOSD

SynTPEnh

WirelessAssistant

NortonOnlineBackupReminder

 

See how the startup is now, it might take a few reboots to see a difference.

 

Also update adobe reader here: http://get.adobe.com/uk/reader/ and follow these instructions to update firefox: https://support.mozilla.org/en-US/kb/update-firefox-latest-version

 

xXToffeeXx~

 


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 charismatic100

charismatic100
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 24 December 2013 - 08:35 PM

Boot up time has been decreased by 30 seconds.
Adobe Reader and Firefox have been updated. Laptop is running nicely at this point in time.
Thank you xXToffeeXx!

#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:10 AM

Posted 25 December 2013 - 05:31 AM

Hi,

You're welcome, and I think we are done here. Merry Christmas to you.

xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 charismatic100

charismatic100
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 25 December 2013 - 12:51 PM

yes, I believe we are done.
Merry Christmas to You and Best Wishes for the New year!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users