Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Decrypt Ransom paytordmbdekmizq


  • This topic is locked This topic is locked
10 replies to this topic

#1 freight_train_00

freight_train_00

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 08 February 2015 - 01:44 AM

Hi, I'm new to the forum...so hopefully someone can help me out.

 

I just discovered a .txt file stating that my files have been encrypted. After some research I realized that this could be some sort of cryptowall ransomware.

 

Some, but not all of my data files are corrupted. So can someone help me remove malware/virus this and prevent my other files from being unreadable. I ran norton anti-virus, but no threat or issues were found.

 

Thanks



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:17 PM

Posted 12 February 2015 - 10:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 freight_train_00

freight_train_00
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 12 February 2015 - 04:38 PM

The computer is running fine...here are the .txt files

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/12/2015
Scan Time: 11:03:08 AM
Logfile: MBAM Results.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2015.02.12.03
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: World Peace

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 527182
Time Elapsed: 48 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

# AdwCleaner v4.110 - Logfile created 12/02/2015 at 12:00:06
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : World Peace - Fazer
# Running from : C:\Users\World Peace\Downloads\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\World Peace\AppData\Local\ParetoLogic
Folder Deleted : C:\Users\World Peace\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\World Peace\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\World Peace\AppData\Roaming\Mozilla\Firefox\Profiles\86w7dslb.default\Extensions\anttoolbar@ant.com
Folder Deleted : C:\Users\World Peace\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\Users\World Peace\AppData\Roaming\Mozilla\Firefox\Profiles\86w7dslb.default\searchplugins\safesearch.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\ParetoLogic

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v32.0.2 (x86 en-US)


-\\ Google Chrome v40.0.2214.111

[C:\Users\WP3\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\WP3\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\World Peace 1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\World Peace 1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\World Peace\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\World Peace\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Waukita\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Waukita\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3338 bytes] - [12/02/2015 11:56:38]
AdwCleaner[S0].txt - [3036 bytes] - [12/02/2015 12:00:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3095  bytes] ##########
 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2015
Ran by World Peace at 2015-02-12 16:28:41
Running from C:\Users\World Peace\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActivClient x64 (Version: 6.2 - ActivIdentity) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.15 - Piriform)
Cisco WebEx Meetings (HKU\S-1-5-21-1703098269-2888329496-3004384568-1006\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Dell ControlVault Host Components Installer 64Bit (Version: 1.7.459.360 - Broadcom Corporation) Hidden
Dell Security Device Driver Pack (HKLM-x32\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.056 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.108 - ALPS ELECTRIC CO., LTD.)
DisplayLink Core Software (HKLM\...\{5639514A-861C-44A3-BE9A-BDADE7693647}) (Version: 7.6.55673.0 - DisplayLink Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)
HP Battery Check (HKLM-x32\...\HP Battery Check) (Version: 4.1.0.2 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.17.1 - Hewlett-Packard Company)
HP Webcam (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.39017.0 - Sonix)
HP Webcam Application (HKLM-x32\...\{154E4F71-DFC0-4B31-8D99-F97615031B02}) (Version: 1.0.065.0612 - Chicony Electronics Co.,Ltd.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6274.0 - IDT)
iExplorer 3.2.5.2 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2302 - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
LeapBand (x32 Version: 1.0.20.683 - LeapFrog) Hidden
LeapFrog Connect 2 (HKLM-x32\...\LeapFrogConnect2) (Version: 1.0.20.683 - LeapFrog)
LeapFrogConnect2 (x32 Version: 1.0.20.683 - LeapFrog) Hidden
Lenovo Display Adapter (HKLM\...\{7C65C7F7-29FD-40F1-A114-52BDCE725F27}) (Version: 5.6.32931.0 - Lenovo)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero 7 Essentials (HKLM-x32\...\{F61DD673-0030-4BB2-A382-7E57E97F1033}) (Version: 7.02.8078 - Nero AG)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.16 - NETGEAR Inc.)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
OpenOffice.org 3.2 (HKLM-x32\...\{6ADD0603-16EF-400D-9F9E-486432835002}) (Version: 3.2.9483 - OpenOffice.org)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QT5.2.1 (x32 Version: 1.0.6.420 - LeapFrog) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH)
RICOH Media Driver ver.2.07.01.01 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.01 - RICOH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7255 - Analog Devices)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
Use the entry named LeapFrogConnect2 to uninstall (LeapBand) (HKLM-x32\...\LeapBandPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrogConnect2 to uninstall (QT5.2.1) (HKLM-x32\...\QT5.2.1) (Version:  - LeapFrog)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {18B19BBD-F458-43F7-B928-A50538AC210C} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {43C2A56B-B286-4125-AD12-0AD4088DAF26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-18] (Google Inc.)
Task: {84A03078-2AED-40EB-9BFE-DEE24A036F72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-18] (Google Inc.)
Task: {8E5432BB-FF74-465A-ABF1-48B14A6B546D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A5E38483-2282-46C0-A18B-50A5D4ED0130} - System32\Tasks\{2235FB7F-E44D-4FB3-8647-1E40E3F54ADA} => pcalua.exe -a C:\Users\User\sp44868.exe -d C:\Users\User
Task: {B2EF62A1-F870-404B-BBFC-0F72A1EEC116} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {C9ABF130-19CA-446B-8916-61E5E1F5B7BE} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E454E2B9-4FD2-4C43-88E8-B53324453562} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F6356583-9D88-4A68-90FE-A6148FBC0D60} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-11-14 08:12 - 2013-11-14 08:12 - 00105216 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office Plus\Office14\1033\GrooveIntlResource.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2013-12-06 03:04 - 2013-12-06 03:04 - 00465920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2013-12-05 06:36 - 2013-12-05 06:36 - 01547776 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-11-10 20:59 - 2013-11-10 20:59 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-12-05 06:37 - 2013-12-05 06:37 - 00631808 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-12-06 00:55 - 2013-12-06 00:55 - 04956160 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-11-13 04:05 - 2013-11-13 04:05 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-11-10 20:58 - 2013-11-10 20:58 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2013-11-10 21:09 - 2013-11-10 21:09 - 01174528 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-12-05 06:31 - 2013-12-05 06:31 - 08558592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-12-05 06:34 - 2013-12-05 06:34 - 01270272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-11-10 20:59 - 2013-11-10 20:59 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2013-12-06 02:57 - 2013-12-06 02:57 - 00199680 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-12-05 06:43 - 2013-12-05 06:43 - 00884736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-11-10 21:21 - 2013-11-10 21:21 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2013-11-10 20:58 - 2013-11-10 20:58 - 00078848 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-11-10 20:56 - 2013-11-10 20:56 - 00140288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2013-11-14 03:56 - 2013-11-14 03:56 - 00267756 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-11-10 20:56 - 2013-11-10 20:56 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2013-11-10 20:56 - 2013-11-10 20:56 - 00074752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2013-11-10 20:56 - 2013-11-10 20:56 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2013-12-05 06:43 - 2013-12-05 06:43 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-11-10 21:24 - 2013-11-10 21:24 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-11-10 21:23 - 2013-11-10 21:23 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-11-10 20:56 - 2013-11-10 20:56 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\platforms\qwindows.dll
2014-11-02 13:38 - 2014-11-02 13:38 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2012-11-23 11:15 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-02-12 11:37 - 2015-02-12 11:37 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1703098269-2888329496-3004384568-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\World Peace\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: accrdsub => "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
MSCONFIG\startupreg: acevents => "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office Plus\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: ParetoLogic => RUNDLL32.EXE C:\Users\World Peace\AppData\Local\ParetoLogic\usjrmjiq.dll,pdkmagzgvesmdlasjtkeb
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1703098269-2888329496-3004384568-500 - Administrator - Disabled)
WP3 (S-1-5-21-1703098269-2888329496-3004384568-1005 - Limited - Enabled) => C:\Users\WP3
Guest (S-1-5-21-1703098269-2888329496-3004384568-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1703098269-2888329496-3004384568-1004 - Limited - Enabled)
World Peace 1 (S-1-5-21-1703098269-2888329496-3004384568-1001 - Limited - Enabled) => C:\Users\World Peace 1
World Peace (S-1-5-21-1703098269-2888329496-3004384568-1006 - Administrator - Enabled) => C:\Users\World Peace
User (S-1-5-21-1703098269-2888329496-3004384568-1000 - Administrator - Enabled) => C:\Users\User
WP2 (S-1-5-21-1703098269-2888329496-3004384568-1002 - Limited - Enabled) => C:\Users\WP2

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2015 00:51:16 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (02/12/2015 00:03:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 10.1.168.192.in-addr.arpa. PTR BleuBlaze.local.

Error: (02/12/2015 00:03:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.10:5353   19 10.1.168.192.in-addr.arpa. PTR BleuBlaze-2.local.

Error: (02/12/2015 00:03:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2015 10:54:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 10.1.168.192.in-addr.arpa. PTR BleuBlaze.local.

Error: (02/12/2015 10:54:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.10:5353   19 10.1.168.192.in-addr.arpa. PTR BleuBlaze-2.local.

Error: (02/12/2015 10:53:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2015 06:15:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 07:32:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 10.1.168.192.in-addr.arpa. PTR BleuBlaze.local.

Error: (02/08/2015 07:32:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.10:5353   19 10.1.168.192.in-addr.arpa. PTR BleuBlaze-2.local.


System errors:
=============
Error: (02/12/2015 04:25:16 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/12/2015 04:20:13 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (02/12/2015 00:01:46 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (02/12/2015 00:01:46 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (02/12/2015 00:00:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%3

Error: (02/12/2015 00:00:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LFHelper service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/12/2015 00:00:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/12/2015 00:00:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Quick Synchronization Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/12/2015 00:00:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/12/2015 00:00:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NETGEARGenieDaemon service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (02/12/2015 00:51:16 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (02/12/2015 00:03:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 10.1.168.192.in-addr.arpa. PTR BleuBlaze.local.

Error: (02/12/2015 00:03:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.10:5353   19 10.1.168.192.in-addr.arpa. PTR BleuBlaze-2.local.

Error: (02/12/2015 00:03:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2015 10:54:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 10.1.168.192.in-addr.arpa. PTR BleuBlaze.local.

Error: (02/12/2015 10:54:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.10:5353   19 10.1.168.192.in-addr.arpa. PTR BleuBlaze-2.local.

Error: (02/12/2015 10:53:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2015 06:15:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 07:32:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 10.1.168.192.in-addr.arpa. PTR BleuBlaze.local.

Error: (02/08/2015 07:32:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.10:5353   19 10.1.168.192.in-addr.arpa. PTR BleuBlaze-2.local.


CodeIntegrity Errors:
===================================
  Date: 2013-06-28 14:20:22.361
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 14:20:22.358
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 14:20:22.356
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T9600 @ 2.80GHz
Percentage of memory in use: 52%
Total physical RAM: 3996.27 MB
Available physical RAM: 1895.4 MB
Total Pagefile: 7990.71 MB
Available Pagefile: 4875.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.49 GB) (Free:214.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 40255C2B)
Partition 1: (Active) - (Size=612 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:17 PM

Posted 13 February 2015 - 08:32 AM

I'm missing the FRST.txt content.
The file was created by the Farbar tool.
Please post it for my review.

===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#5 freight_train_00

freight_train_00
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 13 February 2015 - 07:12 PM

FRST File:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by World Peace (administrator) on BLEUBLAZE on 12-02-2015 16:27:51
Running from C:\Users\World Peace\Downloads
Loaded Profiles: World Peace (Available profiles: User & WP2 & WP3 & WP1 & World Peace)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFLauncher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-09] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SoundMAX] => C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358936 2009-07-15] (Intel Corporation)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [LeapFrog Connect 2 Launcher] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFLauncher.exe [28792 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1703098269-2888329496-3004384568-1006\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2013-11-14] (NETGEAR Inc.)
HKU\S-1-5-21-1703098269-2888329496-3004384568-1006\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1703098269-2888329496-3004384568-1006\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1703098269-2888329496-3004384568-1006\...\MountPoints2: {20c6df0f-5540-11e2-8e7b-00247e8f4e25} - E:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office Plus\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office Plus\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office Plus\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office Plus\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office Plus\Office14\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-1703098269-2888329496-3004384568-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1703098269-2888329496-3004384568-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1703098269-2888329496-3004384568-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office Plus\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office Plus\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1703098269-2888329496-3004384568-1006 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\World Peace\AppData\Roaming\Mozilla\Firefox\Profiles\86w7dslb.default
FF Homepage: about:home
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\World Peace\AppData\Roaming\Mozilla\Firefox\Profiles\86w7dslb.default\searchplugins\safesearch.xml
FF Extension: QuickJava - C:\Users\World Peace\AppData\Roaming\Mozilla\Firefox\Profiles\86w7dslb.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2013-10-04]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-02-12]

Chrome:
=======
CHR DefaultSuggestURL: Default -> http://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\World Peace\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Profile: C:\Users\World Peace\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\World Peace\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-13]
CHR Extension: (Norton Safe) - C:\Users\World Peace\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-02-08]
CHR Extension: (Google Wallet) - C:\Users\World Peace\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2015-02-08]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2015-02-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [10571056 2014-06-01] (DisplayLink Corp.)
R2 LFHelper; C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFHelper.exe [2359416 2014-07-11] (LeapFrog Enterprises, Inc.)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-15] (Intel Corporation)
S3 Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office Plus\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-11-14] (NETGEAR)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [267824 2007-05-04] (Nero AG)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe [244736 2010-03-09] (IDT, Inc.)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-07-15] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150203.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.6.57242.0.sys [46384 2014-08-27] ()
S3 dlcdcncm; C:\Windows\System32\DRIVERS\dlcdcncm62_x64.sys [82224 2014-06-01] (DisplayLink Corp.)
S3 dlusbaudio; C:\Windows\System32\DRIVERS\dlusbaudio_x64.sys [206128 2014-06-01] (DisplayLink Corp.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-25] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150211.001\IDSvia64.sys [669400 2015-02-06] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150211.019\ENG64.SYS [129752 2015-02-08] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150211.019\EX64.SYS [2137304 2015-02-08] (Symantec Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-02-07] (CACE Technologies, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1848496 2009-07-01] ()
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-02-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 16:27 - 2015-02-12 16:28 - 00020385 _____ () C:\Users\World Peace\Downloads\FRST.txt
2015-02-12 16:27 - 2015-02-12 16:27 - 02134016 _____ (Farbar) C:\Users\World Peace\Downloads\frst64.exe
2015-02-12 16:27 - 2015-02-12 16:27 - 00000000 ____D () C:\FRST
2015-02-12 12:03 - 2015-02-12 12:06 - 00003234 _____ () C:\Users\World Peace\Desktop\AdwCleaner[S0].txt
2015-02-12 11:58 - 2015-02-12 11:58 - 00415232 _____ (Farbar) C:\Users\World Peace\Downloads\FSS.exe
2015-02-12 11:56 - 2015-02-12 12:00 - 00000000 ____D () C:\AdwCleaner
2015-02-12 11:55 - 2015-02-12 11:55 - 02112512 _____ () C:\Users\World Peace\Downloads\adwcleaner_4.110.exe
2015-02-12 11:54 - 2015-02-12 11:54 - 00001062 _____ () C:\Users\World Peace\Desktop\MBAM Results 3.txt
2015-02-12 11:53 - 2015-02-12 11:53 - 00001063 _____ () C:\Users\World Peace\Desktop\MBAM Results 2.txt
2015-02-12 11:52 - 2015-02-12 11:55 - 00001068 _____ () C:\Users\World Peace\Desktop\MBAM Results.txt
2015-02-12 11:37 - 2015-02-12 11:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-08 09:23 - 2015-02-08 09:23 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2015-02-08 09:21 - 2015-02-08 09:21 - 00000000 ____D () C:\Users\World Peace\Documents\Registry Backup
2015-02-08 01:06 - 2015-02-08 01:06 - 00000000 ____D () C:\Users\World Peace\AppData\Local\NPE
2015-02-08 00:55 - 2015-02-08 09:18 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2015-02-08 00:55 - 2015-02-08 09:18 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2015-02-08 00:55 - 2015-02-08 09:17 - 00002440 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2015-02-08 00:55 - 2015-02-08 09:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2015-02-08 00:55 - 2015-02-08 00:55 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-02-08 00:55 - 2015-02-08 00:55 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-02-08 00:55 - 2015-02-08 00:55 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-02-08 00:55 - 2015-02-08 00:55 - 00000000 ____D () C:\Program Files (x86)\Norton Security Suite
2015-02-08 00:31 - 2015-02-08 00:31 - 00000000 ____D () C:\Users\World Peace\Documents\Symantec
2015-02-08 00:26 - 2015-02-08 00:59 - 00000000 ____D () C:\Users\WP2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-02-08 00:26 - 2015-02-08 00:26 - 01021632 _____ (Symantec Corporation) C:\Users\WP2\Downloads\Norton_Download_Manager.exe
2015-02-08 00:26 - 2015-02-08 00:26 - 00001273 _____ () C:\Users\WP2\Desktop\Norton Installation Files.lnk
2015-02-08 00:26 - 2015-02-08 00:26 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2015-01-14 18:23 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 18:23 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 18:23 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 18:23 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 18:23 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 18:23 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 18:23 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 19:15 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 19:15 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 19:15 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 19:15 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 19:15 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 19:15 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 16:21 - 2013-07-18 22:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 16:20 - 2013-11-27 20:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-12 16:20 - 2012-03-15 23:44 - 01889186 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 12:09 - 2009-07-13 23:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-12 12:09 - 2009-07-13 23:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-12 12:08 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-12 12:06 - 2013-07-18 22:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-12 12:02 - 2013-07-18 22:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 12:02 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-12 12:01 - 2010-11-20 22:47 - 01157750 _____ () C:\Windows\PFRO.log
2015-02-12 12:01 - 2009-07-13 23:51 - 00066749 _____ () C:\Windows\setupact.log
2015-02-12 11:03 - 2014-11-09 23:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-12 10:55 - 2013-12-10 21:19 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9E762A9D-5788-4BC0-8AB3-82B99EFB10A6}
2015-02-12 10:54 - 2014-02-07 19:07 - 00000000 ____D () C:\Users\World Peace\AppData\Local\NETGEARGenie
2015-02-08 16:48 - 2013-11-27 20:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-08 16:48 - 2013-02-09 19:04 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-08 16:48 - 2012-03-16 10:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-08 03:12 - 2012-03-16 09:53 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-08 01:06 - 2012-12-26 17:44 - 00000000 ____D () C:\ProgramData\Norton
2015-02-08 00:55 - 2012-03-16 09:54 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-08 00:20 - 2013-10-13 18:09 - 00000000 ____D () C:\Users\World Peace\Documents\Honda Accident
2015-02-08 00:13 - 2013-03-06 18:09 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6989E12A-C55E-463A-BE5C-D07B1AD9A927}
2015-02-08 00:13 - 2013-01-11 15:46 - 00000000 ____D () C:\Users\WP2\AppData\Roaming\Adobe
2015-02-08 00:13 - 2012-12-26 23:15 - 00000000 ____D () C:\Users\WP2
2015-02-07 21:24 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-02-07 18:13 - 2013-07-18 22:02 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-07 18:07 - 2013-07-18 22:00 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 18:06 - 2013-07-18 22:00 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 20:58 - 2014-12-12 20:48 - 00001353 _____ () C:\Users\WP3\Desktop\IMG_2599 - Shortcut.lnk
2015-01-14 18:18 - 2013-07-17 06:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 18:10 - 2012-03-16 10:56 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2013-03-01 17:47 - 2013-03-01 17:47 - 0000000 _____ () C:\Users\World Peace\AppData\Local\AtStart.txt
2013-03-01 17:47 - 2013-03-01 17:47 - 0000000 _____ () C:\Users\World Peace\AppData\Local\DSwitch.txt
2013-03-01 17:47 - 2013-03-01 17:47 - 0000000 _____ () C:\Users\World Peace\AppData\Local\QSwitch.txt
2014-11-09 18:31 - 2014-11-09 18:31 - 0004198 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-11-09 18:31 - 2014-11-09 18:31 - 0000268 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL

Files to move or delete:
====================
C:\Users\User\sp44868.exe
C:\Users\User\sp54256 Battery Check.exe


Some content of TEMP:
====================
C:\Users\World Peace\AppData\Local\Temp\igmzk3c7.exe
C:\Users\World Peace\AppData\Local\Temp\Quarantine.exe
C:\Users\World Peace\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-07 21:53

==================== End Of Log ============================



#6 freight_train_00

freight_train_00
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 13 February 2015 - 07:18 PM

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton Security Suite   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 2.0.3.1025  
 Java 7 Update 45  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox 34.0.5 Firefox out of Date!  
 Google Chrome (40.0.2214.111)
 Google Chrome (40.0.2214.93)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:17 PM

Posted 14 February 2015 - 09:08 AM

Please remove this old version of Java 7 Update 45 using the Add/Remove programs applet.

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\...\Run: [] => [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
GroupPolicyUsers\S-1-5-21-1703098269-2888329496-3004384568-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1703098269-2888329496-3004384568-1001\User: Group Policy restriction detected <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\World Peace\AppData\Roaming\Mozilla\Firefox\Profiles\86w7dslb.default\searchplugins\safesearch.xml
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\World Peace\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
C:\Users\World Peace\AppData\Local\Temp\igmzk3c7.exe
C:\ProgramData\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\DECRYPT_INSTRUCTION.URL

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#8 freight_train_00

freight_train_00
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 16 February 2015 - 11:28 PM

The first time I clicked Fix, I got an error message. It ran successfully the second time. Here are the results of the 2nd test:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by World Peace at 2015-02-16 21:44:18 Run:2
Running from C:\Users\World Peace\Downloads
Loaded Profiles: World Peace (Available profiles: User & WP2 & WP3 & WP4 & World Peace)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM\...\Run: [] => [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
GroupPolicyUsers\S-1-5-21-1703098269-2888329496-3004384568-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1703098269-2888329496-3004384568-1001\User: Group Policy restriction detected <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\World Peace\AppData\Roaming\Mozilla\Firefox\Profiles\86w7dslb.default\searchplugins\safesearch.xml
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\World Peace\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
C:\Users\World Peace\AppData\Local\Temp\igmzk3c7.exe
C:\ProgramData\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\DECRYPT_INSTRUCTION.URL

End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp => Key not found.
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1703098269-2888329496-3004384568-1005\User" => File/Directory not found.
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1703098269-2888329496-3004384568-1001\User" => File/Directory not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => Key not found.
C:\Users\World Peace\AppData\Roaming\Mozilla\Firefox\Profiles\86w7dslb.default\searchplugins\safesearch.xml => Moved successfully.
C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll not found.
C:\Users\World Peace\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1\McChPlg.dll not found.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.
C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll not found.
c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
C:\Users\World Peace\AppData\Local\Temp\igmzk3c7.exe => Moved successfully.
"C:\ProgramData\DECRYPT_INSTRUCTION.TXT" => Moved successfully
"C:\ProgramData\DECRYPT_INSTRUCTION.URL" => Moved successfully

The system needed a reboot.

==== End of Fixlog 21:44:19 ====



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:17 PM

Posted 17 February 2015 - 09:30 AM

Looking good.

Use the computer a few days and let me know of any issues.

#10 freight_train_00

freight_train_00
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 18 February 2015 - 08:39 PM

Thanks! I'll let you know

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:17 PM

Posted 23 February 2015 - 10:23 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users