Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crypto/RSA....and locked files


  • This topic is locked This topic is locked
69 replies to this topic

#1 carolhuberjones

carolhuberjones

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Georgia
  • Local time:01:50 AM

Posted 24 February 2015 - 09:08 PM

My journey with Bleeping Computer began on February 18. Below is the link to my original questions and help responses. I performed what was asked but unfortunately it did not fix my problem. On Februay 20 I sent my last response letting them know there were new issues I found by doing an AVG scan which showed many CRYPTO/RSA and lots of locked files. At this point I am not sure what to do next and would appreciate any help/guidance you could give me.

 

http://www.bleepingcomputer.com/forums/t/567514/only-boots-in-safe-modecannot-connect-to-internet/#entry3634258

 

Thank you.

Carol



BC AdBot (Login to Remove)

 


#2 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:10:50 PM

Posted 01 March 2015 - 02:55 PM

Hi carolhuberjones

Welcome to BleepingComputer. My name is dbrisendine and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at BleepingComputer are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


    - Save ALL Tools to your Desktop-

    All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
    Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.
    IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Let's get started....

You need to read this and provide the logs here before we can help you:

Preparation guide for use before using malware removal tools and requesting help

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#3 carolhuberjones

carolhuberjones
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Georgia
  • Local time:01:50 AM

Posted 02 March 2015 - 05:05 PM

Thank you so much for your response with my directions. I am excited to get started. I do want you to know (as you asked in your response about life) my daughter just has a baby 4 days ago and I have been with her and helping her adjust at home so I've not been on my computer until today. I will be working on my computer issue at the same time I am helping with the new baby. I hope to be able to get started later today or tomorrow morning. Thank you sooooooo much for your help. This is amazing and will certainly support you!

 

Carol



#4 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:10:50 PM

Posted 03 March 2015 - 02:20 AM

Along with the FRST.txt log file and the Addition.txt log file, please run the following scanner and post the log from it.  Oh, and congratulations on Grandparenthood!

 

IDToolbyNathan.png Scan with IDTool

Please download IDTool by Nathan and save the file to the desktop.
It will come as a zipped file, so you will need to unzip it. You may do it by right-clicking on it and choosing Extract All. Extract it to your desktop.

  • Enter the IDTool directory, right-click on IDToolbyNathan.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • IDTool needs Micorsoft .NET Framework environment to work properly, so if prompted to download & install it please agree.
  • Wait patiently until the tool will collect necessary data.
  • Once the main console is loaded, please press Rescan Computer and Generate a New Report.
  • When prompted at the main bar that Rescan is completed, press Generate Text Friendly Report for Forums.
  • Copy the entire content of the frame that appears. You may want to save it to a text file for your convenience.

Please include that in your next reply.
 

 


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#5 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:10:50 PM

Posted 06 March 2015 - 10:22 PM

Are you still needing any help?


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#6 carolhuberjones

carolhuberjones
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Georgia
  • Local time:01:50 AM

Posted 08 March 2015 - 06:08 PM

Sorry for the delay but I have honestly been so busy with the new grand baby that I never even had the chance to begin any of the info you sent originally. I had forgotten how much time and energy go into newborns. I was with her for the past 11 days to help her get on a good schedule.

Today I have returned home so I could go back to work tomorrow. I hope to begin the process you sent me originally. I do have one question. I printed out the original instructions as you suggested BUT as I was reading over them it appears there are additional links with instructions within those so I got a bit confused. At #6 on the original instructions for DOWNLOAD AND RUN FARBAR....I'm hoping that I can download to USB on my good computer and then add to the one with issues because I cannot go online from that computer so it's been a bit of a challenge. I am thinking I need to print out those sub link instructions as well. I'm not sure if I am making any sense - just remember I am sleep deprived at this moment but look forward to having ALL of my brain back very soon. Let me know if I need to explain better. Again thank you.


Edited by carolhuberjones, 08 March 2015 - 06:18 PM.


#7 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:10:50 PM

Posted 08 March 2015 - 09:02 PM

Your delays are perfectly understandable; take your time and we will work through these as we can.
 
As far as using a USB to transfer files back and forth, that is fine but we need to make sure that no infections get transfered between systems.  So, to help you out I will write the steps for what we need here, in order, in one place.
 
FIRST >>>>
 
McShield protection for removeable drives
 
Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
mcshield%20unhide.JPG
Plug in the drive and McShield will start a scan
Select logs and then copy/paste it to your next post

Once you have installed this on the working computer, please copy the McShield-Setup.exe file onto the USB drive and install the program on the infected system.  Once that is done, transfering files to and from the infected machine will not spread the infection(s).

 

Remove the USB drive from the infected system and return it to the working system.

 

 

SECOND >>>>

 

Scan the infected system with FRST

Please download Farbar Recovery Scan Tool 32bit and save it to your USB drive.

Please download Farbar Recovery Scan Tool 64bit and save it to your USB drive.

 

Copy both files onto the infected system, placing the files on the desktop.  Only one of the two files will run on the system; that is the correct file to keep.  Once you find one of the FRST files that runs on the system, you can delete the other one and continue with the proper one.

 

  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update.  Allow it do this please.
  • Once the tool shows "The tool is ready to use." message, please press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

Once FRST has run on the system and made the FRST.txt log file and the Addition.txt log file, copy both of those files onto the USB drive to reply with here.

 

 

THIRD >>>>

 

Scan with IDTool to identify the exact Crypto-type malware

 

IDToolbyNathan.png Scan with IDTool

Please download IDTool by Nathan and save the file to the USB drive and then transfer the file to the desktop of the infected system.
It will come as a zipped file, so you will need to unzip it. You may do it by right-clicking on it and choosing Extract All. Extract it to your desktop.

  • Enter the IDTool directory, right-click on IDToolbyNathan.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • IDTool needs Micorsoft .NET Framework environment to work properly, so if prompted to download & install it please agree.
  • Wait patiently until the tool will collect necessary data.
  • Once the main console is loaded, please press Rescan Computer and Generate a New Report.
  • When prompted at the main bar that Rescan is completed, press Generate Text Friendly Report for Forums.
  • Copy the entire content of the frame that appears. You may want to save it to a text file for your convenience (see below).
  • Open Notepad (START > Run > type in Notepad and press enter).
  • Click in the Notepad window and press CTRL + V to paste the copied report into Notepad.
  • Save the file on the desktop as IDTool_log.txt and then copy it over to the USB drive to reply with here.

Please include that in your next reply.
 

 

NOTE >>>>

 

If you want to attach the files to your reply post(s), you can do so by using the Attach Files section located at the bottom of the Main Edit window (More Reply screen).  Click on Browse... and select the file you want to attach.  When you are back at the Edit Screen, click on Attach this File and the file will be attached to the bottom of the post.  Repeat this process for all the files you wish to add to a post.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#8 carolhuberjones

carolhuberjones
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Georgia
  • Local time:01:50 AM

Posted 10 March 2015 - 10:56 AM

THANK YOU for the updated combined instructions!!!  :)  They don't seem to be as complex as the original one. I will let you know if I have any issues or questions once I get started on this after 5:00pm today when I get off from work. I also have a question about donating. Does the donation go into a big pot and shared among all workers or can you select a gift to be given to an individual. I briefly glanced at the Pay Pal page but didn't notice specifics but I could have missed something. Thank you.


Edited by carolhuberjones, 10 March 2015 - 07:04 PM.


#9 carolhuberjones

carolhuberjones
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Georgia
  • Local time:01:50 AM

Posted 10 March 2015 - 07:08 PM

OK....so I've been working on this FIRST step for over 2 hours. Not sure if what I am trying to do is even working. I was able to download the McShield program to my good computer but could never tell if it was even scanning unless I clicked the icon and then it said...system is running. I never got the result toaster by the system clock for the scan. I did unhide items on flash drives but when I plugged in the USB I am not sure if McShield even started a scan? There is no way for me to tell if the program is working. Anyway, I selected LOGS and copied what was showing up.....here it is:

 

>>> MCShield AllScans.txt <<<

-----------------------------

 

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.3.8.1 / Windows 7 <<<

3/10/2015 6:06:44 PM > Drive C: - scan started (Acer ~448 GB, NTFS HDD )...

 

=> The drive is clean.

 

 

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.3.8.1 / Windows 7 <<<

3/10/2015 6:40:33 PM > Drive C: - scan started (Acer ~448 GB, NTFS HDD )...

 

=> The drive is clean.

 

 

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.3.8.1 / Windows 7 <<<

3/10/2015 6:57:33 PM > Drive E: - scan started (no label ~1851 MB, FAT flash drive )...

 

=> The drive is clean.

 

 

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.3.8.1 / Windows 7 <<<

3/10/2015 6:59:03 PM > Drive E: - scan started (no label ~1851 MB, FAT flash drive )...

 

=> The drive is clean.

 

 

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.3.8.1 / Windows 7 <<<

3/10/2015 7:22:34 PM > Drive E: - scan started (no label ~1851 MB, FAT flash drive )...

 

=> The drive is clean.

 

 

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.3.8.1 / Windows 7 <<<

3/10/2015 7:23:36 PM > Drive E: - scan started (no label ~1851 MB, FAT flash drive )...

 

=> The drive is clean.

 

 

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.3.8.1 / Windows 7 <<<

3/10/2015 7:43:39 PM > Drive E: - scan started (no label ~1851 MB, FAT flash drive )...

 

=> The drive is clean.

 

 

It looks like it did something but I'm not sure. I can't go to the next step because I do not know how to get the McShield download to the USB drive. Can you direct me to what I need to do. I'm sorry I am having trouble...I feel as thought it is user error. :) Thanks for your help.



#10 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:10:50 PM

Posted 10 March 2015 - 09:19 PM

The McShield program is installed properly on the working computer and scanning the USB / flash drive just fine.

 

 

Either in your Downloads folder or on your desktop, is a file named McShield-Setup.exe.

Right click on this file and select Copy.

Find the USB drive in File Explorer and right click on it; select Paste and the file will be on the USB drive.
Take the USB drive to the infected machine and reverse the proceedure (Copy the file on the USB drive and Paste the file on the infected system's desktop.)

Once the file is on the desktop, double click to run the installation.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#11 carolhuberjones

carolhuberjones
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Georgia
  • Local time:01:50 AM

Posted 10 March 2015 - 11:29 PM

I did it! :)  I cannot tell you how excited I am that I was able to do this much so far. Below are the 2 logs from the FRST that you asked me to send to you.  I will await your reply for my next instruction. Thank you soooooooo much!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2015
Ran by Office Depot (administrator) on AJJ on 11-03-2015 00:16:03
Running from C:\Users\Office Depot\Desktop
Loaded Profiles: Office Depot (Available profiles: Office Depot)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Farbar) C:\Users\Office Depot\Desktop\FRST32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [217088 2007-12-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-10-03] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-3478319704-1755934793-1353888526-1000\...\Run: [Amazon Cloud Player] => C:\Users\Office Depot\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-3478319704-1755934793-1353888526-1000\...\Run: [PhotoShow Deluxe Media Manager] => C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
HKU\S-1-5-21-3478319704-1755934793-1353888526-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3478319704-1755934793-1353888526-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S1].txt [11361 2015-02-20] ()
HKU\S-1-5-21-3478319704-1755934793-1353888526-1000\...\MountPoints2: {a6e3b99f-29e0-11e1-a946-001eec1a08f0} - G:\Autorun.exe
HKU\S-1-5-21-3478319704-1755934793-1353888526-1000\...\MountPoints2: {cdbb52be-20bc-11e0-8ac4-001eec1a08f0} - G:\MI.exe
HKU\S-1-5-21-3478319704-1755934793-1353888526-1000\...\MountPoints2: {f0190a0c-215d-11e2-add9-001eec1a08f0} - G:\LGAutoRun.exe
HKU\S-1-5-21-3478319704-1755934793-1353888526-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: C:/PROGRA~2/{3FFED~1/191~1.1/tode.dll => C:\ProgramData\{3FFED73D-6F7C-06BB-DEFA-76390E78A5B7}\1.9.1.1\tode.dll [964608 2015-02-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-3478319704-1755934793-1353888526-1000] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.brandthunder.com/gatech/
HKU\S-1-5-21-3478319704-1755934793-1353888526-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
URLSearchHook: HKU\S-1-5-21-3478319704-1755934793-1353888526-1000 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {21CA9288-5659-4504-AEED-D970C90FDCA0} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3478319704-1755934793-1353888526-1000 -> {21CA9288-5659-4504-AEED-D970C90FDCA0} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
SearchScopes: HKU\S-1-5-21-3478319704-1755934793-1353888526-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={ED2C5B05-6325-41CA-9036-F65303DD874A}&mid=b6b2084f104947d3ae28d157aafee103-b6a9c1ba0d8fe91c9a9523cb08623849f1afbcca&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-07 19:47:29&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3478319704-1755934793-1353888526-1000 -> {FB538CEC-917E-48A0-8186-41E185542585} URL = http://search1.brandthunder.com/?q={searchTerms}&tid={tid?}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-28] (Oracle Corporation)
BHO: HP Print Clips -> {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} -> c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-08-31] (Hewlett-Packard Co.)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3478319704-1755934793-1353888526-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Office Depot\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-12] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-06]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-01]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Office Depot\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Office Depot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-21]
CHR Extension: (Google Drive) - C:\Users\Office Depot\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-21]
CHR Extension: (YouTube) - C:\Users\Office Depot\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-21]
CHR Extension: (Google Search) - C:\Users\Office Depot\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-21]
CHR Extension: (Gmail) - C:\Users\Office Depot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-21]
StartMenuInternet: Google Chrome - chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-12-30] (Adobe Systems) [File not signed]
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 itsvc_1.10.0.9; C:\Program Files\IntelliTerm_1.10.0.9\Service\itsvc.exe [278608 2015-02-06] (Intelli Term)
S2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [202048 2010-09-07] ()
S2 SeaPort; C:\Program Files\Microsoft\BingBar\SeaPort.EXE [249648 2011-02-25] () [File not signed]
S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [1492344 2009-07-25] (RealVNC Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2011-05-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [28032 2011-05-26] (LG Electronics Inc.)
S2 Aspi32; C:\Windows\System32\drivers\aspi32.sys [16512 2010-07-02] (Adaptec) [File not signed]
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-15] (AVG Technologies)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [176640 2007-10-11] (Conexant Systems Inc.)
S1 itnfd_1_10_0_9; C:\Windows\System32\drivers\itnfd_1_10_0_9.sys [52728 2015-02-06] (Intelli Term)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2015-02-20] (Malwarebytes Corporation)
S3 NCHSSVAD; C:\Windows\System32\drivers\nchssvad.sys [33848 2010-02-14] (NCH Swift Sound)
S1 SbFw; C:\Windows\System32\drivers\SbFw.sys [221784 2011-04-05] (Sunbelt Software, Inc.)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [94040 2011-04-05] (Sunbelt Software, Inc.)
S1 SbTis; C:\Windows\System32\drivers\sbtis.sys [78936 2011-04-05] (Sunbelt Software, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 00:16 - 2015-03-11 00:16 - 00014288 _____ () C:\Users\Office Depot\Desktop\FRST.txt
2015-03-11 00:15 - 2015-03-11 00:12 - 01134592 _____ (Farbar) C:\Users\Office Depot\Desktop\FRST32.exe
2015-03-11 00:13 - 2015-03-11 00:16 - 00000000 ____D () C:\FRST
2015-03-10 23:23 - 2015-03-11 00:12 - 00000000 ____D () C:\ProgramData\MCShield
2015-03-10 23:23 - 2015-03-10 23:23 - 00001038 _____ () C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk
2015-03-10 23:23 - 2015-03-10 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2015-03-10 23:23 - 2015-03-10 23:23 - 00000000 ____D () C:\Program Files\MCShield
2015-03-10 23:22 - 2015-03-10 17:55 - 02856736 _____ (MyCity) C:\Users\Office Depot\Desktop\MCShield-Setup.exe
2015-02-20 20:25 - 2015-02-20 20:25 - 00001186 _____ () C:\Windows\PFRO.log
2015-02-18 16:59 - 2015-02-21 00:21 - 00057128 _____ () C:\Users\Office Depot\Desktop\avgrep.txt
2015-02-18 16:07 - 2015-02-18 16:07 - 00002362 _____ () C:\Users\Office Depot\Desktop\7 unwanted objects.txt
2015-02-14 14:57 - 2015-02-14 14:57 - 00002074 _____ () C:\Users\Office Depot\Desktop\this_message_in_html.html
2015-02-14 14:40 - 2015-02-20 15:23 - 00000000 ____D () C:\Windows\PCBHDNW
2015-02-14 14:40 - 2015-02-20 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherApp
2015-02-14 14:40 - 2015-02-20 15:23 - 00000000 ____D () C:\Program Files\Portable WeatherApp
2015-02-14 14:40 - 2015-02-20 15:21 - 00000000 ____D () C:\ProgramData\{3FFED73D-6F7C-06BB-DEFA-76390E78A5B7}
2015-02-14 14:40 - 2015-02-20 15:21 - 00000000 ____D () C:\Program Files\IntelliTerm_1.10.0.9
2015-02-14 14:40 - 2015-02-14 14:40 - 00001927 _____ () C:\Users\Public\Desktop\Weather Widget.lnk
2015-02-14 14:40 - 2015-02-14 14:40 - 00000312 _____ () C:\Windows\Tasks\Binkiland.job
2015-02-14 14:39 - 2015-02-14 14:39 - 05627653 _____ (Free Word To PDF ) C:\Users\Office Depot\Downloads\wordtopdf_setup [1].exe
2015-02-14 14:36 - 2015-02-14 14:36 - 00001984 _____ () C:\Users\Public\Desktop\Adobe Reader 8.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 23:24 - 2010-11-20 17:01 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-20 22:59 - 2013-09-13 22:55 - 00000000 ____D () C:\AdwCleaner
2015-02-20 20:26 - 2013-06-03 20:22 - 03097600 ___SH () C:\Users\Office Depot\Desktop\Thumbs.db
2015-02-20 20:21 - 2013-04-06 08:09 - 00000000 ____D () C:\Windows\Minidump
2015-02-20 20:21 - 2010-05-30 20:48 - 00000000 ____D () C:\Users\Office Depot\AppData\Local\CrashDumps
2015-02-20 19:23 - 2014-10-11 14:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-20 15:26 - 2012-06-03 18:12 - 00000000 ____D () C:\Users\Office Depot
2015-02-20 15:23 - 2014-11-16 20:42 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2015-02-20 15:23 - 2014-09-30 21:46 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-20 15:23 - 2012-04-19 19:28 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-20 15:23 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-20 15:22 - 2014-11-17 21:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-20 15:22 - 2014-10-26 14:29 - 00000000 ____D () C:\Users\Office Depot\AppData\Roaming\AVG2015
2015-02-20 15:22 - 2014-10-15 18:06 - 00000000 ____D () C:\Users\Office Depot\AppData\Roaming\Anvsoft
2015-02-20 15:22 - 2014-06-11 19:28 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2015-02-20 15:22 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\registration
2015-02-20 15:21 - 2014-12-28 02:46 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-20 15:21 - 2014-10-26 14:25 - 00000000 ____D () C:\ProgramData\AVG2015
2015-02-20 15:21 - 2014-10-15 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2015-02-20 15:21 - 2014-10-15 18:06 - 00000000 ____D () C:\Program Files\AnvSoft
2015-02-20 15:21 - 2014-09-30 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-20 15:21 - 2014-04-27 20:37 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-02-20 15:21 - 2014-04-27 20:37 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-02-20 15:21 - 2014-04-27 20:37 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-02-20 15:21 - 2014-04-27 20:37 - 00000000 ____D () C:\Program Files\Amazon
2015-02-20 15:21 - 2014-04-27 20:25 - 00000000 ____D () C:\Users\Office Depot\AppData\Local\Amazon Cloud Player
2015-02-20 15:21 - 2011-08-27 01:31 - 00000000 ____D () C:\0bd062a36178c1383019bfbe
2015-02-20 15:21 - 2011-08-27 00:50 - 00000000 ____D () C:\40e53f1bccb53b6254
2015-02-20 15:21 - 2011-08-14 09:49 - 00000000 ____D () C:\a71f66be16ea7fad36e539794f100671
2015-02-18 16:59 - 2014-10-26 14:21 - 00000000 ____D () C:\Users\Office Depot\AppData\Local\Avg2015
2015-02-18 15:04 - 2012-06-03 18:11 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-18 15:04 - 2012-06-03 18:11 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 18:57 - 2011-04-11 22:24 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-14 14:40 - 2014-01-21 21:58 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 14:40 - 2013-09-10 20:41 - 00001387 _____ () C:\Users\Office Depot\Desktop\Internet Explorer.lnk
2015-02-14 14:36 - 2008-11-04 20:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
2015-02-14 14:36 - 2008-02-27 04:01 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-14 14:15 - 2014-01-21 21:57 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-14 12:15 - 2014-01-21 21:57 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-14 12:07 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

==================== Files in the root of some directories =======

2009-12-28 11:19 - 2009-12-28 11:19 - 0023888 _____ () C:\Users\Office Depot\AppData\Roaming\UserTile.png
2011-07-16 14:15 - 2011-07-16 14:15 - 0000000 _____ () C:\Users\Office Depot\AppData\Roaming\wklnhst.dat
2012-06-03 19:12 - 2012-06-03 19:12 - 0000000 _____ () C:\Users\Office Depot\AppData\Local\AtStart.txt
2012-06-03 19:12 - 2012-06-03 19:12 - 0000000 _____ () C:\Users\Office Depot\AppData\Local\DSwitch.txt
2012-06-03 19:12 - 2012-06-03 19:12 - 0000000 _____ () C:\Users\Office Depot\AppData\Local\QSwitch.txt
2014-06-11 19:29 - 2014-06-11 19:29 - 0000000 _____ () C:\Users\Office Depot\AppData\Local\{16EB8206-38C5-4A35-923F-C98D5F08A3C3}
2012-11-19 22:01 - 2012-11-19 22:01 - 0000099 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some content of TEMP:
====================
C:\Users\Office Depot\AppData\Local\Temp\Quarantine.exe
C:\Users\Office Depot\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-18 15:25

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-03-2015
Ran by Office Depot at 2015-03-11 00:17:06
Running from C:\Users\Office Depot\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Audition 3.0 (HKLM\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2) (Version:  - )
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Amazon Cloud Player (HKU\S-1-5-21-3478319704-1755934793-1353888526-1000\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Amazon Music Importer (HKLM\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)
Amazon Music Importer (Version: 2.1.0 - Amazon Services LLC) Hidden
Any Video Converter 5.7.3 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{85991ED2-010C-4930-96FA-52F43C2CE98A}) (Version: 3.1.0.62 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.1 - Atheros)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4284 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
Bing Bar Platform (Version: 6.3.2380.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1005 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1030 - CyberLink Corp.)
FileZilla Client 3.9.0.6 (HKLM\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Free Studio version 5.6.1.608 (HKLM\...\Free Studio_is1) (Version: 5.6.1.608 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.1.39.1015 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.39.1015 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
Hewlett-Packard Active Check (Version: 1.1.11.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5 - HP) Hidden
HP Active Support Library (HKLM\...\{11BB336F-0E58-4977-B866-F24FA334616B}) (Version: 2.3.0.2 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{BD0E2B92-3814-46F0-893B-4612EA010C7E}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.02.0001 - Hewlett-Packard)
HP DVD Play 3.6 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )
HP Easy Setup - Frontend (HKLM\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Help and Support (HKLM\...\{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}) (Version: 1.5.1 - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.0.17.0 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{b02df929-29a7-4fd2-9a70-81a644b635f7}) (Version: 1.4.19.2433 - Hewlett-Packard)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HP User Guides 0093 (HKLM\...\{D7358B07-4F10-4014-9869-7999578BE8ED}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}) (Version: 3.00 H3 - Hewlett-Packard)
HPNetworkAssistant (HKLM\...\{228C6B46-64E2-404E-898A-EF0830603EF4}) (Version: 1.1.70 - Hewlett-Packard.)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_Tattoo (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookHolidayPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookModernPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookPlayfulPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookScrapbookPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
iMacsoft Free DVD Ripper (HKLM\...\iMacsoft Free DVD Ripper) (Version: 2.5.0.0725 - iMacsoft)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intelli Term 1.10.0.9 (HKLM\...\IntelliTerm_1.10.0.9) (Version: 1.10.0.9 - Intelli Term)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java™ 6 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.110 - Sun Microsystems, Inc.)
Java™ 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
LG SP USB Driver (HKLM\...\{E2AE8456-CCFE-46C0-8629-71CC507660FC}) (Version: 1.0 - LG Electronics)
LG United Mobile Drivers (HKLM\...\{27590F8C-82D3-428E-8B40-1B3146E89AF5}) (Version: 3.4.0.0 - LG Electronics)
LightScribe System Software  1.10.13.1 (Version: 1.10.13.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3478319704-1755934793-1353888526-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotoHelper 2.0.24 Driver 4.7.1 (HKLM\...\MotoHelper) (Version: 2.0.24 - Motorola)
MotoHelper MergeModules (Version: 1.0.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 4.7.1 (Version: 4.7.1 - Motorola Inc.) Hidden
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.48 - BVRP Software, Inc)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3430 - CyberLink Corp.)
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickPlay SlingPlayer 0.4.6 (HKLM\...\SlingMedia.QPSlingPlayer_is1) (Version: 0.4.6 - SlingMedia)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista (HKLM\...\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Sofonesia Picture Cropper 1.0 (HKLM\...\Sofonesia Picture Cropper_is1) (Version:  - Sofonesia Ltd.)
Sports Sounds Pro Version 6.0 Build 7 (HKLM\...\Sports Sounds Pro_is1) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Technical Support Web Controls (HKLM\...\{20C53FA2-4307-4671-A93F-9463B29DFCF1}) (Version: 3.5.3 - Symantec Corporation)
Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
TweetDeck (HKLM\...\{C4ADB67B-C908-4D94-B85E-585D2F3F9118}) (Version: 3.3.7 - Twitter)
Unity Web Player (HKU\S-1-5-21-3478319704-1755934793-1353888526-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VNC Enterprise Edition E4.5.1 (HKLM\...\RealVNC_is1) (Version: E4.5.1 - RealVNC Ltd.)
VNC Mirror Driver 1.8.0 (HKLM\...\VNCMirror_is1) (Version: 1.8.0 - RealVNC Ltd.)
WeatherApp (HKLM\...\{40060F30-F802-40C3-AA01-D084924B60C7}) (Version: 1.0.0.0 - Portable WeatherApp)
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3478319704-1755934793-1353888526-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Office Depot\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3478319704-1755934793-1353888526-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Office Depot\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3478319704-1755934793-1353888526-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Office Depot\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3478319704-1755934793-1353888526-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Office Depot\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3478319704-1755934793-1353888526-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Office Depot\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3478319704-1755934793-1353888526-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Office Depot\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3478319704-1755934793-1353888526-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Office Depot\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points  =========================

23-03-2014 12:27:38 Scheduled Checkpoint
30-03-2014 17:52:01 Windows Update
30-03-2014 18:26:30 Windows Update
04-05-2014 11:22:24 Installed AVG 2014
06-05-2014 19:06:49 Windows Update
17-05-2014 18:04:00 Scheduled Checkpoint
20-06-2014 14:05:17 Scheduled Checkpoint
27-07-2014 22:37:24 Scheduled Checkpoint
01-08-2014 17:05:34 Installed AVG 2014
01-09-2014 19:51:39 Windows Update
20-10-2014 19:20:36 Scheduled Checkpoint
26-10-2014 14:24:17 Installed AVG 2015
26-10-2014 14:25:36 Installed AVG 2015
16-11-2014 18:36:13 Scheduled Checkpoint
17-11-2014 20:23:12 Windows Update
20-11-2014 20:20:18 Windows Update
29-11-2014 13:39:47 Scheduled Checkpoint
26-01-2015 14:46:31 Scheduled Checkpoint
26-01-2015 20:51:05 Windows Update
14-02-2015 14:43:52 Removed WeatherApp

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0530BB02-8623-40F3-A051-A4E636830BB7} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {09909F50-4C84-4F93-80BB-740012992097} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: {3C8A16A6-C071-4DEC-8CD4-7911379FE9D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {3F6A04A3-538F-420A-BB2F-67A79C518057} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {5ACCBDD7-8153-4011-B8F9-B051C792A3AC} - System32\Tasks\{DD6AC75A-23B6-40FC-BA58-115EB65FB1DF} => Iexplore.exe http://ui.skype.com/ui/0/4.2.0.155/en/abandoninstall?source=lightinstaller&amp;page=tsProblems&amp;LastError=12002&amp;installinfo=google-toolbar:offered-notinstalled,google-chrome:notoffered;toolbaroffered
Task: {6B6FB329-73F0-4D42-A691-FF95F8C5D466} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {6D40E718-6F43-4F87-979B-E9DC7F769C43} - System32\Tasks\{39D21B2B-50AF-4748-9C84-1080D3075E50} => pcalua.exe -a C:\te4.exe -d C:\
Task: {71BFFF18-F54B-47F7-9DEF-E5230395C81E} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {810B6EDA-F6DB-4095-A7D0-C8DD2731CA4D} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files\Portable WeatherApp\updater.exe [2014-12-15] (Portable WeatherApp)
Task: {8A9A9463-C21C-4222-9BF7-A70808F91084} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: {98859561-10AB-46EA-B803-32FF7DA82BC0} - System32\Tasks\{A3289068-2DCA-4D4A-865A-688E8D0D5767} => C:\Program Files\Skype\Phone\Skype.exe
Task: {99D99D2F-4057-46EC-BD2F-795513F08878} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe [2014-12-15] ()
Task: {A80C4FDF-DF9D-483F-A47A-03D39A1358E2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {BCC0D0EE-FCBE-479F-9AA2-757B414B15C3} - System32\Tasks\IE_ERR4WDR => C:\Program Files\Portable WeatherApp\IEError.exe [2014-12-15] ()
Task: {CDDB3800-A796-4F5D-B969-FE6CA3545AAE} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {D6B5D730-D15E-4808-9A03-4ECF53D2E938} - System32\Tasks\Binkiland tode => C:\ProgramData\{3FFED73D-6F7C-06BB-DEFA-76390E78A5B7}\1.9.1.1\f <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {FC3480F9-9DDD-4718-B433-FF13A503CF64} - System32\Tasks\{550956E2-3E82-4E22-8AAB-0511458E3129} => pcalua.exe -a "C:\Users\Office Depot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7PGZQ6ZH\sp45035[1].exe" -d "C:\Users\Office Depot\Desktop"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Binkiland.job => C:\Users\OFFICE~1\AppData\Roaming\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-10-16 05:15 - 2014-10-16 05:15 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 12:41 - 2014-05-24 12:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 12:41 - 2014-05-24 12:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3478319704-1755934793-1353888526-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Office Depot\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: aawservice => 2
MSCONFIG\Services: AntiVirScheduler => 2
MSCONFIG\Services: AntiVirService => 2
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: sdAuxService => 2
MSCONFIG\Services: sdCoreService => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Amazon Cloud Player => C:\Users\Office Depot\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Office Depot\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: swg => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

==================== Accounts: =============================

Administrator (S-1-5-21-3478319704-1755934793-1353888526-500 - Administrator - Disabled)
Guest (S-1-5-21-3478319704-1755934793-1353888526-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3478319704-1755934793-1353888526-1006 - Limited - Enabled)
Office Depot (S-1-5-21-3478319704-1755934793-1353888526-1000 - Administrator - Enabled) => C:\Users\Office Depot

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2015 11:21:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2015 10:39:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 11:10:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 11:04:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 10:21:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 08:27:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 08:26:38 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (1316) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Office Depot\AppData\Local\Microsoft\Windows\WebCache\V0102766.log.

Error: (02/20/2015 08:10:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: ShellvRTF.dll, version: 1.1.0.8, time stamp: 0x46d83e7c
Exception code: 0xc0000005
Fault offset: 0x000057ab
Faulting process id: 0x560
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3

Error: (02/20/2015 08:09:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: ShellvRTF.dll, version: 1.1.0.8, time stamp: 0x46d83e7c
Exception code: 0xc0000005
Fault offset: 0x000057ab
Faulting process id: 0x418
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (02/20/2015 07:58:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (03/10/2015 11:20:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/10/2015 11:20:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/10/2015 11:20:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/10/2015 11:20:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/10/2015 11:20:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/10/2015 11:20:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/10/2015 11:20:39 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/10/2015 11:20:38 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/10/2015 11:20:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/10/2015 11:20:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (03/10/2015 11:21:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2015 10:39:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 11:10:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 11:04:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 10:21:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 08:27:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 08:26:38 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost1316WebCacheLocal: C:\Users\Office Depot\AppData\Local\Microsoft\Windows\WebCache\V0102766.log-1811

Error: (02/20/2015 08:10:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.exe6.1.7601.175674d6727a7ShellvRTF.dll1.1.0.846d83e7cc0000005000057ab56001d04d6aa3f101d8C:\Windows\Explorer.exeC:\Windows\System32\ShellvRTF.dll09b5ba56-b95e-11e4-a7d6-fc096221eaaa

Error: (02/20/2015 08:09:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d6727a7ShellvRTF.dll1.1.0.846d83e7cc0000005000057ab41801d04d68f79f668bC:\Windows\Explorer.EXEC:\Windows\System32\ShellvRTF.dlldd7f0b1f-b95d-11e4-a7d6-fc096221eaaa

Error: (02/20/2015 07:58:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2012-06-03 16:36:30.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-03 16:36:30.467
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-03 16:36:30.046
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-03 16:36:29.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-03 16:36:29.219
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-03 16:36:28.813
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-03 16:36:28.392
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-03 16:36:27.986
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-03 16:36:27.565
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-03 16:36:27.144
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU T2370 @ 1.73GHz
Percentage of memory in use: 19%
Total physical RAM: 2038.02 MB
Available physical RAM: 1647.37 MB
Total Pagefile: 4076.03 MB
Available Pagefile: 3711.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:221.35 GB) (Free:107.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PRESARIO_RP) (Fixed) (Total:11.53 GB) (Free:2.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (SARA'S_SHOWER_DVD) (CDROM) (Total:0.13 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:1.81 GB) (Free:1.8 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 149F149F)
Partition 1: (Active) - (Size=221.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1.8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.8 GB) - (Type=06)

==================== End Of Log ============================



#12 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:10:50 PM

Posted 11 March 2015 - 01:15 AM

Did you get the IDTool scan to run also?  I am not seeing any Crypto/Ransome type files now but they may be older which is why I asked for the IDTool scan.

 

 

 

The PayPal goes directly to the Malware Responce Team member.  Do not worry about that right now; let's get your system working first.  Also, Grandbabies and family come first.  :hug:

 

 

 

I have the first part of the fix ready for your system.  We will use the USB drive to transfer the Fixlist script and the Fixlog resulting log file to and from the infected macine.  (Actually, I'm very hopeful that this script will restore the ability for you to run the system in normal mode.)

 

 

Plug the USB drive into the working system.

Download the attached fixlist.txt file (at the bottom of this post) and save it to the USB drive.  Save the File as text file type file NOT a HTML type file.  Remove the USB drive from the working system and attach it to the infected system.  Copy and Paste the Fixlist.txt onto the desktop of the infected system (this should be the location of the FRST.exe program).

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST by right clicking on the FRST.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.

 

If you still do not have internet access on the "infected" system (or you had to start it in Safe Mode) then copy the Fixlog.txt file on the desktop, Paste it into the USB drive and return to the working system to post the Fixlog.txt log file.
 

Attached Files


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#13 carolhuberjones

carolhuberjones
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Georgia
  • Local time:01:50 AM

Posted 11 March 2015 - 02:42 PM

Ok so here is where I am now....didn't get very far. :( I downloaded IDTool by Nathan and saved to USB. It's showing 3.2 MB but the ZIP is still showing it closed so I don't know if I did it correctly. The infected computer is still opening is SAFE MODE so after I transferred that file to the infected desktop and then tried to right-click the computer icon and select RUN AS ADMINISTRATOR I get the following message with a big RED X:

 

The Windows Installer service is not accessible in Safe Mode. Please try again when your computer is not in Safe Mode or you can use System Restore to return your machine to a previous good state.

 

I will await your reply for further instructions. Again thank you so much! :)



#14 carolhuberjones

carolhuberjones
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Georgia
  • Local time:01:50 AM

Posted 11 March 2015 - 02:47 PM

Also here is some FYI for you...not sure if it makes a difference or not.  This computer was a floor model at Office Depot a few years ago. So there are actually layers to this thing that confuses me....so I gave it to my husband. One layer is the Office Depot one and the other is my husband's stuff. It may not matter as to where I put the download but I thought I would mention this in case it did. And honestly it gets so confusing when trying to save to the desktop because there is more than one I think. Maybe this makes perfect sense to you so let me know if there is something I need to include while cleaning it up. Thank you.



#15 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:10:50 PM

Posted 11 March 2015 - 11:49 PM

Let's not worry about the IDTool for right now.  We will get to this later after the system runs in Normal mode.

 

 

Did you get the Fixlist script to run?


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users