Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Department of Justice Virus - Can't boot in safe mode [Solved]

Started by Warden , Nov 24 2014 08:34 AM

This topic is locked

#16
Biscuithd

Posted 08 December 2014 - 08:44 AM

Trusted Helper

Malware Removal
2,573 posts

I assume you have Windows XP? I guess I'd put FRST in the Root. Really, you can put it anywhere as long as you remember where you put it.

Here's some XP Recovery Console instructions. I'd get to the command prompt and then run FRST. Once you get the log file, you can xfer it back to the USB and post it.

Since you have the Recovery Console, have you tried to do a System Recovery?

#17
Warden

Posted 08 December 2014 - 09:35 AM

Member

Topic Starter
Member
162 posts

I do have XP and have placed the FRST on the HDD while using linux puppy. I am in system recovery now but do not know how to run FRST from there. Which command can I use to access that? In the article provided it seems to say that I need to access the CD drive, which is currently unavailable on my machine.

#18
Biscuithd

Posted 08 December 2014 - 09:38 AM

Trusted Helper

Malware Removal
2,573 posts

If you're at a command prompt, then

run c:\frst.exe

Assuming you put it in the root and FRST is still called FRST.exe. Otherwise, amend the path and name accordingly.

#19
Warden

Posted 08 December 2014 - 10:05 AM

Member

Topic Starter
Member
162 posts

it is located in c documents and settings/presenter/frst (1).exe. so would that be run c:\documnets and settings\presenter\frst (1).exe?

I did do a system restore following the instructions on the page here. It looked like I was in as the virus did not immediately take ove rthe screen as it has in the past. However, it did reappear and now the toolbar is showing, but can't access anything from it. I thought a restore to a previouos date would allow me to run the frst. I will await any suggestions before trying to retsore to a different point. Don't want to mess things up any further.

#20
Biscuithd

Posted 08 December 2014 - 10:15 AM

Trusted Helper

Malware Removal
2,573 posts

it is located in c documents and settings/presenter/frst (1).exe. so would that be run c:\documnets and settings\presenter\frst (1).exe?

That sounds about right, but watch your slashes and back slashes, they do not mean the same thing.

I thought a restore to a previouos date would allow me to run the frst.

I was just asking a question, I wasn't necessarily suggesting that you try it or not.

If you can get to a command prompt and run FRST, that would help me from a Malware perspective. I can't really speak to your various Restore Points. Don't forget, we're both kind of feeling our way through this. Unless I was sitting in front of the machine myself, it's difficult to know "next steps".

Think of it this way. An XP machine is a very elderly machine. You've grabbed all the files you can from the disk. At this point you've got little to lose by trying what you can. It's as likely that you have HD issues along with the malware. If it were me, I'd try to scan before I tried to Restore anymore. However, you have to try whatever seems to work on the machine.

#21
Warden

Posted 08 December 2014 - 10:21 AM

Member

Topic Starter
Member
162 posts

I agree about nothing to lose at this point. I just did the restore on my own as another option to try and get this old bird going again. I know it was a simple question on your part and not instruction. Trying anything right now. I did another restore to an earlier date for giggles and was able to get FRSt started before the virus took over the screen. Don't think that will do anything at this point since I can't access the files you would need for diagnosis. I will now try to run it from recovery console again with that path and see what happens. I apreciate your efforts and will update as soon as I have some more information. Thanks for

#22
Biscuithd

Posted 15 December 2014 - 06:27 AM

Trusted Helper

Malware Removal
2,573 posts

ANy progress here?

#23
iammykyl

Posted 15 December 2014 - 05:19 PM

Tech Staff

Technician
7,659 posts

Suggestion. Do not run unless Biscuitchd instructs you to do so.

Looks like DJR will keep activating and prevent any progress, please take a look at the following.

> http://www.bleepingc...tice-ransomware

#24
Warden

Posted 15 December 2014 - 09:53 PM

Member

Topic Starter
Member
162 posts

I have looked into this method using the usb but have been traveling for work and am just getting back home now. I can try the suggestions in the link provided regarding hitmanpro if that is agreeable to bisbuithd. As discussed previously, I have backed up my data, so there is not much else to lose at this point in trying it. That would be my next step.

#25
Biscuithd

Posted 16 December 2014 - 06:55 AM

Trusted Helper

Malware Removal
2,573 posts

I am aware of this fix, but, I've never had much luck with Hitman Pro. That said, we're not having much luck with my attempts either, right ? As we've said before, there's not much left to do except Format and Re-install, so why not give it a try, right? Absolutely nothing to lose.

#26
Warden

Posted 16 December 2014 - 01:08 PM

Member

Topic Starter
Member
162 posts

Just to make sure I understand what is being suggested, ignore the hitman option and go for a format and re-installation, correct? If that is the case, i, of course, do not have the installation CD. I do have the product key but not sure if that will help me at all at this juncture.

Edited by Warden, 16 December 2014 - 01:38 PM.

#27
iammykyl

Posted 16 December 2014 - 04:27 PM

Tech Staff

Technician
7,659 posts

Gday.

ignore the hitman option and go for a format and re-installation, correct?

no, Biscuitchd Say's yes to using Hitman, as you have nothing to loose by trying it.

NB. When you visit the above page, please download the version that corresponds to the bit-type of the Windows version you will be using to create the Kickstart USB drive.

Good luck.

#28
Warden

Posted 17 December 2014 - 06:55 AM

Member

Topic Starter
Member
162 posts

Glad I checked on that one. Will procure a 32GB usb stick today and see if I can implement the fix suggested. Thanks for clarification. Ran Hitman and am now able to access infected machine. Here is the FRST Log file

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-11-2014

Ran by Presenter at 2014-12-17 12:02:58

Running from C:\Documents and Settings\Presenter

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Emsisoft Anti-Malware (Disabled - Up to date) {0F8591BB-342B-4493-91C3-4E948ED21255}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden

3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)

7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)

Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)

Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)

Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Auslogics Registry Cleaner (HKLM\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 4.0.0.0 - Auslogics Labs Pty Ltd)

AuthenTec Fingerprint System (HKLM\...\{FECEF9D2-9D3D-449B-9EA4-CFA775C99464}) (Version: 8.0.100.25 - AuthenTec, Inc.)

Autorun Eater v2.4 (HKLM\...\Autorun Eater_is1) (Version: - Old McDonald's Farm)

AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )

Belkin Setup and Router Monitor (HKLM\...\Belkin Setup and Router Monitor_is1) (Version: - )

Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.2 - Belkin International, Inc.)

BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)

BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Canon PIXMA iP4000 (HKLM\...\CANONBJ_Deinstall_CNMCP64.DLL) (Version: - )

CleanUp! (HKLM\...\CleanUp!) (Version: - )

Cloud System Booster (HKLM\...\Cloud System Booster) (Version: 3.3 - Anvisoft)

Combined Modem Driver Installer (HKLM\...\{9A6F0720-739C-408B-966F-93091631A918}) (Version: 1.0.0.15 - )

Corel WinDVD (Version: 11 - Corel Inc.) Hidden

Corel WinDVD Pro 11 (HKLM\...\_{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}) (Version: 11.0.0.289 - Corel Inc.)

Dropbox (HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)

Embedded Security for HP ProtectTools Driver (Version: 5.5.100 - Hewlett-Packard) Hidden

EMET (HKLM\...\{DE7A5DDF-47B3-42FF-A082-E158DEA37392}) (Version: 3.0.0 - Microsoft)

Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)

eRoom 7 (HKLM\...\eRoom 7) (Version: - )

ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)

ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )

FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version: - )

Fitbit Connect (HKLM\...\Fitbit Connect) (Version: 1.0.0.2578 - Fitbit Inc.)

FlipShare (HKLM\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)

Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)

Google Chrome Canary (HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Google Chrome SxS) (Version: 41.0.2251.0 - Google Inc.)

Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden

Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden

HP 3D DriveGuard (HKLM\...\{F2498378-DB5D-45D2-8C86-46D0C7B2CCC1}) (Version: 1.10 C1 - Hewlett-Packard)

HP Battery Check (HKLM\...\HP Battery Check) (Version: 4.1.0.2 - Hewlett-Packard)

HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)

HP Help and Support (HKLM\...\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}) (Version: 4.4.0003 - HPQ)

HP Integrated Module with Bluetooth wireless technology (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.4803 - HP)

HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.11352 - HP Photo Creations Powered by RocketLife)

HP Photosmart 5520 series Basic Device Software (HKLM\...\{14D71565-08BF-472D-9376-14D999049C1A}) (Version: 27.0.847.0 - Hewlett-Packard Co.)

HP Photosmart 5520 series Help (HKLM\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)

HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)

HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40.17.2 - Hewlett-Packard)

HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)

HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)

HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden

ICA (Version: 1.0 - Corel Inc.) Hidden

Intel® Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}) (Version: 12.04.0000 - Intel Corporation)

Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)

InterVideo DVD Check (HKLM\...\{5D97A4A7-C274-4B63-86D9-07A33435F505}) (Version: - )

InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden

InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1259 - InterVideo Inc.)

IPM (Version: 1.00.0000 - Corel Inc.) Hidden

iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)

Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

LiveUpdate 3.1 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.1.0.99 - Symantec Corporation)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )

Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version: - )

Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - )

Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)

Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft)

Microsoft Office Project Standard 2007 (HKLM\...\PRJSTD) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mobile Broadband Generic Drivers (HKLM\...\Mobile Broadband Generic Drivers) (Version: 2.03.09.005.14 - Novatel Wireless)

Mobile Broadband Generic Drivers (Version: 2.03.09.005.14 - Novatel Wireless) Hidden

MobileMe Control Panel (HKLM\...\{5A9AA2C0-972F-4239-AA41-E409434194D5}) (Version: 3.1.8.0 - Apple Inc.)

Mouse Suite (HKLM\...\MouseSuite98) (Version: - )

NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.6128 - NVIDIA Corporation)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)

NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.13550 - NVIDIA Corporation)

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden

PDF Complete (HKLM\...\PDF Complete) (Version: 3.5.57 - PDF Complete, Inc.)

QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden

QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

RICOH R5C853 Media Driver Ver.1.02.00.17 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 1.02.00.17 - RICOH)

Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

Setup (Version: 11.0 - Corel Inc.) Hidden

SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.5880 - Analog Devices)

SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)

System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden

Video Mover (HKLM\...\Video Mover_is1) (Version: - )

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)

Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )

Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )

Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Presenter\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{047466F1-82AE-455A-AFC4-D3AC463FBF6B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dl (the data entry has 9 more characters).

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome SxS\Application\41.0.2251.0\delegate_execute.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.d (the data entry has 10 more characters).

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Presenter\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Presenter\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Presenter\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Presenter\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Presenter\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-3866077675-454247996-117300071-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> No File Path

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 07:00 - 2013-01-23 12:04 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006Core.job => C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006UA.job => C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{DC2ABE27-FEA3-4C83-AFF4-55B4F05FBEF4}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2014-10-24 17:43 - 2014-10-06 17:43 - 00775400 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll

2009-02-27 05:51 - 2009-02-27 05:51 - 00200704 ____N () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL

2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2011-05-06 12:07 - 2011-05-06 12:07 - 00460144 ____N () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 ____N () C:\Program Files\Flip Video\FlipShare\QtCore4.dll

2011-05-06 12:07 - 2011-05-06 12:07 - 04317184 ____N () C:\Program Files\Flip Video\FlipShare\Core.dll

2011-05-06 12:02 - 2011-05-06 12:02 - 00737280 ____N () C:\Program Files\Flip Video\FlipShare\qca2.dll

2010-10-25 23:23 - 2010-10-25 23:23 - 08351744 ____N () C:\Program Files\Flip Video\FlipShare\QtGui4.dll

2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 ____N () C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll

2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 ____N () C:\Program Files\Flip Video\FlipShare\QtSql4.dll

2010-10-25 23:06 - 2010-10-25 23:06 - 00364544 ____N () C:\Program Files\Flip Video\FlipShare\QtXml4.dll

2010-10-26 07:34 - 2010-10-26 07:34 - 11853824 ____N () C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll

2010-10-25 23:37 - 2010-10-25 23:37 - 00258048 ____N () C:\Program Files\Flip Video\FlipShare\phonon4.dll

2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 ____N () C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll

2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 ____N () C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll

2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 ____N () C:\Program Files\Flip Video\FlipShare\PocoNet.dll

2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 ____N () C:\Program Files\Flip Video\FlipShare\PocoXML.dll

2014-05-29 01:47 - 2014-05-29 01:47 - 00018616 _____ () C:\Program Files\Anvisoft\Cloud System Booster\Public.dll

2013-11-27 04:33 - 2013-11-27 04:33 - 00156344 _____ () C:\Program Files\Anvisoft\Cloud System Booster\ui.dll

2013-11-27 04:33 - 2013-11-27 04:33 - 00090808 _____ () C:\Program Files\Anvisoft\Cloud System Booster\libglognc.dll

2014-05-29 01:47 - 2014-05-29 01:47 - 00028856 _____ () C:\Program Files\Anvisoft\Cloud System Booster\extentions\TestExtention.dll

2011-05-06 11:58 - 2011-05-06 11:58 - 01085440 ____N () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe

2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 ____N () C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll

2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 ____N () C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll

2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 ____N () C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll

2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 ____N () C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll

2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 ____N () C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll

2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 ____N () C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll

2010-05-17 08:47 - 2010-05-17 08:47 - 00175616 ____N () C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll

2010-05-17 08:47 - 2010-05-17 08:47 - 00291840 ____N () C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll

2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 ____N () C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll

2010-05-17 08:47 - 2010-05-17 08:47 - 00110592 ____N () C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk => C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

MSCONFIG\startupreg: InstaLAN => "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

========================= Accounts: ==========================

Administrator (S-1-5-21-3866077675-454247996-117300071-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator

ASPNET (S-1-5-21-3866077675-454247996-117300071-1004 - Limited - Enabled)

Guest (S-1-5-21-3866077675-454247996-117300071-501 - Limited - Disabled)

HelpAssistant (S-1-5-21-3866077675-454247996-117300071-1005 - Limited - Disabled)

Presenter (S-1-5-21-3866077675-454247996-117300071-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Presenter

SUPPORT_388945a0 (S-1-5-21-3866077675-454247996-117300071-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:

==================

Error: (12/17/2014 11:39:13 AM) (Source: crypt32) (EventID: 8) (User: )