Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91824 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Can download but cannot install -- still infected? [Solved]

Painfully Slow

  • This topic is locked This topic is locked
91 replies to this topic

#16 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 20 April 2014 - 07:38 AM

First of all HAPPY EASTER or Passover! 

Second that scan took forever.  Took 3 tries to get it running finally got started about 5:30 6:00 pm Sat my time.  It was still running at 11:30 pm so went to bed.  It then took me another 1hour to get it on a flash drive to transfer from that computer to upload from mine.  Firefox is the only browser that basically works.  But as before everything still takes a very long time to open. I hope you can find something because I can't think what might be causing this. Here is the log:

 

OTL logfile created on: 4/19/2014 6:21:14 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\viccherry\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.96 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 54.85% Memory free
8.10 Gb Paging File | 5.99 Gb Available in Paging File | 73.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 104.00 Gb Free Space | 47.66% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 6.58 Gb Free Space | 44.92% Space Free | Partition Type: NTFS
 
Computer Name: VICCHERRY-PC | User Name: viccherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\viccherry\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\fixcfg.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
PRC - C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
PRC - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
PRC - C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()
PRC - C:\Program Files (x86)\Common Files\Dell\apache\php.exe (The PHP Group)
PRC - C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\ProgramData\UltraVNC\winvnc.exe (UltraVNC)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\log4cplusU.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
MOD - C:\Program Files (x86)\Common Files\Dell\apache\ioncube_loader_win_5.2.dll ()
MOD - C:\Program Files (x86)\Common Files\Dell\apache\libmysql.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadrs.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\DLEAcfg.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll ()
MOD - C:\Windows\SysWOW64\DLEAsmr.dll ()
MOD - C:\Windows\SysWOW64\DLEAsm.dll ()
MOD - C:\Program Files (x86)\Common Files\Dell\apache\bin\zlib1.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (dlea_device) -- C:\Windows\SysNative\dleacoms.exe ( )
SRV:64bit: - (dleaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (yksvc) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater18.0.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (hnmsvc) -- C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (dsl-fs-sync) -- C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
SRV - (dleaCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV - (dlea_device) -- C:\Windows\SysWOW64\dleacoms.exe ( )
SRV - (dsl-db) -- C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Apache2.2) -- C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (uvnc_service) -- C:\ProgramData\UltraVNC\winvnc.exe (UltraVNC)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys ()
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\DRIVERS\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (Packet) -- C:\Windows\SysWOW64\drivers\packet.sys (SingleClick Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {79EBD815-735B-4501-9798-B6FB68628A71}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={5B884C15-13DB-4B51-A87E-F12B2D439BE7}&mid=58547acb9f7f4519162bd2354df15e1c-e92b75959ee62bfb6234d3af093a7ba4758ac9a1&lang=en&ds=AVG&pr=pr&d=2012-04-22 20:57:01&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=fp-yie9"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\viccherry\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\viccherry\AppData\Roaming\Move Networks [2014/03/29 10:49:31 | 000,000,000 | ---D | M]
 
[2014/04/09 20:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\viccherry\AppData\Roaming\Mozilla\Extensions
[2014/04/11 18:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\viccherry\AppData\Roaming\Mozilla\Firefox\Profiles\n5jkhikp.default\extensions
[2014/04/07 21:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/07 21:35:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Docs = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{002E2311-6495-440E-A2F9-05B194EBE752}: DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F45EBB82-E1FA-408C-9131-9C41D02B34E6}: DhcpNameServer = 192.168.2.113 4.2.2.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\viccherry\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\viccherry\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{bc0f12f5-a300-11e2-8e76-0023ae234bc6}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/18 14:30:42 | 000,000,000 | ---D | C] -- C:\FRST
[2014/04/18 14:07:00 | 001,146,880 | ---- | C] (Farbar) -- C:\Users\viccherry\Desktop\FRST.exe
[2014/04/18 13:36:30 | 002,158,592 | ---- | C] (Farbar) -- C:\Users\viccherry\Desktop\FRST64.exe
[2014/04/17 23:57:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/04/17 23:55:11 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/04/17 23:19:54 | 005,195,154 | R--- | C] (Swearware) -- C:\Users\viccherry\Desktop\ComboFix.exe
[2014/04/17 22:44:26 | 000,000,000 | ---D | C] -- C:\Users\viccherry\Desktop\Desktop
[2014/04/16 20:08:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/16 19:15:54 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\viccherry\Desktop\tdsskiller.exe
[2014/04/16 19:15:54 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\viccherry\Desktop\dds.scr
[2014/04/13 20:53:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\viccherry\Desktop\OTL.exe
[2014/04/12 19:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2014/04/11 19:16:22 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Roaming\iolo
[2014/04/11 18:49:30 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Roaming\GlarySoft
[2014/04/11 18:35:03 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glarysoft
[2014/04/11 18:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glarysoft
[2014/04/09 21:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/04/09 21:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/04/09 20:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2014/04/09 20:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iolo
[2014/04/09 20:10:14 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\Mozilla
[2014/04/09 20:10:11 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Roaming\Mozilla
[2014/04/09 19:33:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/04/09 19:33:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/04/09 19:33:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/09 19:33:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/09 19:33:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/09 19:33:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/09 19:33:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/04/09 19:33:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/04/09 19:33:10 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/09 19:33:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/09 19:33:10 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/09 19:33:09 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/09 19:33:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/04/09 19:33:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/04/09 19:33:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/09 19:13:24 | 001,212,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/09 18:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/04/09 18:44:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/07 21:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/04/07 21:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/04/07 21:35:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/04/07 20:12:02 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{38B8547E-9B0A-47BA-95CA-CA6A46906379}
[2014/04/07 19:53:15 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/07 19:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/07 19:53:03 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/07 19:53:03 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/07 19:53:03 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/07 19:53:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/07 19:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/07 18:33:48 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{C35BC776-AD27-4FA7-9EAA-7EF225D9C473}
[2014/04/02 18:15:44 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{8266DBFC-84E6-42F6-993D-9316823ADAEF}
[2014/04/01 20:40:11 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/04/01 15:05:58 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{FFEC9C09-2504-44E5-A900-551BE987D180}
[2014/03/31 21:04:56 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{B937B2F6-BEC8-4CE3-ABB0-FDDA9A252A31}
[2014/03/30 16:56:43 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{4413BCE3-9B76-41E6-9367-CF0070183368}
[2014/03/30 11:25:03 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{75D1D2C9-5EF2-4EA1-A639-F1E9E3CB284C}
[2014/03/30 09:43:22 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{46937EE7-8938-43D9-8BEE-10C8061C10CF}
[2014/03/30 08:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/30 08:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/03/30 08:46:47 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/03/29 16:55:54 | 001,111,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/03/29 16:55:52 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/03/29 16:29:41 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/03/29 16:29:41 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/03/29 12:08:37 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{CBEEC01E-86CD-45D6-93B6-FFA3F97DA19E}
[2014/03/29 06:20:33 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{5F6F5A9B-C0CC-4405-83C2-40F51FD25BA2}
[2014/03/28 18:48:34 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{67ACA017-089F-45FF-9C62-919B907287FC}
[2014/03/24 22:36:14 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{3F3E0AD0-84F0-4CDA-AB62-0B1D0CA2D6A4}
[2009/08/13 05:30:52 | 008,653,312 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\viccherry\AppData\Roaming\DataSafeDotNet.exe
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/19 22:45:39 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/19 22:02:58 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 22:02:58 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 21:16:24 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/19 18:02:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/19 18:02:40 | 4255,502,336 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/18 13:55:59 | 001,146,880 | ---- | M] (Farbar) -- C:\Users\viccherry\Desktop\FRST.exe
[2014/04/18 13:33:09 | 000,000,594 | ---- | M] () -- C:\Users\viccherry\Application Data\Microsoft\Internet Explorer\Quick Launch\FRST64.exe - Shortcut.lnk
[2014/04/18 13:28:31 | 002,158,592 | ---- | M] (Farbar) -- C:\Users\viccherry\Desktop\FRST64.exe
[2014/04/17 22:44:37 | 005,195,154 | R--- | M] (Swearware) -- C:\Users\viccherry\Desktop\ComboFix.exe
[2014/04/16 18:41:45 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\viccherry\Desktop\tdsskiller.exe
[2014/04/16 18:37:13 | 000,756,232 | ---- | M] () -- C:\Users\viccherry\Desktop\setup.exe
[2014/04/16 18:21:24 | 001,426,178 | ---- | M] () -- C:\Users\viccherry\Desktop\AdwCleaner.exe
[2014/04/16 18:11:20 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\viccherry\Desktop\dds.scr
[2014/04/13 20:44:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\viccherry\Desktop\OTL.exe
[2014/04/12 15:05:10 | 001,402,880 | ---- | M] () -- C:\Users\viccherry\Documents\HijackThis.msi
[2014/04/11 18:35:53 | 000,001,061 | ---- | M] () -- C:\Users\viccherry\Desktop\Registry Repair.lnk
[2014/04/09 21:59:51 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/09 20:41:05 | 000,001,012 | ---- | M] () -- C:\Users\viccherry\Desktop\System Checkup.lnk
[2014/04/09 20:40:18 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dat
[2014/04/09 18:51:57 | 000,003,759 | ---- | M] () -- C:\Windows\SysWow64\userawacs.cfg
[2014/04/09 18:51:37 | 000,000,290 | ---- | M] () -- C:\Windows\SysWow64\usergui.cfg
[2014/04/09 18:50:42 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2014/04/09 18:41:33 | 000,015,672 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2014/04/07 21:45:14 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/07 19:53:06 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/07 19:07:20 | 000,656,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/07 19:07:20 | 000,124,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/07 19:07:14 | 000,777,776 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/03 09:51:12 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/30 16:28:30 | 000,000,732 | ---- | M] () -- C:\Users\viccherry\AppData\Local\d3d9caps64.dat
[2014/03/30 10:53:32 | 000,006,756 | ---- | M] () -- C:\Users\viccherry\AppData\Local\d3d9caps.dat
[2014/03/30 10:53:24 | 000,002,317 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2014/03/30 09:37:16 | 000,283,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/30 08:48:15 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/29 12:49:55 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/29 12:49:55 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/18 13:33:09 | 000,000,594 | ---- | C] () -- C:\Users\viccherry\Application Data\Microsoft\Internet Explorer\Quick Launch\FRST64.exe - Shortcut.lnk
[2014/04/16 19:15:54 | 001,426,178 | ---- | C] () -- C:\Users\viccherry\Desktop\AdwCleaner.exe
[2014/04/16 19:15:54 | 000,756,232 | ---- | C] () -- C:\Users\viccherry\Desktop\setup.exe
[2014/04/13 17:41:01 | 4255,502,336 | -HS- | C] () -- C:\hiberfil.sys
[2014/04/13 14:40:36 | 001,402,880 | ---- | C] () -- C:\Users\viccherry\Documents\HijackThis.msi
[2014/04/11 18:35:53 | 000,001,061 | ---- | C] () -- C:\Users\viccherry\Desktop\Registry Repair.lnk
[2014/04/09 21:59:51 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/09 20:41:05 | 000,001,012 | ---- | C] () -- C:\Users\viccherry\Desktop\System Checkup.lnk
[2014/04/09 20:40:18 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2014/04/07 21:45:14 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/04/07 21:45:14 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/07 19:53:06 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/30 08:48:15 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/29 17:47:31 | 000,000,732 | ---- | C] () -- C:\Users\viccherry\AppData\Local\d3d9caps64.dat
[2014/02/25 04:07:13 | 000,771,580 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/06/14 19:16:06 | 000,002,802 | ---- | C] () -- C:\Users\viccherry\AppData\Roaming\wklnhst.dat
[2009/05/13 21:37:59 | 000,008,248 | ---- | C] () -- C:\Users\viccherry\AppData\Local\en.ini
[2009/04/26 20:00:20 | 000,005,632 | ---- | C] () -- C:\Users\viccherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/26 19:34:05 | 000,006,756 | ---- | C] () -- C:\Users\viccherry\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== LOP Check ==========
 
[2013/03/03 21:23:58 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\AVG
[2013/01/21 22:39:25 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\AVG2013
[2011/05/05 19:45:50 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\AVG9
[2013/07/22 17:51:15 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/04/11 18:49:30 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\GlarySoft
[2014/04/11 19:16:22 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\iolo
[2014/03/29 10:49:31 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\MediaMonkey
[2014/03/29 10:49:31 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\pdf995
[2013/09/13 15:16:22 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\SanDisk SecureAccess
[2011/10/02 16:44:06 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\Sling Media
[2013/03/24 19:14:44 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\TaxCut
[2009/06/14 19:16:08 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\Template
[2012/05/26 19:47:45 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\TuneUp Software
[2010/04/20 14:16:36 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\V310-V510 Series
[2009/04/13 16:09:32 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\WildTangent
[2009/10/23 19:16:51 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >
 


    Advertisements

Register to Remove


#17 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 20 April 2014 - 08:01 AM

Happy Easter to you as well.   :)

 
Download RogueKiller to your Desktop.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • There will be a pre-scan that will run automatically (this is normal)
  • Once the pre-scan has finished, press the Scan button.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
  • Once the Scan is complete, press the Report button to generate the results. 

Please post the contents of the RKreport.txt in your next Reply.
----------------
 
OJQgrbU.pngTweaking.com Registry Backup

  • Download the tool found here to your Desktop so it is easy to find.
  • Double click on the file you just downloaded to install it to your system.
  • Once the tool is installed, double-click on the Tweaking.com Registry Backup icon 
    **Note** The tool should automatically open to the Backup Registry tab.
     
    TRfuT3t.jpg
  • Press Backup Now
  • When the back up is complete, the tool will tell you that Successful */* Files Backed Up
  • You have now successfully backed up your Registry.

----------
 

ttLR1ki.jpg
 
Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
     
    :Services
     
    :OTL
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O33 - MountPoints2\{bc0f12f5-a300-11e2-8e76-0023ae234bc6}\Shell - "" = AutoRun
    [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2009/04/26 20:00:20 | 000,005,632 | ---- | C] () -- C:\Users\viccherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5D432CE3
     
    :Files
    ipconfig /flushdns /c
     
    :Commands
    [emptytemp]
    [resethosts]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Posted Image
 
 

#18 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 20 April 2014 - 02:18 PM

Can't seem to get the first one to run.  Looks like it started and than locked up on the prescan. Tried several times and nothing at all now.  Renamed it like suggested and still nothing past the screen that asks if you want to allow it to run. Been trying for 4 hours now. Should I just move on to the registry back up and then the otl scan?



#19 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 20 April 2014 - 03:29 PM

Believe it or not shortly after I wrote the above RogueKiller just popped open.  It started quickly and then sat forever on checking processes. but now has moved slowly on to checking killed processes. of which it so far found 2 .... will let it run and get back to you.



#20 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 21 April 2014 - 06:29 AM

Ok... even more frustrated and confused. About 9-9:30 my time the prescan finished and I started the regular scan for the RogueKiller.  It was still running at midnight so I went to bed. I came to look at the computer about 6 this morning and was met with just the desktop.  There was no sign of any logs etc. nor the program itself. No icons of it, nothing anywhere to be found. The computer did not reboot itself because it was still on the desktop and that laptop is password protected. I rebooted the computer and tried to run the Tweaker for the registry. That took about an hour to get going. It had errors and was able to back up only 8/10 registry files.  The 2 that were not backed up were:

 

c:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat       AND:

 

c:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat

 

Next move I am going to run the OTL with the notations you gave. But I was unable to get it started before I had to leave for work. It just hung spinning for over 30 min. I hope that will give you some clues because I am at wits end.  I am getting ready to drop kick that machine. Is there anything that you can think of that I can do to get this back to them soon?  I hate that I can only work on this in the evenings due to a silly thing like work getting in the way all day and unfortunately I can't bring it with me.



#21 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 21 April 2014 - 07:20 AM

Go ahead and boot to Safe Mode and then run the fix I provided for OTL from there.  If there is a log created, please post that and also let me know how the system is running.  :)


Posted Image
 
 

#22 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 21 April 2014 - 03:47 PM

Wow I should have run everything in safe mode. Opened fast ran fast.... I know that can't always be but.... At any rate here is the results of that OTL run in safe mode:

 

OTL logfile created on: 4/21/2014 5:29:32 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\viccherry\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.96 Gb Total Physical Memory | 3.44 Gb Available Physical Memory | 86.75% Memory free
8.10 Gb Paging File | 7.70 Gb Available in Paging File | 95.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 107.73 Gb Free Space | 49.37% Space Free | Partition Type: NTFS
Drive D: | 14.93 Gb Total Space | 5.76 Gb Free Space | 38.58% Space Free | Partition Type: FAT32
Drive E: | 14.65 Gb Total Space | 6.58 Gb Free Space | 44.92% Space Free | Partition Type: NTFS
 
Computer Name: VICCHERRY-PC | User Name: viccherry | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\viccherry\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (dlea_device) -- C:\Windows\SysNative\dleacoms.exe ( )
SRV:64bit: - (dleaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (yksvc) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater18.0.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (hnmsvc) -- C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (dsl-fs-sync) -- C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
SRV - (dleaCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV - (dlea_device) -- C:\Windows\SysWOW64\dleacoms.exe ( )
SRV - (dsl-db) -- C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Apache2.2) -- C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (uvnc_service) -- C:\ProgramData\UltraVNC\winvnc.exe (UltraVNC)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys ()
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\DRIVERS\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (Packet) -- C:\Windows\SysWOW64\drivers\packet.sys (SingleClick Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {79EBD815-735B-4501-9798-B6FB68628A71}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={5B884C15-13DB-4B51-A87E-F12B2D439BE7}&mid=58547acb9f7f4519162bd2354df15e1c-e92b75959ee62bfb6234d3af093a7ba4758ac9a1&lang=en&ds=AVG&pr=pr&d=2012-04-22 20:57:01&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=fp-yie9"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\viccherry\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\viccherry\AppData\Roaming\Move Networks [2014/03/29 10:49:31 | 000,000,000 | ---D | M]
 
[2014/04/09 20:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\viccherry\AppData\Roaming\Mozilla\Extensions
[2014/04/11 18:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\viccherry\AppData\Roaming\Mozilla\Firefox\Profiles\n5jkhikp.default\extensions
[2014/04/07 21:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/07 21:35:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Docs = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{002E2311-6495-440E-A2F9-05B194EBE752}: DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F45EBB82-E1FA-408C-9131-9C41D02B34E6}: DhcpNameServer = 192.168.2.113 4.2.2.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\viccherry\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\viccherry\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{bc0f12f5-a300-11e2-8e76-0023ae234bc6}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/21 07:22:18 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/04/20 15:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/04/20 15:52:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/04/18 14:30:42 | 000,000,000 | ---D | C] -- C:\FRST
[2014/04/18 14:07:00 | 001,146,880 | ---- | C] (Farbar) -- C:\Users\viccherry\Desktop\FRST.exe
[2014/04/18 13:36:30 | 002,158,592 | ---- | C] (Farbar) -- C:\Users\viccherry\Desktop\FRST64.exe
[2014/04/17 23:57:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/04/17 23:55:11 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/04/17 23:19:54 | 005,195,154 | R--- | C] (Swearware) -- C:\Users\viccherry\Desktop\ComboFix.exe
[2014/04/17 22:44:26 | 000,000,000 | ---D | C] -- C:\Users\viccherry\Desktop\Desktop
[2014/04/16 20:08:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/16 19:15:54 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\viccherry\Desktop\tdsskiller.exe
[2014/04/16 19:15:54 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\viccherry\Desktop\dds.scr
[2014/04/13 20:53:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\viccherry\Desktop\OTL.exe
[2014/04/12 19:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2014/04/11 19:16:22 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Roaming\iolo
[2014/04/11 18:49:30 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Roaming\GlarySoft
[2014/04/11 18:35:03 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glarysoft
[2014/04/11 18:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glarysoft
[2014/04/09 21:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/04/09 21:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/04/09 20:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2014/04/09 20:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iolo
[2014/04/09 20:10:14 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\Mozilla
[2014/04/09 20:10:11 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Roaming\Mozilla
[2014/04/09 19:33:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/04/09 19:33:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/04/09 19:33:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/09 19:33:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/09 19:33:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/09 19:33:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/09 19:33:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/04/09 19:33:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/04/09 19:33:10 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/09 19:33:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/09 19:33:10 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/09 19:33:09 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/09 19:33:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/04/09 19:33:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/04/09 19:33:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/09 19:13:24 | 001,212,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/09 18:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/04/09 18:44:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/07 21:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/04/07 21:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/04/07 21:35:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/04/07 20:12:02 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{38B8547E-9B0A-47BA-95CA-CA6A46906379}
[2014/04/07 19:53:15 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/07 19:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/07 19:53:03 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/07 19:53:03 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/07 19:53:03 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/07 19:53:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/07 19:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/07 18:33:48 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{C35BC776-AD27-4FA7-9EAA-7EF225D9C473}
[2014/04/02 18:15:44 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{8266DBFC-84E6-42F6-993D-9316823ADAEF}
[2014/04/01 20:40:11 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/04/01 15:05:58 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{FFEC9C09-2504-44E5-A900-551BE987D180}
[2014/03/31 21:04:56 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{B937B2F6-BEC8-4CE3-ABB0-FDDA9A252A31}
[2014/03/30 16:56:43 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{4413BCE3-9B76-41E6-9367-CF0070183368}
[2014/03/30 11:25:03 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{75D1D2C9-5EF2-4EA1-A639-F1E9E3CB284C}
[2014/03/30 09:43:22 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{46937EE7-8938-43D9-8BEE-10C8061C10CF}
[2014/03/30 08:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/30 08:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/03/30 08:46:47 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/03/29 16:55:54 | 001,111,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/03/29 16:55:52 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/03/29 16:29:41 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/03/29 16:29:41 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/03/29 12:08:37 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{CBEEC01E-86CD-45D6-93B6-FFA3F97DA19E}
[2014/03/29 06:20:33 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{5F6F5A9B-C0CC-4405-83C2-40F51FD25BA2}
[2014/03/28 18:48:34 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{67ACA017-089F-45FF-9C62-919B907287FC}
[2014/03/24 22:36:14 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{3F3E0AD0-84F0-4CDA-AB62-0B1D0CA2D6A4}
[2009/08/13 05:30:52 | 008,653,312 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\viccherry\AppData\Roaming\DataSafeDotNet.exe
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/21 17:18:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/21 17:16:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/21 17:16:11 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/21 07:44:23 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/21 07:26:07 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-VICCHERRY-PC--(64-bit).dat
[2014/04/21 06:46:28 | 000,006,756 | ---- | M] () -- C:\Users\viccherry\AppData\Local\d3d9caps.dat
[2014/04/21 06:39:13 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/20 15:58:49 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/04/20 12:43:52 | 003,944,112 | ---- | M] () -- C:\Users\viccherry\Desktop\tweaking.com_registry_backup_setup.exe
[2014/04/18 13:55:59 | 001,146,880 | ---- | M] (Farbar) -- C:\Users\viccherry\Desktop\FRST.exe
[2014/04/18 13:33:09 | 000,000,594 | ---- | M] () -- C:\Users\viccherry\Application Data\Microsoft\Internet Explorer\Quick Launch\FRST64.exe - Shortcut.lnk
[2014/04/18 13:28:31 | 002,158,592 | ---- | M] (Farbar) -- C:\Users\viccherry\Desktop\FRST64.exe
[2014/04/17 22:44:37 | 005,195,154 | R--- | M] (Swearware) -- C:\Users\viccherry\Desktop\ComboFix.exe
[2014/04/16 18:41:45 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\viccherry\Desktop\tdsskiller.exe
[2014/04/16 18:37:13 | 000,756,232 | ---- | M] () -- C:\Users\viccherry\Desktop\setup.exe
[2014/04/16 18:21:24 | 001,426,178 | ---- | M] () -- C:\Users\viccherry\Desktop\AdwCleaner.exe
[2014/04/16 18:11:20 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\viccherry\Desktop\dds.scr
[2014/04/13 20:44:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\viccherry\Desktop\OTL.exe
[2014/04/12 15:05:10 | 001,402,880 | ---- | M] () -- C:\Users\viccherry\Documents\HijackThis.msi
[2014/04/11 18:35:53 | 000,001,061 | ---- | M] () -- C:\Users\viccherry\Desktop\Registry Repair.lnk
[2014/04/09 21:59:51 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/09 20:41:05 | 000,001,012 | ---- | M] () -- C:\Users\viccherry\Desktop\System Checkup.lnk
[2014/04/09 20:40:18 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dat
[2014/04/09 18:51:57 | 000,003,759 | ---- | M] () -- C:\Windows\SysWow64\userawacs.cfg
[2014/04/09 18:51:37 | 000,000,290 | ---- | M] () -- C:\Windows\SysWow64\usergui.cfg
[2014/04/09 18:50:42 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2014/04/09 18:41:33 | 000,015,672 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2014/04/07 21:45:14 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/07 19:53:06 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/07 19:07:20 | 000,656,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/07 19:07:20 | 000,124,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/07 19:07:14 | 000,777,776 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/03 09:51:12 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/30 16:28:30 | 000,000,732 | ---- | M] () -- C:\Users\viccherry\AppData\Local\d3d9caps64.dat
[2014/03/30 10:53:24 | 000,002,317 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2014/03/30 09:37:16 | 000,283,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/30 08:48:15 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/29 12:49:55 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/29 12:49:55 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/21 07:26:07 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-VICCHERRY-PC--(64-bit).dat
[2014/04/21 02:16:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\acpi.sys.bak
[2014/04/20 15:58:49 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/04/20 14:50:54 | 003,944,112 | ---- | C] () -- C:\Users\viccherry\Desktop\tweaking.com_registry_backup_setup.exe
[2014/04/18 13:33:09 | 000,000,594 | ---- | C] () -- C:\Users\viccherry\Application Data\Microsoft\Internet Explorer\Quick Launch\FRST64.exe - Shortcut.lnk
[2014/04/16 19:15:54 | 001,426,178 | ---- | C] () -- C:\Users\viccherry\Desktop\AdwCleaner.exe
[2014/04/16 19:15:54 | 000,756,232 | ---- | C] () -- C:\Users\viccherry\Desktop\setup.exe
[2014/04/13 14:40:36 | 001,402,880 | ---- | C] () -- C:\Users\viccherry\Documents\HijackThis.msi
[2014/04/11 18:35:53 | 000,001,061 | ---- | C] () -- C:\Users\viccherry\Desktop\Registry Repair.lnk
[2014/04/09 21:59:51 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/09 20:41:05 | 000,001,012 | ---- | C] () -- C:\Users\viccherry\Desktop\System Checkup.lnk
[2014/04/09 20:40:18 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2014/04/07 21:45:14 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/04/07 21:45:14 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/07 19:53:06 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/30 08:48:15 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/29 17:47:31 | 000,000,732 | ---- | C] () -- C:\Users\viccherry\AppData\Local\d3d9caps64.dat
[2014/02/25 04:07:13 | 000,771,580 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/06/14 19:16:06 | 000,002,802 | ---- | C] () -- C:\Users\viccherry\AppData\Roaming\wklnhst.dat
[2009/05/13 21:37:59 | 000,008,248 | ---- | C] () -- C:\Users\viccherry\AppData\Local\en.ini
[2009/04/26 20:00:20 | 000,005,632 | ---- | C] () -- C:\Users\viccherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/26 19:34:05 | 000,006,756 | ---- | C] () -- C:\Users\viccherry\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== Custom Scans ==========
 
< :Services >
 
<   >
 
< :OTL >
 
< O18:64bit: - Protocol\Handler\livecall - No CLSID value found >
 
< O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found >
 
< O18:64bit: - Protocol\Handler\msnim - No CLSID value found >
 
< O18:64bit: - Protocol\Handler\skype4com - No CLSID value found >
 
< O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found >
 
< O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found >
 
< O18:64bit: - Protocol\Handler\wlpg - No CLSID value found >
 
< O33 - MountPoints2\{bc0f12f5-a300-11e2-8e76-0023ae234bc6}\Shell - "" = AutoRun >
 
< [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] >
 
< [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] >
 
< [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] >
 
< [2009/04/26 20:00:20 | 000,005,632 | ---- | C] () -- C:\Users\viccherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
Invalid Switch: 26 20:00:20 | 000,005,632 | ---- | C] () -- C:\Users\viccherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
< @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:0B4227B4 >
 
< @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5D432CE3 >
 
<   >
 
< :Files >
 
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
 
<   >
 
< :Commands >
 
< [emptytemp] >
 
< [resethosts] >
 
< [start explorer] >
 
< [Reboot] >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >
 



#23 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 21 April 2014 - 06:40 PM

edit


Posted Image
 
 

#24 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 21 April 2014 - 06:43 PM

Ooooops...run my instructions again, but this time be sure to select Run Fix this time instead of Scan.  :)


Posted Image
 
 

#25 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 21 April 2014 - 07:12 PM

Sorry about that before just saw scan and not run fix. ok did that and rebooted... still slow but better what's next?


Edited by mickey7, 21 April 2014 - 07:29 PM.

    Advertisements

Register to Remove


#26 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 22 April 2014 - 05:32 AM

Could you go ahead and post the logs that were made though please?  :)


Posted Image
 
 

#27 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 22 April 2014 - 09:52 AM

Sorry. Did not notice any logs last after the reboot. So I opened Firefox, was not fast but quicker than before.  So I made the above comments and shut down for the night.  Upon reboot this morning after your request, I saw a log pop open.  Could not get it to copy quickly so I snuck laptop into work and has taken til now to copy that log to a flash drive to upload. (Both due to work issues and slowness of copying issues.) There was a folder associated with this as well do you need the contents of that as well?  They did not look like logs perse.

 

Here is the log as I recall:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
File Protocol\Handler\viprotocol - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc0f12f5-a300-11e2-8e76-0023ae234bc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc0f12f5-a300-11e2-8e76-0023ae234bc6}\ not found.
C:\ProgramData\SPL7EA4.tmp deleted successfully.
C:\ProgramData\SPLEED1.tmp deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\viccherry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:5D432CE3 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\viccherry\Desktop\cmd.bat deleted successfully.
C:\Users\viccherry\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: RA Media Server
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: viccherry
->Temp folder emptied: 11057427 bytes
->Temporary Internet Files folder emptied: 4033743 bytes
->Java cache emptied: 428515 bytes
->FireFox cache emptied: 18444658 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 37043 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25151428 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
RecycleBin emptied: 295992 bytes
 
Total Files Cleaned = 57.00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 04212014_210046

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Thank you for your help


Edited by mickey7, 22 April 2014 - 09:53 AM.


#28 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 22 April 2014 - 06:05 PM

Run a new Quick Scan with OTL and post the new log.  I want to see what is still left behind.  :)


Posted Image
 
 

#29 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 23 April 2014 - 07:10 AM

There must be SOMETHING left behind somewhere.  I started the scan just a couple minutes after your post last night and it is still running.  I had to let it go while I left for work.  Hopefully it is done when I get home.  I opened OTL and just selected QUICK SCAN (in pink) and let it run.  I made no selections nor copy that fix from above.  I did notice that the 2 boxes with the LOP etc were checked.  Should I have run this scan in safe mode?



#30 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 23 April 2014 - 07:13 AM

No let's try to let it run from Normal for now.  Don't worry about the LOP or Purity boxes.  :)


Posted Image
 
 

Related Topics




Also tagged with one or more of these keywords: Painfully Slow

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users