Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91520 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Can download but cannot install -- still infected? [Solved]

Painfully Slow

  • This topic is locked This topic is locked
91 replies to this topic

#31 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 23 April 2014 - 07:24 AM

Ok thanks for your help and patience.. I am hoping to get this fixed by Friday if at all possible.


    Advertisements

Register to Remove


#32 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 23 April 2014 - 03:28 PM

Well I just got home and it is STILL running. Even a regular scan did not take this long. ( I thought a quick scan would be faster -- I hoped.) Last night I did notice when it was going through the processes I saw the item that the Rogue Killer flagged. It had to do with the VNC and winvnc.exe if that means anything.  The area that it is currently on is still scanning modules.  Let it keep going?


Edited by mickey7, 23 April 2014 - 03:29 PM.


#33 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 23 April 2014 - 05:38 PM

No....boot to Safe Mode and run a new scan.  Post the new log please.  :)


Posted Image
 
 

#34 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 23 April 2014 - 06:43 PM

I still ran the quick scan. Here it is:

 

OTL logfile created on: 4/23/2014 8:27:48 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\viccherry\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.96 Gb Total Physical Memory | 3.44 Gb Available Physical Memory | 86.81% Memory free
8.10 Gb Paging File | 7.70 Gb Available in Paging File | 95.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 107.58 Gb Free Space | 49.31% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 6.58 Gb Free Space | 44.92% Space Free | Partition Type: NTFS
 
Computer Name: VICCHERRY-PC | User Name: viccherry | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\viccherry\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (dlea_device) -- C:\Windows\SysNative\dleacoms.exe ( )
SRV:64bit: - (dleaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (yksvc) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater18.0.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (hnmsvc) -- C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (dsl-fs-sync) -- C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
SRV - (dleaCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV - (dlea_device) -- C:\Windows\SysWOW64\dleacoms.exe ( )
SRV - (dsl-db) -- C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Apache2.2) -- C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (uvnc_service) -- C:\ProgramData\UltraVNC\winvnc.exe (UltraVNC)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys ()
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\DRIVERS\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (Packet) -- C:\Windows\SysWOW64\drivers\packet.sys (SingleClick Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {79EBD815-735B-4501-9798-B6FB68628A71}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={5B884C15-13DB-4B51-A87E-F12B2D439BE7}&mid=58547acb9f7f4519162bd2354df15e1c-e92b75959ee62bfb6234d3af093a7ba4758ac9a1&lang=en&ds=AVG&pr=pr&d=2012-04-22 20:57:01&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=fp-yie9"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\viccherry\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\viccherry\AppData\Roaming\Move Networks [2014/03/29 10:49:31 | 000,000,000 | ---D | M]
 
[2014/04/09 20:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\viccherry\AppData\Roaming\Mozilla\Extensions
[2014/04/11 18:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\viccherry\AppData\Roaming\Mozilla\Firefox\Profiles\n5jkhikp.default\extensions
[2014/04/07 21:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/07 21:35:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Docs = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\viccherry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/04/21 21:02:03 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{002E2311-6495-440E-A2F9-05B194EBE752}: DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F45EBB82-E1FA-408C-9131-9C41D02B34E6}: DhcpNameServer = 192.168.2.113 4.2.2.2
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\viccherry\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\viccherry\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/22 14:26:29 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/04/21 21:00:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/21 07:22:18 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/04/20 15:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/04/20 15:52:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/04/18 14:30:42 | 000,000,000 | ---D | C] -- C:\FRST
[2014/04/18 14:07:00 | 001,146,880 | ---- | C] (Farbar) -- C:\Users\viccherry\Desktop\FRST.exe
[2014/04/18 13:36:30 | 002,158,592 | ---- | C] (Farbar) -- C:\Users\viccherry\Desktop\FRST64.exe
[2014/04/17 23:57:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/04/17 23:55:11 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/04/17 23:19:54 | 005,195,154 | R--- | C] (Swearware) -- C:\Users\viccherry\Desktop\ComboFix.exe
[2014/04/17 22:44:26 | 000,000,000 | ---D | C] -- C:\Users\viccherry\Desktop\Desktop
[2014/04/16 20:08:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/16 19:15:54 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\viccherry\Desktop\tdsskiller.exe
[2014/04/16 19:15:54 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\viccherry\Desktop\dds.scr
[2014/04/13 20:53:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\viccherry\Desktop\OTL.exe
[2014/04/12 19:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2014/04/11 19:16:22 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Roaming\iolo
[2014/04/11 18:49:30 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Roaming\GlarySoft
[2014/04/11 18:35:03 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glarysoft
[2014/04/11 18:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glarysoft
[2014/04/09 21:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/04/09 21:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/04/09 20:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2014/04/09 20:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iolo
[2014/04/09 20:10:14 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\Mozilla
[2014/04/09 20:10:11 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Roaming\Mozilla
[2014/04/09 18:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/04/09 18:44:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/07 21:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/04/07 21:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/04/07 21:35:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/04/07 20:12:02 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{38B8547E-9B0A-47BA-95CA-CA6A46906379}
[2014/04/07 19:53:15 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/07 19:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/07 19:53:03 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/07 19:53:03 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/07 19:53:03 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/07 19:53:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/07 19:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/07 18:33:48 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{C35BC776-AD27-4FA7-9EAA-7EF225D9C473}
[2014/04/02 18:15:44 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{8266DBFC-84E6-42F6-993D-9316823ADAEF}
[2014/04/01 20:40:11 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/04/01 15:05:58 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{FFEC9C09-2504-44E5-A900-551BE987D180}
[2014/03/31 21:04:56 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{B937B2F6-BEC8-4CE3-ABB0-FDDA9A252A31}
[2014/03/30 16:56:43 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{4413BCE3-9B76-41E6-9367-CF0070183368}
[2014/03/30 11:25:03 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{75D1D2C9-5EF2-4EA1-A639-F1E9E3CB284C}
[2014/03/30 09:43:22 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{46937EE7-8938-43D9-8BEE-10C8061C10CF}
[2014/03/30 08:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/30 08:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/03/30 08:46:47 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/03/29 12:08:37 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{CBEEC01E-86CD-45D6-93B6-FFA3F97DA19E}
[2014/03/29 06:20:33 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{5F6F5A9B-C0CC-4405-83C2-40F51FD25BA2}
[2014/03/28 18:48:34 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{67ACA017-089F-45FF-9C62-919B907287FC}
[2014/03/24 22:36:14 | 000,000,000 | ---D | C] -- C:\Users\viccherry\AppData\Local\{3F3E0AD0-84F0-4CDA-AB62-0B1D0CA2D6A4}
[2009/08/13 05:30:52 | 008,653,312 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\viccherry\AppData\Roaming\DataSafeDotNet.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/23 19:55:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/23 19:45:57 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/23 18:21:55 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/23 18:21:55 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/21 21:11:14 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/21 07:26:07 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-VICCHERRY-PC--(64-bit).dat
[2014/04/21 06:46:28 | 000,006,756 | ---- | M] () -- C:\Users\viccherry\AppData\Local\d3d9caps.dat
[2014/04/20 15:58:49 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/04/20 12:43:52 | 003,944,112 | ---- | M] () -- C:\Users\viccherry\Desktop\tweaking.com_registry_backup_setup.exe
[2014/04/18 13:55:59 | 001,146,880 | ---- | M] (Farbar) -- C:\Users\viccherry\Desktop\FRST.exe
[2014/04/18 13:33:09 | 000,000,594 | ---- | M] () -- C:\Users\viccherry\Application Data\Microsoft\Internet Explorer\Quick Launch\FRST64.exe - Shortcut.lnk
[2014/04/18 13:28:31 | 002,158,592 | ---- | M] (Farbar) -- C:\Users\viccherry\Desktop\FRST64.exe
[2014/04/17 22:44:37 | 005,195,154 | R--- | M] (Swearware) -- C:\Users\viccherry\Desktop\ComboFix.exe
[2014/04/16 18:41:45 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\viccherry\Desktop\tdsskiller.exe
[2014/04/16 18:37:13 | 000,756,232 | ---- | M] () -- C:\Users\viccherry\Desktop\setup.exe
[2014/04/16 18:21:24 | 001,426,178 | ---- | M] () -- C:\Users\viccherry\Desktop\AdwCleaner.exe
[2014/04/16 18:11:20 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\viccherry\Desktop\dds.scr
[2014/04/13 20:44:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\viccherry\Desktop\OTL.exe
[2014/04/12 15:05:10 | 001,402,880 | ---- | M] () -- C:\Users\viccherry\Documents\HijackThis.msi
[2014/04/11 18:35:53 | 000,001,061 | ---- | M] () -- C:\Users\viccherry\Desktop\Registry Repair.lnk
[2014/04/09 21:59:51 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/09 20:41:05 | 000,001,012 | ---- | M] () -- C:\Users\viccherry\Desktop\System Checkup.lnk
[2014/04/09 20:40:18 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dat
[2014/04/09 18:51:57 | 000,003,759 | ---- | M] () -- C:\Windows\SysWow64\userawacs.cfg
[2014/04/09 18:51:37 | 000,000,290 | ---- | M] () -- C:\Windows\SysWow64\usergui.cfg
[2014/04/09 18:50:42 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2014/04/09 18:41:33 | 000,015,672 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2014/04/07 21:45:14 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/07 19:53:06 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/07 19:07:20 | 000,656,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/07 19:07:20 | 000,124,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/07 19:07:14 | 000,777,776 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/03 09:51:12 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/30 16:28:30 | 000,000,732 | ---- | M] () -- C:\Users\viccherry\AppData\Local\d3d9caps64.dat
[2014/03/30 10:53:24 | 000,002,317 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2014/03/30 09:37:16 | 000,283,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/30 08:48:15 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2014/04/21 07:26:07 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-VICCHERRY-PC--(64-bit).dat
[2014/04/21 02:16:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\acpi.sys.bak
[2014/04/20 15:58:49 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/04/20 14:50:54 | 003,944,112 | ---- | C] () -- C:\Users\viccherry\Desktop\tweaking.com_registry_backup_setup.exe
[2014/04/18 13:33:09 | 000,000,594 | ---- | C] () -- C:\Users\viccherry\Application Data\Microsoft\Internet Explorer\Quick Launch\FRST64.exe - Shortcut.lnk
[2014/04/16 19:15:54 | 001,426,178 | ---- | C] () -- C:\Users\viccherry\Desktop\AdwCleaner.exe
[2014/04/16 19:15:54 | 000,756,232 | ---- | C] () -- C:\Users\viccherry\Desktop\setup.exe
[2014/04/13 14:40:36 | 001,402,880 | ---- | C] () -- C:\Users\viccherry\Documents\HijackThis.msi
[2014/04/11 18:35:53 | 000,001,061 | ---- | C] () -- C:\Users\viccherry\Desktop\Registry Repair.lnk
[2014/04/09 21:59:51 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/09 20:41:05 | 000,001,012 | ---- | C] () -- C:\Users\viccherry\Desktop\System Checkup.lnk
[2014/04/09 20:40:18 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2014/04/07 21:45:14 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/04/07 21:45:14 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/07 19:53:06 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/30 08:48:15 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/29 17:47:31 | 000,000,732 | ---- | C] () -- C:\Users\viccherry\AppData\Local\d3d9caps64.dat
[2014/02/25 04:07:13 | 000,771,580 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/06/14 19:16:06 | 000,002,802 | ---- | C] () -- C:\Users\viccherry\AppData\Roaming\wklnhst.dat
[2009/05/13 21:37:59 | 000,008,248 | ---- | C] () -- C:\Users\viccherry\AppData\Local\en.ini
[2009/04/26 19:34:05 | 000,006,756 | ---- | C] () -- C:\Users\viccherry\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== LOP Check ==========
 
[2013/03/03 21:23:58 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\AVG
[2013/01/21 22:39:25 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\AVG2013
[2011/05/05 19:45:50 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\AVG9
[2013/07/22 17:51:15 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/04/11 18:49:30 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\GlarySoft
[2014/04/11 19:16:22 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\iolo
[2014/03/29 10:49:31 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\MediaMonkey
[2014/03/29 10:49:31 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\pdf995
[2013/09/13 15:16:22 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\SanDisk SecureAccess
[2011/10/02 16:44:06 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\Sling Media
[2013/03/24 19:14:44 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\TaxCut
[2009/06/14 19:16:08 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\Template
[2012/05/26 19:47:45 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\TuneUp Software
[2010/04/20 14:16:36 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\V310-V510 Series
[2009/04/13 16:09:32 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\WildTangent
[2009/10/23 19:16:51 | 000,000,000 | ---D | M] -- C:\Users\viccherry\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
 



#35 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 24 April 2014 - 10:24 AM

While I am looking this over, please do the following as well.
 
zHSQiYR.jpg  Please download MiniToolBox, save it to your desktop and run it.
 
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
 
Note: When using "Reset FF Proxy Settings" option Firefox should be closed
----------


Posted Image
 
 

#36 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 24 April 2014 - 11:42 AM

started this about 1:10 pm it looks stuck? on getting ipconfig item.  does the laptop need to be connected to the internet to run this scan? I downloaded the program to a flash drive and transferred it that way.  I am currently at work and the laptop itself is not connected.


Edited by mickey7, 24 April 2014 - 11:42 AM.


#37 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 24 April 2014 - 02:48 PM

Ok rebooted and connected -- still seemed to lock up on getting ipconfig but just let it go and about an hour and half later it seemed to complete.  The log showed up, but the box was still open.  Here is the log from the results file:

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by viccherry (administrator) on 24-04-2014 at 15:14:25
Running from "C:\Users\viccherry\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
::1       localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® WiFi Link 5100 = Wireless Network Connection (Connected)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled taskoffload=enabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : viccherry-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : wpcl.local

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : wpcl.local
   Description . . . . . . . . . . . : Intel® WiFi Link 5100
   Physical Address. . . . . . . . . : 00-22-FB-2F-43-A4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8820:a3d5:ff38:9ca9%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.131(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, April 24, 2014 2:57:04 PM
   Lease Expires . . . . . . . . . . : Friday, April 25, 2014 2:57:04 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.12
   DHCPv6 IAID . . . . . . . . . . . : 285221627
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-4D-D4-AE-00-23-AE-23-4B-C6
   DNS Servers . . . . . . . . . . . : 192.168.1.12
   Primary WINS Server . . . . . . . : 192.168.1.12
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 192.168.2.111
   Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
   Physical Address. . . . . . . . . : 00-23-AE-23-4B-C6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.myhome.westell.com
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  poe.wpcl.local
Address:  192.168.1.12

Name:    google.com
Addresses:  2a00:1450:4006:802::100e
      204.186.215.24
      204.186.215.25
      204.186.215.29
      204.186.215.30
      204.186.215.34
      204.186.215.35
      204.186.215.39
      204.186.215.40
      204.186.215.44
      204.186.215.45
      204.186.215.49
      204.186.215.50
      204.186.215.54
      204.186.215.55
      204.186.215.59
      204.186.215.20



Pinging google.com [204.186.215.24] with 32 bytes of data:

Reply from 204.186.215.24: bytes=32 time=4ms TTL=62

Reply from 204.186.215.24: bytes=32 time=4ms TTL=62



Ping statistics for 204.186.215.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 4ms, Maximum = 4ms, Average = 4ms

Server:  UnKnown
Address:  192.168.1.12



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=80ms TTL=55

Reply from 206.190.36.45: bytes=32 time=81ms TTL=55



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 80ms, Maximum = 81ms, Average = 80ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 12 ...00 22 fb 2f 43 a4 ...... Intel® WiFi Link 5100
 11 ...00 23 ae 23 4b c6 ...... Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
  1 ........................... Software Loopback Interface 1
 10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 13 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 14 ...00 00 00 00 00 00 00 e0  isatap.myhome.westell.com
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.131     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.131    281
    192.168.1.131  255.255.255.255         On-link     192.168.1.131    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.131    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.131    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.131    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    281 fe80::/64                On-link
 12    281 fe80::8820:a3d5:ff38:9ca9/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/24/2014 02:31:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2014 02:30:59 PM) (Source: profsvc) (User: viccherry-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (04/24/2014 02:30:55 PM) (Source: profsvc) (User: viccherry-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (04/24/2014 02:08:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2014 02:07:58 PM) (Source: profsvc) (User: viccherry-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (04/24/2014 02:07:56 PM) (Source: profsvc) (User: viccherry-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (04/24/2014 00:46:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2014 00:46:04 PM) (Source: profsvc) (User: viccherry-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (04/24/2014 00:46:01 PM) (Source: profsvc) (User: viccherry-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (04/24/2014 00:34:52 PM) (Source: profsvc) (User: viccherry-PC)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

 DETAIL - The system cannot find the file specified.


System errors:
=============
Error: (04/24/2014 02:33:46 PM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (04/24/2014 02:32:12 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/24/2014 02:31:47 PM) (Source: Service Control Manager) (User: )
Description: TuneUpUtilitiesDrv%%2

Error: (04/24/2014 02:31:47 PM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058

Error: (04/24/2014 02:31:47 PM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 PCI Express Network Connection Driver%%1058

Error: (04/24/2014 02:30:32 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:28:18 PM on 4/24/2014 was unexpected.

Error: (04/24/2014 02:16:02 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (04/24/2014 02:09:14 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/24/2014 02:08:40 PM) (Source: Service Control Manager) (User: )
Description: TuneUpUtilitiesDrv%%2

Error: (04/24/2014 02:08:40 PM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058


Microsoft Office Sessions:
=========================
Error: (04/24/2014 02:31:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2014 02:30:59 PM) (Source: profsvc)(User: viccherry-PC)
Description: Access is denied.

Error: (04/24/2014 02:30:55 PM) (Source: profsvc)(User: viccherry-PC)
Description: Access is denied.

Error: (04/24/2014 02:08:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2014 02:07:58 PM) (Source: profsvc)(User: viccherry-PC)
Description: Access is denied.

Error: (04/24/2014 02:07:56 PM) (Source: profsvc)(User: viccherry-PC)
Description: Access is denied.

Error: (04/24/2014 00:46:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2014 00:46:04 PM) (Source: profsvc)(User: viccherry-PC)
Description: Access is denied.

Error: (04/24/2014 00:46:01 PM) (Source: profsvc)(User: viccherry-PC)
Description: Access is denied.

Error: (04/24/2014 00:34:52 PM) (Source: profsvc)(User: viccherry-PC)
Description: The system cannot find the file specified.


CodeIntegrity Errors:
===================================
  Date: 2014-04-23 20:32:48.425
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 20:32:48.128
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 20:32:47.832
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 20:32:47.520
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 20:32:47.223
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 20:32:46.927
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 20:32:46.631
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 20:32:46.334
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 20:32:46.038
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 20:32:45.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

 Updater (Version: 1.2.4.36191)
Apple Mobile Device Support (Version: 7.1.0.32)
AVG 2013 (Version: 13.0.3466)
AVG 2013 (Version: 13.0.3722)
AVG 2013 (Version: 2013.0.3466)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.12)
Dell Dock (Version: 1.0.0)
Dell Touchpad (Version: 7.102.115.201)
Dell V310-V510 Series
Intel® Matrix Storage Manager
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Move Media Player
Quickset (Version: 9.2.10)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live MIME IFilter (Version: 15.4.3502.0922)

========================= Devices: ================================
 



#38 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 25 April 2014 - 08:06 AM

Any clues?  I will need to go dark this evening as I will be out of town for a day.  Looking for a little progress before then.  I know it looks daunting....

 



#39 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 25 April 2014 - 09:45 AM

I am not seeing anything that is jumping out at me right now.  

 

Explain in detail how your system is acting?


Posted Image
 
 

#40 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 25 April 2014 - 10:12 AM

It is still SLOW in response.  Initial boot seems ok but once up gets slower and slower. I have not played around on the web since it was acting so slow.... I would download and upload from another machine. I will look at it further on lunch break.  But basically, it takes forever for items you have asked me to run to open or to complete their scans. [witness that scan above that we cancelled after still running for over 24 hours.] Another example: it took me almost an hour to send to a usb drive one of the logs so I could upload it.  Things like that.... molasses in winter .....  But if There is nothing left I would love to be able to return this to them... Is there maybe an optimization scan or fix or something that might help?


Edited by mickey7, 25 April 2014 - 10:12 AM.

    Advertisements

Register to Remove


#41 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 25 April 2014 - 12:34 PM

Ok at lunch after boot I tried to open IE.  Sat forever and after about 5 minutes the window  opened but not content.  This was still the case after 15 minutes.  I closed that and opened FF.  This too, took a few minutes to open the window it but did and content was shown. However, the following script error occurs on every opening:

 

chrome://global/content/browser.xml:149

 

Odd since I do not see Chrome on the computer and yahoo is the homepage.

 

After 6 minutes Safari has yet to open a window, after about a half an hour a safari window opened after I reopened a FF window but no content in safari is showing.  I have not been able to get to another web page this half hour in FF. Everytime I try to click into the address bar I get a FF is not responding msg and then it goes away.

 

So things are not going well yet.....  :(

 

PS... THe connection today (and other days at work) is a Fiber connection if that matters.


Edited by mickey7, 25 April 2014 - 02:10 PM.


#42 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 26 April 2014 - 08:08 AM

Hi,
 
Sorry to hear of all your problems.   :(
 
LlJESjW.jpgMalwarebytes Anti-Rootkit
 
Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If there is no malware found, please let me know as well.
----------


Posted Image
 
 

#43 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 26 April 2014 - 07:47 PM

Hi just got back. Do you want me to go ahead and clean from step 4 on the malwarebytes instructions or just send you the log?



#44 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 27 April 2014 - 01:26 PM

Please just send the logs.  :)


Posted Image
 
 

#45 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 27 April 2014 - 01:28 PM

will do that if I can get the thing to run.....


Related Topics




Also tagged with one or more of these keywords: Painfully Slow

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users