Author Topic: [Inactive] Dell Inspiron taking up to a minute to load IE 9 and freezing  (Read 6568 times)

Offline nbushell

  • Bronze Member
  • Posts: 33
Dell Inspiron Desktop running Vista is taking up to a minute to load Internet Explorer 9. When it finally does load it can take another minute to respond to clicks and sometimes will just stop, with no mouse control and will only respond to control-alt-delete after clicking numerous times and another minute or more. Does the same with Firefox. DDs logs follow.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16609
Run by CeCe at 12:59:38 on 2015-02-16
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\alg.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\ico.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_12_0_0_77_ActiveX.exe -update activex
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzUwMjIyMTA2LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1831"&"mid=0cd91780f8ab47d19f3b4c7f87063cda-b3852606f8d31610eace3647d24149a3312c145d
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AAF9302C-9EF3-4DB3-82D5-B3EE2A0871D0} : DHCPNameServer = 192.168.1.1
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cece\appdata\roaming\mozilla\firefox\profiles\5e6kt9v3.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.31211.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2015-02-15 21:17:35   9054624   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{c9c66923-cc4e-4de9-8198-ceb584b3200c}\mpengine.dll
2015-02-14 20:42:12   9054624   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2015-02-13 00:11:46   1810944   ----a-w-   c:\windows\system32\jscript9.dll
2015-02-12 00:57:28   908840   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{f194053a-f6c3-49c1-a478-759bc68e5c64}\gapaengine.dll
2015-02-12 00:18:16   564224   ----a-w-   c:\windows\system32\oleaut32.dll
2015-02-12 00:17:38   2063360   ----a-w-   c:\windows\system32\win32k.sys
2015-02-12 00:17:23   974848   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2015-02-12 00:15:10   440760   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2015-02-12 00:04:24   --------   d-----w-   c:\windows\Temp61636CC1-3454-218B-1104-4A12D9FBB7F9-Signatures
2015-02-12 00:01:37   306176   ----a-w-   c:\windows\system32\scesrv.dll
2015-02-11 00:19:10   908840   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2015-02-09 02:11:45   --------   d-----w-   c:\program files\Microsoft Security Client
2015-02-07 00:21:41   9054624   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{1e6f66cf-6265-4746-bbdc-4a5c638d478c}\mpengine.dll
2015-01-23 01:57:24   --------   d-----w-   c:\program files\Mozilla Maintenance Service
.
==================== Find3M  ====================
.
2015-02-16 17:18:55   114904   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-14 01:49:16   367104   ----a-w-   c:\windows\system32\html.iec
2015-01-14 01:42:51   1129472   ----a-w-   c:\windows\system32\wininet.dll
2015-01-14 01:42:31   1427968   ----a-w-   c:\windows\system32\inetcpl.cpl
2015-01-14 01:41:28   421376   ----a-w-   c:\windows\system32\vbscript.dll
2015-01-14 01:41:09   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2015-01-14 01:40:35   11776   ----a-w-   c:\windows\system32\mshta.exe
2015-01-14 01:40:33   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2015-01-06 09:36:02   249488   ------w-   c:\windows\system32\MpSigStub.exe
2014-12-19 00:25:17   115200   ----a-w-   c:\windows\system32\drivers\mrxdav.sys
2014-12-06 03:14:51   153600   ----a-w-   c:\windows\system32\profsvc.dll
2014-12-06 03:14:36   48640   ----a-w-   c:\windows\system32\nlaapi.dll
2014-12-06 03:14:36   174080   ----a-w-   c:\windows\system32\nlasvc.dll
2014-12-06 03:14:34   93184   ----a-w-   c:\windows\system32\ncsi.dll
2014-12-03 02:06:01   278528   ----a-w-   c:\windows\system32\schannel.dll
2014-11-21 11:14:16   51928   ----a-w-   c:\windows\system32\drivers\mwac.sys
2014-11-21 11:14:10   75480   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 11:14:06   23256   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 13:00:36.19 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Reader X (10.1.12)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Browser Address Error Redirector
Canon iP3500 series
Canon iP3500 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
Digital Line Detect
getPlus(R) for Adobe
GoToAssist 8.0.0.508
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) PRO Network Connections 12.1.11.0
iTunes
Macromedia Dreamweaver 2
Malwarebytes Anti-Malware version 2.0.4.1028
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Modem Diagnostic Tool
Mouse Suite for Desktop Computers
Mozilla Firefox 35.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music, Photos & Videos Launcher
NetWaiting
OpenOffice.org 3.2
Product Documentation Launcher
QuickBooks Simple Start 2008
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
SupportSoft Assisted Service
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
.
==== End Of File ===========================

Thanks!
« Last Edit: May 02, 2015, 03:42:00 AM by seedy21 »

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2421
Re: [Inactive] Dell Inspiron taking up to a minute to load IE 9 and freezing
« Reply #1 on: February 16, 2015, 03:22:29 PM »
Hello nbushell

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Step 1
  • Click on Start -> Control Panel -> Add/Remove Programs
  • Uninstall the following Programs:-
Bonjour
Browser Address Error Redirector


  • Close the Add/Remove Programs and Control Panel
  • Restart your computer

Step 2

Download zoek.exe from here: http://hijackthis.nl/smeenk/ and save it to your Desktop.

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe

You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !
Code: [Select]
installedprogs;
process;
systemspecs;
services-list;
filesrcm;
srinfo;
emptyfolderscheck;
startupall;
firefoxlook;
chromelook;
skipfix-iedefaults;
msconfigcheck;

  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline nbushell

  • Bronze Member
  • Posts: 33
Re: [Inactive] Dell Inspiron taking up to a minute to load IE 9 and freezing
« Reply #2 on: February 16, 2015, 05:07:36 PM »

Hi seedy21,

Thanks for the help. here is the log from Zoek.exe.


Zoek.exe v5.0.0.0 Updated 15-February-2015
Tool run by CeCe on Mon 02/16/2015 at 17:50:46.09.

Running in: Normal Mode Internet Access Detected
Launched: C:\Users\CeCe\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

Failed to create System Restore Point

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0
C:\PROGRA~2\AVAST Software
C:\PROGRA~2\Malwarebytes' Anti-Malware (portable)
C:\Users\CeCe\AppData\Roaming\Download Manager
C:\Users\CeCe\AppData\Roaming\Sammsoft

==== Installed Programs ======================

Adobe Flash Player 12 ActiveX 
Adobe Reader X (10.1.12) 
Apple Application Support 
Apple Mobile Device Support 
Apple Software Update 
Canon iP3500 series 
Canon iP3500 series User Registration 
Canon My Printer 
Canon Utilities Easy-PhotoPrint EX 
Canon Utilities Solution Menu 
CCleaner 
Compatibility Pack for the 2007 Office system 
Conexant D850 PCI V.92 Modem 
Dell DataSafe Online 
Dell Getting Started Guide 
Dell Support Center (Support Software) 
Digital Line Detect 
getPlus(R) for Adobe 
GoToAssist 8.0.0.508 
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) 
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) 
Intel(R) PRO Network Connections 12.1.11.0 
iTunes 
Macromedia Dreamweaver 2 
Malwarebytes Anti-Malware version 2.0.4.1028 
Microsoft .NET Framework 3.5 SP1 
Microsoft .NET Framework 4.5.1 
Microsoft Office PowerPoint Viewer 2007 (English) 
Microsoft Office Word Viewer 2003 
Microsoft Security Client 
Microsoft Security Essentials 
Microsoft Silverlight 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 
Microsoft Works 
Modem Diagnostic Tool 
Mouse Suite for Desktop Computers 
Mozilla Firefox 35.0.1 (x86 en-US) 
Mozilla Maintenance Service 
MSXML 4.0 SP2 (KB936181) 
MSXML 4.0 SP2 (KB941833) 
MSXML 4.0 SP2 (KB954430) 
MSXML 4.0 SP2 (KB973688) 
MSXML 4.0 SP2 Parser and SDK 
Music, Photos & Videos Launcher 
NetWaiting 
OpenOffice.org 3.2 
Product Documentation Launcher 
QuickBooks Simple Start 2008 
Realtek High Definition Audio Driver 
Roxio Creator Audio 
Roxio Creator Copy 
Roxio Creator Data 
Roxio Creator DE 
Roxio Creator Tools 
Roxio Express Labeler 3 
Roxio Update Manager 
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) 
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) 
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) 
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) 
SupportSoft Assisted Service 
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) 
User's Guides 

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\alg.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\ico.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\CeCe\Desktop\zoek.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

==== System Specs ======================

Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002)
Memory (RAM): 2037 MB
CPU Info: Intel(R) Core(TM)2 Duo CPU     E4500  @ 2.20GHz
CPU Speed: 2244.5 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel(R) G33/G31 Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1024 X 768 - 32 bit
Network: Network Present
Network Adapters: Intel(R) 82562V-2 10/100 Network Connection
CD / DVD Drives: 1x (E: | ) E: TSSTcorpDVD+-RW TS-H653B
Ports: COM3 LPT Port NOT Present.
Mouse: 7 Button Wheel Mouse Present
Hard Disks: C:  455.7GB | D:  10.0GB
Hard Disks - Free: C:  356.5GB | D:  3.3GB
Manufacturer *:
BIOS Info: AT/AT COMPATIBLE | 03/01/08 | DELL   - 42302e31
Time Zone: Eastern Standard Time
Motherboard *:
Country: United States
Language: ENU

==== System Specs (Software) ======================

Internet Explorer Version: 9.0.8112.16421
Mozilla Firefox version: 35.0.1 (x86 en-US)
Adobe Reader version: 10.1.12.15

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\CeCe\AppData\Local\Temp ====
2015-02-13 19:43:19   49E132C10543BCD073E6630B3AC95A58   1253376   ----a-w-   C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-86bbd3f0.exe
====== Java Cache =====
====== C:\Windows\system32 =====
2015-02-13 00:11:46   1A3778EBE361259C75D5D92D4119DB55   1810944   ----a-w-   C:\Windows\System32\jscript9.dll
2015-02-13 00:11:46   10C0DA063EEA438B73B60CE15BF8702B   717824   ----a-w-   C:\Windows\System32\jscript.dll
2015-02-12 00:18:16   0D8FBC644E556C40E06B7EB25A73F6E5   564224   ----a-w-   C:\Windows\System32\oleaut32.dll
2015-02-12 00:17:38   77036FE328B7A382A88DFBFE05ABBAC8   2063360   ----a-w-   C:\Windows\System32\win32k.sys
2015-02-12 00:17:23   55ADC2CB49975A92B954CFEB21C73E2E   974848   ----a-w-   C:\Windows\System32\WindowsCodecs.dll
2015-02-12 00:01:37   735B1EB4521724784A6C142CE923DBFC   306176   ----a-w-   C:\Windows\System32\scesrv.dll
2015-02-11 01:49:48   C9AEC0B252881C6372D4B252AAEFF1E0   421376   ----a-w-   C:\Windows\System32\vbscript.dll
2015-02-11 01:49:48   009D017C0A32C1D10C1B731185ED7E7B   353792   ----a-w-   C:\Windows\System32\dxtmsft.dll
2015-02-11 01:49:46   A1CC68D946EFEDAFCAFCC30F73069E54   176640   ----a-w-   C:\Windows\System32\ieui.dll
2015-02-11 01:49:46   90BFECC19CC9B8AD24879AF2D2EDD817   223232   ----a-w-   C:\Windows\System32\dxtrans.dll
2015-02-11 01:49:46   79E75447CCEB8522756FCD1EA1B858FF   1129472   ----a-w-   C:\Windows\System32\wininet.dll
2015-02-11 01:49:45   C3A39726B1AB3EDCD3E71488531D7D62   73216   ----a-w-   C:\Windows\System32\mshtmled.dll
2015-02-11 01:49:45   43EFB5C7EE9990A3FE51E38FD1A334EB   367104   ----a-w-   C:\Windows\System32\html.iec
2015-02-11 01:49:43   88DFFFE4A1C25C256A74629599292A2D   12371456   ----a-w-   C:\Windows\System32\mshtml.dll
2015-02-11 01:49:41   99AB7F4193275F8AA0A2E0CDDD787CCE   10752   ----a-w-   C:\Windows\System32\msfeedssync.exe
2015-02-11 01:49:41   8D45045DB8267BB3B86B06712FB676C3   11776   ----a-w-   C:\Windows\System32\mshta.exe
2015-02-11 01:49:40   AEEDEE2C22971D086B244B818BC5E789   65024   ----a-w-   C:\Windows\System32\jsproxy.dll
2015-02-11 01:49:40   61EFA6B58EBDE66BA4FE54FEC0BE6538   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2015-02-11 01:49:40   1C394C5CFA2769E7C95B99362B1C2131   41472   ----a-w-   C:\Windows\System32\msfeedsbs.dll
2015-02-11 01:49:38   14EA1AEF44A601DE1CC0EFD97690DEF1   1139712   ----a-w-   C:\Windows\System32\urlmon.dll
2015-02-11 01:49:37   F8A000CEB50A46BAED45101065635D84   607744   ----a-w-   C:\Windows\System32\msfeeds.dll
2015-02-11 01:49:36   40F6C5763DA273F5BC30E17C4B3B011F   1427968   ----a-w-   C:\Windows\System32\inetcpl.cpl
2015-02-11 01:49:35   60974C6E6B8456B5908A7650FC7C93DC   1802752   ----a-w-   C:\Windows\System32\iertutil.dll
2015-02-11 01:49:35   60652E280588712CFA1624D02C7139AA   142848   ----a-w-   C:\Windows\System32\ieUnatt.exe
2015-02-11 01:49:35   2B94917978DCC4DF10505FED0C6563F2   231936   ----a-w-   C:\Windows\System32\url.dll
2015-02-11 01:49:34   062C13975F34C1BBA43CD3BF01D8C899   9742336   ----a-w-   C:\Windows\System32\ieframe.dll
====== C:\Windows\system32\drivers =====
2015-02-12 00:15:10   5035EDF1F2E72F78BB1EC5BD9B97463F   440760   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-01-23 01:57:24   --------   d-----w-   C:\Program Files\Mozilla Maintenance Service
======= C: =====
====== C:\Users\CeCe\AppData\Roaming ======
====== C:\Users\CeCe ======
2015-02-16 17:58:17   8B968045D75783A09592C3105F2865DA   688992   ------r-   C:\Users\CeCe\Desktop\dds.com
2015-02-09 18:19:30   45D44A7710432FB898BED8EE8CBA10B8   5325208   ----a-w-   C:\Users\CeCe\Desktop\ccsetup502.exe

====== C: exe-files ==
2015-02-13 19:43:19   49E132C10543BCD073E6630B3AC95A58   1253376   ----a-w-   C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-86bbd3f0.exe
2015-02-11 01:49:41   C1A3532BE9CFD8569946FA5416B8AF59   22528   ----a-w-   C:\Program Files\Internet Explorer\ExtExport.exe
2015-02-11 01:49:41   99AB7F4193275F8AA0A2E0CDDD787CCE   10752   ----a-w-   C:\Windows\System32\msfeedssync.exe
2015-02-11 01:49:41   8D45045DB8267BB3B86B06712FB676C3   11776   ----a-w-   C:\Windows\System32\mshta.exe
2015-02-11 01:49:41   4FE66AC19646214A4A81D4A0BA88E823   223232   ----a-w-   C:\Program Files\Internet Explorer\ielowutil.exe
2015-02-11 01:49:40   28CD51D6A908C6357F6F6E11EB6D9054   757968   ----a-w-   C:\Program Files\Internet Explorer\iexplore.exe
2015-02-11 01:49:36   F3D7399A8685388F205401DE5B8D3293   470016   ----a-w-   C:\Program Files\Internet Explorer\ieinstal.exe
2015-02-11 01:49:35   60652E280588712CFA1624D02C7139AA   142848   ----a-w-   C:\Windows\System32\ieUnatt.exe
=== C: other files ==
2015-02-16 17:58:17   8B968045D75783A09592C3105F2865DA   688992   ------r-   C:\Users\CeCe\Desktop\dds.com
2015-02-12 00:17:38   77036FE328B7A382A88DFBFE05ABBAC8   2063360   ----a-w-   C:\Windows\System32\win32k.sys
2015-02-12 00:15:10   5035EDF1F2E72F78BB1EC5BD9B97463F   440760   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys

======== System Restore Points ========

No Restore Point in System.

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1860059605-2846582044-973104274-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe"
"PMX Daemon"="ICO.EXE"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
"dellsupportcenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe /P dellsupportcenter"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzUwMjIyMTA2LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1831&mid=0cd91780f8ab47d19f3b4c7f87063cda-b3852606f8d31610eace3647d24149a3312c145d"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

==== Startup Folders ======================

2012-01-09 23:46:11   1748   ----a-w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
2012-01-09 23:46:11   2293   ----a-w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\CeCe\AppData\Roaming\Mozilla\Firefox\Profiles\5e6kt9v3.default
user_pref("browser.startup.homepage", "yahoo.com");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG2012\Firefox4" []

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\CeCe\AppData\Roaming\Mozilla\Firefox\Profiles\5e6kt9v3.default
343BA8F3ABC8CE69700F37DB4A82300F   - c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll -   Silverlight Plug-In
5232105D125A448E99D8C905AB4713EE   - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll -   Adobe Acrobat
21536AF136F35D9E960B085C905C98FB   - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll -   Adobe Acrobat
3FCF47BD73094FA62D81373515F46110   - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -   iTunes Application Detector
AB87EEFFD18F2BAAFC274E7075EA6C67   - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -   Windows Presentation Foundation / Windows Presentation Foundation
AB3546B509E4B89096078EB2081C39C7   - c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrlui.dll -   Microsoft® Silverlight


==== Chromium Look ======================


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.yahoo.com/"
"Default_Page_URL"="http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Mon 02/16/2015 at 18:02:16.40 ======================

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2421
Re: [Inactive] Dell Inspiron taking up to a minute to load IE 9 and freezing
« Reply #3 on: February 17, 2015, 03:30:40 PM »
Hi Nbushell

Step 1

We need to re-run Zoek

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe

You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !
Code: [Select]
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-86bbd3f0.exe;virustotal;
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce];r
"AvgUninstallURL"=-;r
services-list;
standardsearch;

  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply
Step 2

Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on icon and select Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.
Please include the content of this logfile in your next reply.




“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline nbushell

  • Bronze Member
  • Posts: 33
Re: [Inactive] Dell Inspiron taking up to a minute to load IE 9 and freezing
« Reply #4 on: February 17, 2015, 08:22:47 PM »
Hi Seedy21,

Below is the Zoek log, when I ran it a msg box came up saying that DaS21 has stopped working. When I clicked on "cancel" to not send info to Microsoft the program resumed and produced this log. When I ran RogueKiller it sent me to this page...

If you land here from RogueKiller…
 
 …This is because RogueKiller has detected a Kernel filter. Don’t panic. Most of the time, they are made by legit drivers to filter IRPs. This method is in the best practices, and is widely used. RogueKiller watches a few sensitive drivers (keyboard, disk, atapi, …) and lists the kernel filters attached to them. ETC...

No log was produced.


Zoek.exe v5.0.0.0 Updated 17-February-2015
Tool run by CeCe on Tue 02/17/2015 at 20:38:03.88.

Running in: Normal Mode Internet Access Detected
Launched: C:\Users\CeCe\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-02-16-230216.log   16582 bytes
C:\zoek-results2015-02-18-013022.log   16322 bytes

==== VirusTotal Scan ======================
 
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-86bbd3f0.exe https://www.virustotal.com/file/4D876BDAB7D84E81381C027EF6E81B4CB39D07AE9E67A0BFDE7CB54797371926/analysis/

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\ico.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\System32\Pmxmiced.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Windows\System32\mobsync.exe
C:\Users\CeCe\Desktop\zoek.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\CeCe\AppData\Local\temp\virustotal.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-

==== System Specs ======================

Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002)
Memory (RAM): 2037 MB
CPU Info: Intel(R) Core(TM)2 Duo CPU     E4500  @ 2.20GHz
CPU Speed: 2210.1 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel(R) G33/G31 Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1024 X 768 - 32 bit
Network: Network Present
Network Adapters: Intel(R) 82562V-2 10/100 Network Connection
CD / DVD Drives: 1x (E: | ) E: TSSTcorpDVD+-RW TS-H653B
Ports: COM3 LPT Port NOT Present.
Mouse: 7 Button Wheel Mouse Present
Hard Disks: C:  455.7GB | D:  10.0GB
Hard Disks - Free: C:  355.3GB | D:  3.3GB
Manufacturer *:
BIOS Info: AT/AT COMPATIBLE | 03/01/08 | DELL   - 42302e31
Time Zone: Eastern Standard Time
Motherboard *:
Country: United States
Language: ENU

==== System Specs (Software) ======================

Internet Explorer Version: 9.0.8112.16421
Mozilla Firefox version: 35.0.1 (x86 en-US)
Adobe Reader version: 10.1.12.15

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\CeCe\AppData\Local\Temp ====
2015-02-13 19:43:19   49E132C10543BCD073E6630B3AC95A58   1253376   ----a-w-   C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-86bbd3f0.exe
====== Java Cache =====
====== C:\Windows\system32 =====
2015-02-13 00:11:46   1A3778EBE361259C75D5D92D4119DB55   1810944   ----a-w-   C:\Windows\System32\jscript9.dll
2015-02-13 00:11:46   10C0DA063EEA438B73B60CE15BF8702B   717824   ----a-w-   C:\Windows\System32\jscript.dll
2015-02-12 00:18:16   0D8FBC644E556C40E06B7EB25A73F6E5   564224   ----a-w-   C:\Windows\System32\oleaut32.dll
2015-02-12 00:17:38   77036FE328B7A382A88DFBFE05ABBAC8   2063360   ----a-w-   C:\Windows\System32\win32k.sys
2015-02-12 00:17:23   55ADC2CB49975A92B954CFEB21C73E2E   974848   ----a-w-   C:\Windows\System32\WindowsCodecs.dll
2015-02-12 00:01:37   735B1EB4521724784A6C142CE923DBFC   306176   ----a-w-   C:\Windows\System32\scesrv.dll
2015-02-11 01:49:48   C9AEC0B252881C6372D4B252AAEFF1E0   421376   ----a-w-   C:\Windows\System32\vbscript.dll
2015-02-11 01:49:48   009D017C0A32C1D10C1B731185ED7E7B   353792   ----a-w-   C:\Windows\System32\dxtmsft.dll
2015-02-11 01:49:46   A1CC68D946EFEDAFCAFCC30F73069E54   176640   ----a-w-   C:\Windows\System32\ieui.dll
2015-02-11 01:49:46   90BFECC19CC9B8AD24879AF2D2EDD817   223232   ----a-w-   C:\Windows\System32\dxtrans.dll
2015-02-11 01:49:46   79E75447CCEB8522756FCD1EA1B858FF   1129472   ----a-w-   C:\Windows\System32\wininet.dll
2015-02-11 01:49:45   C3A39726B1AB3EDCD3E71488531D7D62   73216   ----a-w-   C:\Windows\System32\mshtmled.dll
2015-02-11 01:49:45   43EFB5C7EE9990A3FE51E38FD1A334EB   367104   ----a-w-   C:\Windows\System32\html.iec
2015-02-11 01:49:43   88DFFFE4A1C25C256A74629599292A2D   12371456   ----a-w-   C:\Windows\System32\mshtml.dll
2015-02-11 01:49:41   99AB7F4193275F8AA0A2E0CDDD787CCE   10752   ----a-w-   C:\Windows\System32\msfeedssync.exe
2015-02-11 01:49:41   8D45045DB8267BB3B86B06712FB676C3   11776   ----a-w-   C:\Windows\System32\mshta.exe
2015-02-11 01:49:40   AEEDEE2C22971D086B244B818BC5E789   65024   ----a-w-   C:\Windows\System32\jsproxy.dll
2015-02-11 01:49:40   61EFA6B58EBDE66BA4FE54FEC0BE6538   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2015-02-11 01:49:40   1C394C5CFA2769E7C95B99362B1C2131   41472   ----a-w-   C:\Windows\System32\msfeedsbs.dll
2015-02-11 01:49:38   14EA1AEF44A601DE1CC0EFD97690DEF1   1139712   ----a-w-   C:\Windows\System32\urlmon.dll
2015-02-11 01:49:37   F8A000CEB50A46BAED45101065635D84   607744   ----a-w-   C:\Windows\System32\msfeeds.dll
2015-02-11 01:49:36   40F6C5763DA273F5BC30E17C4B3B011F   1427968   ----a-w-   C:\Windows\System32\inetcpl.cpl
2015-02-11 01:49:35   60974C6E6B8456B5908A7650FC7C93DC   1802752   ----a-w-   C:\Windows\System32\iertutil.dll
2015-02-11 01:49:35   60652E280588712CFA1624D02C7139AA   142848   ----a-w-   C:\Windows\System32\ieUnatt.exe
2015-02-11 01:49:35   2B94917978DCC4DF10505FED0C6563F2   231936   ----a-w-   C:\Windows\System32\url.dll
2015-02-11 01:49:34   062C13975F34C1BBA43CD3BF01D8C899   9742336   ----a-w-   C:\Windows\System32\ieframe.dll
====== C:\Windows\system32\drivers =====
2015-02-12 00:15:10   5035EDF1F2E72F78BB1EC5BD9B97463F   440760   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-01-23 01:57:24   --------   d-----w-   C:\Program Files\Mozilla Maintenance Service
======= C: =====
====== C:\Users\CeCe\AppData\Roaming ======
====== C:\Users\CeCe ======
2015-02-16 17:58:17   8B968045D75783A09592C3105F2865DA   688992   ------r-   C:\Users\CeCe\Desktop\dds.com
2015-02-09 18:19:30   45D44A7710432FB898BED8EE8CBA10B8   5325208   ----a-w-   C:\Users\CeCe\Desktop\ccsetup502.exe

====== C: exe-files ==
2015-02-13 19:43:19   49E132C10543BCD073E6630B3AC95A58   1253376   ----a-w-   C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-86bbd3f0.exe
2015-02-11 01:49:41   C1A3532BE9CFD8569946FA5416B8AF59   22528   ----a-w-   C:\Program Files\Internet Explorer\ExtExport.exe
2015-02-11 01:49:41   99AB7F4193275F8AA0A2E0CDDD787CCE   10752   ----a-w-   C:\Windows\System32\msfeedssync.exe
2015-02-11 01:49:41   8D45045DB8267BB3B86B06712FB676C3   11776   ----a-w-   C:\Windows\System32\mshta.exe
2015-02-11 01:49:41   4FE66AC19646214A4A81D4A0BA88E823   223232   ----a-w-   C:\Program Files\Internet Explorer\ielowutil.exe
2015-02-11 01:49:40   28CD51D6A908C6357F6F6E11EB6D9054   757968   ----a-w-   C:\Program Files\Internet Explorer\iexplore.exe
2015-02-11 01:49:36   F3D7399A8685388F205401DE5B8D3293   470016   ----a-w-   C:\Program Files\Internet Explorer\ieinstal.exe
2015-02-11 01:49:35   60652E280588712CFA1624D02C7139AA   142848   ----a-w-   C:\Windows\System32\ieUnatt.exe
=== C: other files ==
2015-02-16 17:58:17   8B968045D75783A09592C3105F2865DA   688992   ------r-   C:\Users\CeCe\Desktop\dds.com
2015-02-12 00:17:38   77036FE328B7A382A88DFBFE05ABBAC8   2063360   ----a-w-   C:\Windows\System32\win32k.sys
2015-02-12 00:15:10   5035EDF1F2E72F78BB1EC5BD9B97463F   440760   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1860059605-2846582044-973104274-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe"
"PMX Daemon"="ICO.EXE"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
"dellsupportcenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe /P dellsupportcenter"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

==== Startup Folders ======================

2012-01-09 23:46:11   1748   ----a-w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
2012-01-09 23:46:11   2293   ----a-w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\CeCe\AppData\Roaming\Mozilla\Firefox\Profiles\5e6kt9v3.default
user_pref("browser.startup.homepage", "yahoo.com");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG2012\Firefox4" []

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\CeCe\AppData\Roaming\Mozilla\Firefox\Profiles\5e6kt9v3.default
343BA8F3ABC8CE69700F37DB4A82300F   - c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll -   Silverlight Plug-In
5232105D125A448E99D8C905AB4713EE   - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll -   Adobe Acrobat
21536AF136F35D9E960B085C905C98FB   - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll -   Adobe Acrobat
3FCF47BD73094FA62D81373515F46110   - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -   iTunes Application Detector
AB87EEFFD18F2BAAFC274E7075EA6C67   - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -   Windows Presentation Foundation / Windows Presentation Foundation
AB3546B509E4B89096078EB2081C39C7   - c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrlui.dll -   Microsoft® Silverlight


==== Chromium Look ======================


==== HijackThis Entries ======================

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-1860059605-2846582044-973104274-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?')
O4 - HKUS\S-1-5-21-1860059605-2846582044-973104274-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Tue 02/17/2015 at 20:43:53.42 ======================

Offline nbushell

  • Bronze Member
  • Posts: 33
Re: [Inactive] Dell Inspiron taking up to a minute to load IE 9 and freezing
« Reply #5 on: February 17, 2015, 08:29:51 PM »

Sorry I found the ogueKiller log when I went back from the page I was sent to...
RogueKiller V10.3.0.0 [Feb 16 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : CeCe [Administrator]
Mode : Scan -- Date : 02/17/2015  21:09:26

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_214B\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Found
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD (\SystemRoot\system32\drivers\afd.sys) -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-1860059605-2846582044-973104274-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com/  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1860059605-2846582044-973104274-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_214B\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_214B\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\fdc.sys)

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 5e6kt9v3.default : user_pref("browser.startup.homepage", "yahoo.com"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 68b07c3253518a43fb377d76e7a318ed
[BSP] 597689f9fd584ba824a36be87199a262 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 98304 | Size: 10240 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21069824 | Size: 466651 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2421
Re: [Inactive] Dell Inspiron taking up to a minute to load IE 9 and freezing
« Reply #6 on: February 18, 2015, 02:21:11 PM »
Hi nbushell

Step 1

Fix with RogueKiller
 
Please re-run RogueKiller.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on icon and select Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Upon completion, Make sure only the following are checked :-

[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_214B\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_214B\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_214B\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

  • The Delete button will become available. Click it.
  • Removal process may take some time. Also your machine may be restarted during this procedure. It's normal.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.
Please include the content of this logfile in your next reply.
 
Step 2


Please Download Farbar Recovery Scan Tool and save it to your Desktop.

  • Double-click the downloaded icon to run the tool.


  • When the tool opens click Yes to disclaimer.



  • Press Scan button.



  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline nbushell

  • Bronze Member
  • Posts: 33
Re: [Inactive] Dell Inspiron taking up to a minute to load IE 9 and freezing
« Reply #7 on: February 18, 2015, 04:37:01 PM »


Hi,
Here are the RogueKiller and FRST logs.

RogueKiller V10.3.0.0 [Feb 16 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : CeCe [Administrator]
Mode : Delete -- Date : 02/18/2015  17:25:59

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_410B\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Replaced (explorer.exe)
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD (\SystemRoot\system32\drivers\afd.sys) -> Not selected
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-21-1860059605-2846582044-973104274-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com/  -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1860059605-2846582044-973104274-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_410B\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Replaced (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_410B\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Replaced (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\fdc.sys)

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 5e6kt9v3.default : user_pref("browser.startup.homepage", "yahoo.com"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 68b07c3253518a43fb377d76e7a318ed
[BSP] 597689f9fd584ba824a36be87199a262 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 98304 | Size: 10240 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21069824 | Size: 466651 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_02172015_210925.log - RKreport_SCN_02182015_170710.log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-02-2015 01
Ran by CeCe (administrator) on D72PV4G1 on 18-02-2015 17:31:04
Running from C:\Users\CeCe\Desktop
Loaded Profiles: CeCe (Available profiles: CeCe)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Primax Electronics Ltd.) C:\Windows\System32\pmxmiced.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-11] (Realtek Semiconductor)
HKLM\...\Run: [PMX Daemon] => C:\Windows\system32\ICO.EXE [49152 2006-11-08] (Primax Electronics Ltd.)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-08-14] (SupportSoft, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKU\S-1-5-21-1860059605-2846582044-973104274-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1860059605-2846582044-973104274-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1860059605-2846582044-973104274-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1860059605-2846582044-973104274-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1860059605-2846582044-973104274-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-1860059605-2846582044-973104274-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424
SearchScopes: HKU\S-1-5-21-1860059605-2846582044-973104274-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKU\S-1-5-21-1860059605-2846582044-973104274-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\CeCe\AppData\Roaming\Mozilla\Firefox\Profiles\5e6kt9v3.default
FF Homepage: yahoo.com
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-06]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33176 2009-03-03] (NOS Microsystems Ltd.)
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe [16680 2008-04-26] (Citrix Online, a division of Citrix Systems, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2008-02-27] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2007-05-24] (Intuit Inc.) [File not signed]
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 17:31 - 2015-02-18 17:31 - 00009558 _____ () C:\Users\CeCe\Desktop\FRST.txt
2015-02-18 17:29 - 2015-02-18 17:29 - 01126400 _____ (Farbar) C:\Users\CeCe\Desktop\FRST.exe
2015-02-18 17:27 - 2015-02-18 17:27 - 00004494 _____ () C:\Users\CeCe\Desktop\RKreport_DEL_02182015_172559.log
2015-02-18 17:20 - 2015-02-18 17:20 - 00000000 ____D () C:\Users\CeCe\AppData\Local\CrashDumps
2015-02-17 20:57 - 2015-02-18 17:02 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-17 20:57 - 2015-02-17 20:57 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-17 20:52 - 2015-02-17 20:55 - 15494232 _____ () C:\Users\CeCe\Desktop\RogueKiller.exe
2015-02-17 20:46 - 2015-02-17 20:50 - 15494232 _____ () C:\Users\CeCe\Downloads\RogueKiller(1).exe
2015-02-17 20:45 - 2015-02-17 20:48 - 15494232 _____ () C:\Users\CeCe\Downloads\RogueKiller.exe
2015-02-17 20:44 - 2015-02-17 20:44 - 00016448 _____ () C:\Users\CeCe\Desktop\zoek-results.txt
2015-02-17 20:38 - 2015-02-17 20:30 - 00016322 _____ () C:\zoek-results2015-02-18-013022.log
2015-02-17 20:25 - 2015-02-16 18:02 - 00016582 _____ () C:\zoek-results2015-02-16-230216.log
2015-02-17 18:28 - 2015-02-18 13:33 - 00000990 _____ () C:\Windows\PFRO.log
2015-02-16 17:52 - 2015-02-17 20:43 - 00016448 _____ () C:\zoek-results.log
2015-02-16 17:50 - 2015-02-16 17:50 - 00000000 ____D () C:\zoek_backup
2015-02-16 17:49 - 2015-02-16 17:49 - 01304576 _____ () C:\Users\CeCe\Desktop\zoek.exe
2015-02-16 13:49 - 2015-02-16 13:49 - 00000355 _____ () C:\Users\CeCe\Desktop\spyware.txt
2015-02-16 13:00 - 2015-02-16 13:01 - 00008727 _____ () C:\Users\CeCe\Desktop\dds.txt
2015-02-16 13:00 - 2015-02-16 13:01 - 00003049 _____ () C:\Users\CeCe\Desktop\attach.txt
2015-02-16 12:58 - 2015-02-16 12:58 - 00688992 ____R (Swearware) C:\Users\CeCe\Desktop\dds.com
2015-02-15 17:33 - 2015-02-15 17:33 - 00123326 _____ () C:\Users\CeCe\Documents\cc_20150215_173319.reg
2015-02-15 16:57 - 2015-02-15 16:57 - 00000034 _____ () C:\Windows\setupact.log
2015-02-15 16:57 - 2015-02-15 16:57 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-15 15:32 - 2015-02-15 15:32 - 00001642 _____ () C:\Windows\ie8_main.log
2015-02-15 15:20 - 2015-02-15 15:27 - 00002382 _____ () C:\Windows\IE9_main.log
2015-02-12 19:11 - 2015-01-22 22:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 19:11 - 2015-01-22 21:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 19:18 - 2014-11-25 21:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 19:17 - 2015-01-12 20:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 19:17 - 2015-01-08 19:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 19:15 - 2015-01-14 23:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 19:04 - 2015-02-11 19:04 - 00000000 ____D () C:\Windows\Temp61636CC1-3454-218B-1104-4A12D9FBB7F9-Signatures
2015-02-11 19:01 - 2014-12-07 20:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 20:49 - 2015-01-13 20:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 20:49 - 2015-01-13 20:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-10 20:49 - 2015-01-13 20:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 20:49 - 2015-01-13 20:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 20:49 - 2015-01-13 20:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 20:49 - 2015-01-13 20:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 20:49 - 2015-01-13 20:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 20:49 - 2015-01-13 20:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 20:49 - 2015-01-13 20:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 20:49 - 2015-01-13 20:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-10 20:49 - 2015-01-13 20:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 20:49 - 2015-01-13 20:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 20:49 - 2015-01-13 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 20:49 - 2015-01-13 20:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 20:49 - 2015-01-13 20:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 20:49 - 2015-01-13 20:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 20:49 - 2015-01-13 20:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 20:49 - 2015-01-13 20:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-10 20:49 - 2015-01-13 20:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-10 20:49 - 2015-01-13 20:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-09 13:21 - 2015-02-09 13:21 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-09 13:21 - 2015-02-09 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-09 13:19 - 2015-02-09 13:19 - 05325208 _____ (Piriform Ltd) C:\Users\CeCe\Desktop\ccsetup502.exe
2015-02-08 21:12 - 2015-02-12 18:55 - 00001828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-08 21:11 - 2015-02-12 18:53 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-08 16:36 - 2015-02-09 20:28 - 00014330 _____ () C:\Users\CeCe\Desktop\Access.ods
2015-01-28 14:40 - 2015-01-28 14:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-22 20:57 - 2015-02-02 18:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 17:31 - 2013-07-16 19:45 - 00000000 ____D () C:\FRST
2015-02-18 16:54 - 2013-10-31 16:48 - 01381501 _____ () C:\Windows\WindowsUpdate.log
2015-02-18 15:34 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-18 15:34 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-18 13:34 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-17 21:30 - 2006-11-02 08:01 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-17 19:05 - 2014-11-02 11:51 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-15 15:59 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-02-12 19:12 - 2013-07-21 13:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 18:58 - 2006-11-02 05:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-12 18:55 - 2011-02-18 21:07 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-11 19:39 - 2013-10-31 16:47 - 00417504 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-09 13:21 - 2014-10-22 12:52 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-08 14:39 - 2014-11-02 11:50 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-08 14:39 - 2014-11-02 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-08 14:39 - 2014-11-02 11:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

==================== Files in the root of some directories =======

2008-04-26 14:02 - 2011-06-15 19:16 - 0025314 ____H () C:\Users\CeCe\AppData\Roaming\wklnhst.dat
2011-02-16 15:18 - 2011-02-16 15:18 - 0000680 ____H () C:\Users\CeCe\AppData\Local\d3d9caps.dat
2008-05-20 18:28 - 2009-06-23 13:15 - 0003584 _____ () C:\Users\CeCe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-02-21 20:39 - 2011-02-21 20:39 - 0000036 ____H () C:\Users\CeCe\AppData\Local\housecall.guid.cache
2014-02-05 14:33 - 2014-02-05 14:33 - 0003165 _____ () C:\Users\CeCe\AppData\Local\HWVendorDetection.log
2011-08-12 19:21 - 2011-08-12 19:28 - 0009972 ___SH () C:\Users\CeCe\AppData\Local\lvvd2lju371237kq43u66gj666dwqc3f3le5807hc57
2011-03-22 19:35 - 2011-03-22 19:36 - 0003932 ___SH () C:\Users\CeCe\AppData\Local\s744qe51d1d0r27pd42h21mhg08qn22
2011-08-12 19:21 - 2011-08-12 19:28 - 0009972 ___SH () C:\ProgramData\lvvd2lju371237kq43u66gj666dwqc3f3le5807hc57
2011-07-21 17:17 - 2011-07-21 17:21 - 0000384 ____H () C:\ProgramData\P1kAlMiG2Kb7Fz
2011-03-22 19:35 - 2011-03-22 19:36 - 0003932 ___SH () C:\ProgramData\s744qe51d1d0r27pd42h21mhg08qn22
2011-07-21 17:17 - 2011-07-21 17:17 - 0000232 ____H () C:\ProgramData\~P1kAlMiG2Kb7Fz
2011-07-21 17:17 - 2011-07-21 17:17 - 0000184 ____H () C:\ProgramData\~P1kAlMiG2Kb7Fzr

Some content of TEMP:
====================
C:\Users\CeCe\AppData\Local\temp\dllnt_dump.dll
C:\Users\CeCe\AppData\Local\temp\virustotal.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-18 13:41

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-02-2015 01
Ran by CeCe at 2015-02-18 17:31:39
Running from C:\Users\CeCe\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Canon iP3500 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3500_series) (Version:  - )
Canon iP3500 series User Registration (HKLM\...\Canon iP3500 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08267 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
getPlus(R) for Adobe (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.35 - NOS Microsystems Ltd.)
GoToAssist 8.0.0.508 (HKLM\...\GoToAssist) (Version:  - )
Intel(R) PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version:  - Intel)
iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)
Macromedia Dreamweaver 2 (HKLM\...\Macromedia Dreamweaver 2) (Version: 2 - Macromedia)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
Mouse Suite for Desktop Computers (HKLM\...\{448E2D77-E504-4221-B2C2-93646B344729}) (Version: 2.50.025 - Dell)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
OpenOffice.org 3.2 (HKLM\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
QuickBooks Simple Start 2008 (HKLM\...\{8ECB8220-F419-4BEB-9596-97033C533702}) (Version: 18.0.4005.606 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - )
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{1704815D-0A03-44ff-8646-1AE1FE84E313}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2008\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2008\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2008\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1860059605-2846582044-973104274-1000_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Restore Points  =========================

Could not list restore points.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2013-07-15 15:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1DD0BE69-D513-40E1-AE93-50C9152F3924} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3D59D76B-F3EB-4A11-8102-0D172A4724B8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {4D14F89D-DA48-45E7-A944-767C3048DA63} - System32\Tasks\{E83EB39C-A51E-4FE3-8B77-62A7D5EAAD4F} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {69F07AC7-B81A-477D-B206-F9E5268B8D14} - System32\Tasks\{7F758817-F539-49D0-82E4-420AF981B612} => pcalua.exe -a E:\Setup0C6.exe -d E:\
Task: {849F009B-ECA8-48A8-A70F-4768768536BE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E3C93979-3946-40DF-804F-417292E22395} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - CeCe => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2008-04-24 19:12 - 2007-09-25 06:10 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\CeCe\Documents\kirklandfurniture.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\52115582.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\52115582.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1860059605-2846582044-973104274-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\Inspiron_DT_1152x864_01.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1860059605-2846582044-973104274-500 - Administrator - Disabled)
CeCe (S-1-5-21-1860059605-2846582044-973104274-1000 - Administrator - Enabled) => C:\Users\CeCe
Guest (S-1-5-21-1860059605-2846582044-973104274-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/18/2015 05:20:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application AcroRd32.exe, version 10.1.12.15, time stamp 0x540845eb, faulting module IA32.api_unloaded, version 0.0.0.0, time stamp 0x54085529, exception code 0xc0000005, fault offset 0x6a9a2180,
process id 0xbd4, application start time 0xAcroRd32.exe0.

Error: (02/18/2015 02:32:00 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x800423f3).

Error: (02/18/2015 02:32:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x800423f3).

Error: (02/18/2015 01:43:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CECE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\LOW\CONTENT.IE5\02QLCX1X\SD[1].GIF> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (02/18/2015 01:43:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CECE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\LOW\CONTENT.IE5\02QLCX1X\SD[1].GIF> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (02/18/2015 01:36:37 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error: (02/18/2015 01:35:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2select * from MSFT_SCMEventLogEvent0x80041010

Error: (02/18/2015 01:35:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: $Coreselect * from __TimerEvent__TimerEvent//./root/CIMV2

Error: (02/18/2015 01:35:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: $Coreselect * from __SystemEvent__SystemEvent//./root/CIMV2

Error: (02/18/2015 01:35:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: $Coreselect * from __NamespaceOperationEvent__NamespaceOperationEvent//./root/CIMV2


System errors:
=============
Error: (02/14/2015 03:21:13 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

   Feature: %%886

   Error Code: 0x80070005

   Error description: Access is denied.

   Reason: %%892

Error: (02/14/2015 03:20:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:19:05 PM on 2/14/2015 was unexpected.

Error: (02/13/2015 02:42:41 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.191.4700.0

   Update Source: %NT AUTHORITY59

   Update Stage: 4.7.0205.00

   Source Path: 4.7.0205.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\SYSTEM

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (02/13/2015 02:42:40 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.191.4700.0

   Update Source: %NT AUTHORITY59

   Update Stage: 4.7.0205.00

   Source Path: 4.7.0205.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\SYSTEM

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (02/13/2015 02:42:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (02/13/2015 02:37:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (02/11/2015 07:29:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Update for Microsoft Security Essentials - 4.7.205.0 (KB2994766){83B9BD3A-BCBF-49AF-92BA-304A1969F040}200

Error: (02/09/2015 04:51:45 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (02/18/2015 05:20:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcroRd32.exe10.1.12.15540845ebIA32.api_unloaded0.0.0.054085529c00000056a9a2180bd401d04bc9182d3530

Error: (02/18/2015 02:32:00 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: 0x800423f3

Error: (02/18/2015 02:32:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x800423f3

Error: (02/18/2015 01:43:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
   A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\CECE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\LOW\CONTENT.IE5\02QLCX1X\SD[1].GIF

Error: (02/18/2015 01:43:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
   A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\CECE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\LOW\CONTENT.IE5\02QLCX1X\SD[1].GIF

Error: (02/18/2015 01:36:37 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description:

Error: (02/18/2015 01:35:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2select * from MSFT_SCMEventLogEvent0x80041010

Error: (02/18/2015 01:35:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: $Coreselect * from __TimerEvent__TimerEvent//./root/CIMV2

Error: (02/18/2015 01:35:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: $Coreselect * from __SystemEvent__SystemEvent//./root/CIMV2

Error: (02/18/2015 01:35:39 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: $Coreselect * from __NamespaceOperationEvent__NamespaceOperationEvent//./root/CIMV2


CodeIntegrity Errors:
===================================
  Date: 2015-02-17 19:06:08.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-17 19:06:08.162
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-17 19:06:07.834
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-17 19:06:07.382
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-17 18:49:22.414
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-17 18:49:22.087
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-17 18:49:21.743
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-17 18:49:21.416
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-17 18:36:56.031
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-17 18:36:55.626
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Percentage of memory in use: 71%
Total physical RAM: 2036.45 MB
Available physical RAM: 576.76 MB
Total Pagefile: 4314.2 MB
Available Pagefile: 3221.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:455.71 GB) (Free:352.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:3.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 08000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=455.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2421
Re: [Inactive] Dell Inspiron taking up to a minute to load IE 9 and freezing
« Reply #8 on: February 19, 2015, 04:02:06 PM »
Hi nbushell

Step 1

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt

Code: [Select]
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1860059605-2846582044-973104274-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKU\S-1-5-21-1860059605-2846582044-973104274-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\CeCe\AppData\Local\temp\dllnt_dump.dll
C:\Users\CeCe\AppData\Local\temp\virustotal.exe
EmptyTemp:

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system
[/color]

Run FRST and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

Step 2


We need to re-run Zoek

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe

You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !
Code: [Select]
resetWMI;
srinfo;
standardsearch;

  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline nbushell

  • Bronze Member
  • Posts: 33
Re: [Inactive] Dell Inspiron taking up to a minute to load IE 9 and freezing
« Reply #9 on: February 19, 2015, 08:10:50 PM »

Hi,
Here are the FRST and Zoek files.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-02-2015 01
Ran by CeCe at 2015-02-19 20:42:36 Run:1
Running from C:\Users\CeCe\Desktop
Loaded Profiles: CeCe (Available profiles: CeCe)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1860059605-2846582044-973104274-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKU\S-1-5-21-1860059605-2846582044-973104274-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\CeCe\AppData\Local\temp\dllnt_dump.dll
C:\Users\CeCe\AppData\Local\temp\virustotal.exe
EmptyTemp:
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1860059605-2846582044-973104274-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKU\S-1-5-21-1860059605-2846582044-973104274-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
catchme => Service deleted successfully.
C:\Users\CeCe\AppData\Local\temp\dllnt_dump.dll => Moved successfully.
C:\Users\CeCe\AppData\Local\temp\virustotal.exe => Moved successfully.
EmptyTemp: => Removed 412.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:43:42 ====


Zoek.exe v5.0.0.0 Updated 19-February-2015
Tool run by CeCe on Thu 02/19/2015 at 20:51:09.79.

Running in: Normal Mode Internet Access Detected
Launched: C:\Users\CeCe\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-02-16-230216.log   16582 bytes
C:\zoek-results2015-02-18-013022.log   16322 bytes
C:\zoek-results2015-02-18-014353.log   16448 bytes

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\ico.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\Pmxmiced.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\CeCe\Desktop\zoek.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

==== System Specs ======================

Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002)
Memory (RAM): 2037 MB
CPU Info: Intel(R) Core(TM)2 Duo CPU     E4500  @ 2.20GHz
CPU Speed: 2206.9 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel(R) G33/G31 Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1024 X 768 - 32 bit
Network: Network Present
Network Adapters: Intel(R) 82562V-2 10/100 Network Connection
CD / DVD Drives: 1x (E: | ) E: TSSTcorpDVD+-RW TS-H653B
Ports: COM3 LPT Port NOT Present.
Mouse: 7 Button Wheel Mouse Present
Hard Disks: C:  455.7GB | D:  10.0GB
Hard Disks - Free: C:  352.3GB | D:  3.3GB
Manufacturer *:
BIOS Info: AT/AT COMPATIBLE | 03/01/08 | DELL   - 42302e31
Time Zone: Eastern Standard Time
Motherboard *:
Country: United States
Language: ENU

==== System Specs (Software) ======================

Internet Explorer Version: 9.0.8112.16421
Mozilla Firefox version: 35.0.1 (x86 en-US)
Adobe Reader version: 10.1.12.15

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\CeCe\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2015-02-13 00:11:46   1A3778EBE361259C75D5D92D4119DB55   1810944   ----a-w-   C:\Windows\System32\jscript9.dll
2015-02-13 00:11:46   10C0DA063EEA438B73B60CE15BF8702B   717824   ----a-w-   C:\Windows\System32\jscript.dll
2015-02-12 00:18:16   0D8FBC644E556C40E06B7EB25A73F6E5   564224   ----a-w-   C:\Windows\System32\oleaut32.dll
2015-02-12 00:17:38   77036FE328B7A382A88DFBFE05ABBAC8   2063360   ----a-w-   C:\Windows\System32\win32k.sys
2015-02-12 00:17:23   55ADC2CB49975A92B954CFEB21C73E2E   974848   ----a-w-   C:\Windows\System32\WindowsCodecs.dll
2015-02-12 00:01:37   735B1EB4521724784A6C142CE923DBFC   306176   ----a-w-   C:\Windows\System32\scesrv.dll
2015-02-11 01:49:48   C9AEC0B252881C6372D4B252AAEFF1E0   421376   ----a-w-   C:\Windows\System32\vbscript.dll
2015-02-11 01:49:48   009D017C0A32C1D10C1B731185ED7E7B   353792   ----a-w-   C:\Windows\System32\dxtmsft.dll
2015-02-11 01:49:46   A1CC68D946EFEDAFCAFCC30F73069E54   176640   ----a-w-   C:\Windows\System32\ieui.dll
2015-02-11 01:49:46   90BFECC19CC9B8AD24879AF2D2EDD817   223232   ----a-w-   C:\Windows\System32\dxtrans.dll
2015-02-11 01:49:46   79E75447CCEB8522756FCD1EA1B858FF   1129472   ----a-w-   C:\Windows\System32\wininet.dll
2015-02-11 01:49:45   C3A39726B1AB3EDCD3E71488531D7D62   73216   ----a-w-   C:\Windows\System32\mshtmled.dll
2015-02-11 01:49:45   43EFB5C7EE9990A3FE51E38FD1A334EB   367104   ----a-w-   C:\Windows\System32\html.iec
2015-02-11 01:49:43   88DFFFE4A1C25C256A74629599292A2D   12371456   ----a-w-   C:\Windows\System32\mshtml.dll
2015-02-11 01:49:41   99AB7F4193275F8AA0A2E0CDDD787CCE   10752   ----a-w-   C:\Windows\System32\msfeedssync.exe
2015-02-11 01:49:41   8D45045DB8267BB3B86B06712FB676C3   11776   ----a-w-   C:\Windows\System32\mshta.exe
2015-02-11 01:49:40   AEEDEE2C22971D086B244B818BC5E789   65024   ----a-w-   C:\Windows\System32\jsproxy.dll
2015-02-11 01:49:40   61EFA6B58EBDE66BA4FE54FEC0BE6538   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2015-02-11 01:49:40   1C394C5CFA2769E7C95B99362B1C2131   41472   ----a-w-   C:\Windows\System32\msfeedsbs.dll
2015-02-11 01:49:38   14EA1AEF44A601DE1CC0EFD97690DEF1   1139712   ----a-w-   C:\Windows\System32\urlmon.dll
2015-02-11 01:49:37   F8A000CEB50A46BAED45101065635D84   607744   ----a-w-   C:\Windows\System32\msfeeds.dll
2015-02-11 01:49:36   40F6C5763DA273F5BC30E17C4B3B011F   1427968   ----a-w-   C:\Windows\System32\inetcpl.cpl
2015-02-11 01:49:35   60974C6E6B8456B5908A7650FC7C93DC   1802752   ----a-w-   C:\Windows\System32\iertutil.dll
2015-02-11 01:49:35   60652E280588712CFA1624D02C7139AA   142848   ----a-w-   C:\Windows\System32\ieUnatt.exe
2015-02-11 01:49:35   2B94917978DCC4DF10505FED0C6563F2   231936   ----a-w-   C:\Windows\System32\url.dll
2015-02-11 01:49:34   062C13975F34C1BBA43CD3BF01D8C899   9742336   ----a-w-   C:\Windows\System32\ieframe.dll
====== C:\Windows\system32\drivers =====
2015-02-18 01:57:25   FD44FA80DA03EA144153A76DEBBB61B4   35064   ----a-w-   C:\Windows\System32\drivers\TrueSight.sys
2015-02-12 00:15:10   5035EDF1F2E72F78BB1EC5BD9B97463F   440760   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-01-23 01:57:24   --------   d-----w-   C:\Program Files\Mozilla Maintenance Service
======= C: =====
====== C:\Users\CeCe\AppData\Roaming ======
2015-02-18 22:20:45   --------   d-----w-   C:\Users\CeCe\AppData\Local\CrashDumps
====== C:\Users\CeCe ======
2015-02-18 22:29:39   234286460F4EC0F5D442B5BC43203540   1126400   ----a-w-   C:\Users\CeCe\Desktop\FRST.exe
2015-02-18 01:57:24   --------   d-----w-   C:\ProgramData\RogueKiller
2015-02-18 01:52:30   C71936E887F1DC6F9A850568CCC9B7BA   15494232   ----a-w-   C:\Users\CeCe\Desktop\RogueKiller.exe
2015-02-18 01:46:13   C71936E887F1DC6F9A850568CCC9B7BA   15494232   ----a-w-   C:\Users\CeCe\Downloads\RogueKiller(1).exe
2015-02-18 01:45:35   C71936E887F1DC6F9A850568CCC9B7BA   15494232   ----a-w-   C:\Users\CeCe\Downloads\RogueKiller.exe
2015-02-16 17:58:17   8B968045D75783A09592C3105F2865DA   688992   ------r-   C:\Users\CeCe\Desktop\dds.com
2015-02-09 18:19:30   45D44A7710432FB898BED8EE8CBA10B8   5325208   ----a-w-   C:\Users\CeCe\Desktop\ccsetup502.exe

====== C: exe-files ==
2015-02-18 22:29:39   234286460F4EC0F5D442B5BC43203540   1126400   ----a-w-   C:\Users\CeCe\Desktop\FRST.exe
2015-02-18 01:52:30   C71936E887F1DC6F9A850568CCC9B7BA   15494232   ----a-w-   C:\Users\CeCe\Desktop\RogueKiller.exe
2015-02-18 01:46:13   C71936E887F1DC6F9A850568CCC9B7BA   15494232   ----a-w-   C:\Users\CeCe\Downloads\RogueKiller(1).exe
2015-02-18 01:45:35   C71936E887F1DC6F9A850568CCC9B7BA   15494232   ----a-w-   C:\Users\CeCe\Downloads\RogueKiller.exe
=== C: other files ==
2015-02-18 01:57:25   FD44FA80DA03EA144153A76DEBBB61B4   35064   ----a-w-   C:\Windows\System32\drivers\TrueSight.sys
2015-02-16 17:58:17   8B968045D75783A09592C3105F2865DA   688992   ------r-   C:\Users\CeCe\Desktop\dds.com

======== System Restore Points ========

No Restore Point in System.

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1860059605-2846582044-973104274-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe"
"PMX Daemon"="ICO.EXE"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
"dellsupportcenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe /P dellsupportcenter"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

==== Startup Folders ======================

2012-01-09 23:46:11   1748   ----a-w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
2012-01-09 23:46:11   2293   ----a-w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\CeCe\AppData\Roaming\Mozilla\Firefox\Profiles\5e6kt9v3.default
user_pref("browser.startup.homepage", "yahoo.com");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG2012\Firefox4" []

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\CeCe\AppData\Roaming\Mozilla\Firefox\Profiles\5e6kt9v3.default
343BA8F3ABC8CE69700F37DB4A82300F   - c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll -   Silverlight Plug-In
5232105D125A448E99D8C905AB4713EE   - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll -   Adobe Acrobat
21536AF136F35D9E960B085C905C98FB   - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll -   Adobe Acrobat
3FCF47BD73094FA62D81373515F46110   - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -   iTunes Application Detector
AB87EEFFD18F2BAAFC274E7075EA6C67   - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -   Windows Presentation Foundation / Windows Presentation Foundation
AB3546B509E4B89096078EB2081C39C7   - c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrlui.dll -   Microsoft® Silverlight


==== Chromium Look ======================


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.yahoo.com/"
"Default_Page_URL"="http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

==== HijackThis Entries ======================

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-1860059605-2846582044-973104274-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?')
O4 - HKUS\S-1-5-21-1860059605-2846582044-973104274-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

==== Reset WMI ======================

Repository backup failed to complete
Error code:   0x8007000B
Facility:   Win32
Description:   An attempt was made to load a program with an incorrect format.

The following services are dependent on the Windows Management Instrumentation service.
Stopping the Windows Management Instrumentation service will also stop these services.

   Security Center
   Internet Connection Sharing (ICS)
   IP Helper

The Security Center service is stopping.
The Security Center service was stopped successfully.

The Internet Connection Sharing (ICS) service is stopping.
The Internet Connection Sharing (ICS) service was stopped successfully.

The IP Helper service is stopping.
The IP Helper service was stopped successfully.

The Windows Management Instrumentation service is stopping.
The Windows Management Instrumentation service was stopped successfully.

C:\Windows\system32\wbem\repository renamed to repository.old

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== After Reboot ======================

==== EOF on Thu 02/19/2015 at 20:59:14.83 ======================


Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2421
Re: [Inactive] Dell Inspiron taking up to a minute to load IE 9 and freezing
« Reply #10 on: February 20, 2015, 03:13:15 PM »
Hi nbushell

As Zoek looks to have fix the issue you had with System Restore points, It would be a good idea to Create one.

Step 1

Create a system restore point


  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.

Step 2


Perform an Online Antivirus Scan with ESET:


Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".
  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When the scan is complete,

If no threats were found:
  • Check in "Uninstall application on close"
  • Close program
If  threats were found:
  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program
  • Copy and paste ESETScanLog.txt in your next reply
[/list]
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline nbushell

  • Bronze Member
  • Posts: 33
Re: [Inactive] Dell Inspiron taking up to a minute to load IE 9 and freezing
« Reply #11 on: February 21, 2015, 09:03:36 AM »


Hi,
Below is my eset log.

C:\AdwCleaner\Quarantine\C\Program Files\SoftwareUpdater\AppsUpdater.exe.vir   a variant of MSIL/Vittalia.D potentially unwanted application   deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\SoftwareUpdater\KeyGen.dll.vir   Win32/Vittalia.K potentially unwanted application   deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\SoftwareUpdater\uninstall.exe.vir   Win32/Vittalia.W potentially unwanted application   deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\SoftwareUpdater\UpdaterService.exe.vir   a variant of MSIL/Vittalia.I potentially unwanted application   deleted - quarantined
C:\Users\CeCe\AppData\LocalLow\ljcrkzf.dll   a variant of Win32/Kryptik.CPNG trojan   cleaned by deleting - quarantined
C:\Users\CeCe\AppData\LocalLow\stiknzf.dll   a variant of Win32/Kryptik.CPJN trojan   cleaned by deleting - quarantined
C:\Users\CeCe\AppData\LocalLow\uwxkiia.dll   Win32/TrojanDownloader.Tracur.AM trojan   cleaned by deleting - quarantined
C:\Users\CeCe\Desktop\ccsetup502.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   deleted - quarantined

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2421
Re: [Inactive] Dell Inspiron taking up to a minute to load IE 9 and freezing
« Reply #12 on: February 21, 2015, 09:54:25 AM »
Hi nbushell

How is your machine running now? Do you have any further issues?
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline nbushell

  • Bronze Member
  • Posts: 33
Re: [Inactive] Dell Inspiron taking up to a minute to load IE 9 and freezing
« Reply #13 on: February 21, 2015, 08:19:54 PM »

Hi Seedy21,
It seems better, but I really didn't get much of a chance to use it today...dealing with Ice Dams here in Boston. I will check it out tomorrow.

Thanks

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2421
Re: [Inactive] Dell Inspiron taking up to a minute to load IE 9 and freezing
« Reply #14 on: February 22, 2015, 02:25:37 PM »
Hi nbushell

I hope the weather gets better.

Please run your machine for 24 hours and give me an update.
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club