Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Malware


  • Please log in to reply

#1
itm7

itm7

    New Member

  • Member
  • Pip
  • 7 posts

Hi-

My son's Dell laptop with Windows 7 started having problems when he tried to open Microsoft WORD and received the following message:  "The application was unable to start correctly (0xc00000006) Click Ok to close application". 

-Also, he's unable to install/uninstall any software. 

-The laptop began to run very slowly to the point where now it won't boot up properly.  

Is this possibly malware?  Appreciate any advice and resolutions.  Thanks.


  • 0

Advertisements


#2
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,198 posts
Hi itm7,

Welcome to Geeks to Go! :)

My name is Donna and I'll be helping you to clean up your computer.

Malware is a possibility. Let's check and see if we can rule that out.

First of all, please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)
Just in case our conventional methods do not work, do you have a second computer and a USB flash drive that is 8GB or larger that we can use?

Let's try the conventional method first... :)

Please download Farbar Recovery Scan Tool and save it to the desktop of the problem computer. <<< Very Important!

Note: You will need to run the version compatible with your system. If you are not sure which version (32 or 64-bit) applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Make sure that FRST is on the desktop of the computer.
  • Right click and choose Run as administrator. When the tool opens click Yes to disclaimer.
  • Under Optional Scan make sure there is a checkmark in the box for Addition.txt to ensure it creates that 2nd log.
  • Press Scan button.
  • Please copy then paste both logs into your next reply.

  • 0

#3
itm7

itm7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi Donna!  Thanks for your reply.  Yes, we have access to another computer and a flash drive.  We can only boot up the laptop in safe mode.  With that, is it okay to dlownload FRST on the 2nd computer and then copy it onto the desktop of the problem computer, and run it pursuant to your instructions?  Thanks!


  • 0

#4
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,198 posts
Hi itm7,

Since you are able to boot the laptop into Safe Mode, please do as follows. Do pay close attention to the instructions concerning flash drive letter:

You will need a USB Flash drive and a working computer to follow the instructions below.

On a working computer:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected/problem PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:


Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt

    Next:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste this log in your Topic.

  • 0

#5
itm7

itm7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi!  Here is the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by SYSTEM on MININT-3PBRA65 (30-12-2017 18:27:36)
Running from e:\
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-03] (Dell Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231776 2015-06-24] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518496 2015-06-24] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [5KPlayer.exe] => C:\Program Files (x86)\DearMob\5KPlayer\5KPlayer.exe [4188560 2017-01-03] ()
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1928776 2016-11-08] (APN)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Default\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\Default User\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\Kayla\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-10-09] (Garmin Ltd. or its subsidiaries)
HKU\Kayla\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-07] (Piriform Ltd)
HKU\Kayla\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2009-07-13] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-10-12]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-10-12]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-10-20]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [201800 2016-11-08] (APN LLC.)
S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1085968 2017-10-09] (Garmin Ltd. or its subsidiaries)
S4 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation)
S4 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation)
S4 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8602992 2017-09-11] (Reimage®)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-03] (Dell Inc.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2013-09-23] (hxxp://libusb-win32.sourceforge.net)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
S1 MpKsl3ded797b; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2449CB5B-681D-4EA6-8F9F-7AF3FB4FF52E}\MpKsl3ded797b.sys [58120 2017-12-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-30 18:27 - 2017-12-30 18:27 - 000000000 ____D C:\FRST
2017-12-23 10:47 - 2017-12-23 10:47 - 000000000 _____ C:\4092.dummy.001
2017-12-23 10:44 - 2017-12-23 10:44 - 000000000 _____ C:\4092.dummy.000
2017-12-23 09:22 - 2017-12-23 09:22 - 000000000 __SHD C:\found.003
2017-12-23 00:50 - 2017-12-23 08:37 - 000000000 ___SD C:\32788R22FWJFW
2017-12-22 18:00 - 2017-12-22 18:01 - 000000000 ___SD C:\ComboFix
2017-12-22 06:29 - 2017-12-30 16:30 - 000873492 _____ C:\Windows\ntbtlog.txt
2017-12-22 03:13 - 2017-12-22 03:13 - 000006768 ____N C:\bootsqm.dat
2017-12-21 23:02 - 2017-12-21 23:02 - 000000000 __SHD C:\found.002
2017-12-21 00:13 - 2017-12-23 16:30 - 000000000 ____D C:\Users\Kayla\Desktop\IG
2017-12-21 00:00 - 2017-12-21 00:00 - 000004274 _____ C:\Windows\System32\Tasks\ReimageUpdater
2017-12-20 23:59 - 2017-12-22 05:46 - 000000000 ____D C:\ProgramData\Reimage Protector
2017-12-20 23:58 - 2017-12-20 23:58 - 000001843 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2017-12-20 23:58 - 2017-12-20 23:58 - 000001843 _____ C:\ProgramData\Desktop\PC Scan & Repair by Reimage.lnk
2017-12-20 23:57 - 2017-12-21 00:00 - 000000000 ____D C:\Program Files\Reimage
2017-12-20 23:57 - 2017-12-20 23:58 - 000000000 ____D C:\rei
2017-12-20 23:41 - 2017-12-23 17:30 - 000000121 _____ C:\Windows\Reimage.ini
2017-12-20 23:30 - 2017-12-20 23:30 - 000605424 _____ (Reimage) C:\Users\Kayla\Downloads\ReimageRepair.exe
2017-12-19 08:25 - 2017-12-19 08:25 - 000109089 _____ C:\Users\Kayla\Downloads\archive.zip
2017-12-19 01:21 - 2017-12-19 01:22 - 083316440 _____ (Malwarebytes ) C:\Users\Kayla\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-19 00:51 - 2017-12-19 00:51 - 000000000 ____D C:\found.001
2017-12-15 07:44 - 2011-06-26 00:45 - 000256000 _____ C:\Windows\PEV.exe
2017-12-15 07:44 - 2010-11-07 11:20 - 000208896 _____ C:\Windows\MBR.exe
2017-12-15 07:44 - 2009-04-19 22:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-12-15 07:44 - 2000-08-30 18:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-12-15 07:44 - 2000-08-30 18:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-12-15 07:44 - 2000-08-30 18:00 - 000098816 _____ C:\Windows\sed.exe
2017-12-15 07:44 - 2000-08-30 18:00 - 000080412 _____ C:\Windows\grep.exe
2017-12-15 07:44 - 2000-08-30 18:00 - 000068096 _____ C:\Windows\zip.exe
2017-12-15 07:35 - 2017-12-15 07:36 - 005659243 ____R (Swearware) C:\Users\Kayla\Desktop\ComboFix.exe
2017-12-13 23:12 - 2017-12-26 11:49 - 000000000 ____D C:\Windows\pss
2017-12-13 20:22 - 2017-12-21 00:17 - 000000000 ____D C:\Users\Kayla\Desktop\error
2017-12-13 20:22 - 2017-12-13 20:22 - 001434504 _____ (Microsoft Corporation) C:\Users\Kayla\Downloads\NDP471-KB4033344-Web (1).exe
2017-12-12 23:43 - 2017-12-12 23:44 - 134500624 _____ (Microsoft Corporation) C:\Users\Kayla\Downloads\msert.exe
2017-12-12 23:41 - 2017-12-12 23:41 - 000000000 ____D C:\$Windows.~WS
2017-12-12 23:40 - 2017-12-12 23:40 - 018617536 _____ (Microsoft Corporation) C:\Users\Kayla\Downloads\MediaCreationTool.exe
2017-11-30 08:39 - 2017-11-30 08:39 - 000010679 _____ C:\Users\Kayla\Desktop\Book1.xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-30 10:38 - 2017-02-01 21:35 - 000000000 ____D C:\Users\Kayla\AppData\Roaming\5kplayer
2017-12-30 09:44 - 2009-07-13 22:45 - 000013664 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-30 09:44 - 2009-07-13 22:45 - 000013664 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-25 08:11 - 2009-07-13 23:13 - 000785536 _____ C:\Windows\System32\PerfStringBackup.INI
2017-12-25 08:11 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2017-12-25 02:19 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-22 16:19 - 2017-09-17 15:55 - 000000000 ____D C:\Qoobox
2017-12-21 00:16 - 2017-11-20 12:21 - 000000000 ____D C:\Users\Kayla\Desktop\North Face
2017-12-19 01:29 - 2009-07-13 20:34 - 000000215 _____ C:\Windows\system.ini
2017-12-19 00:02 - 2017-09-17 15:54 - 000000000 ____D C:\Windows\erdnt
2017-12-18 00:36 - 2016-11-25 22:30 - 000000000 ____D C:\Users\Kayla\Desktop\(MD Links)
2017-12-13 08:22 - 2016-12-17 12:14 - 000000000 ____D C:\Program Files (x86)\Garmin
2017-12-12 08:25 - 2017-08-29 00:54 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-12 08:25 - 2017-08-29 00:54 - 000002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk
 
Some files in TEMP:
====================
2017-12-20 23:57 - 2017-12-20 23:57 - 014769392 _____ (Reimage) C:\Users\Kayla\AppData\Local\Temp\ReimagePackage.exe
2017-10-26 02:07 - 2017-10-26 02:07 - 000488960 _____ () C:\Users\Kayla\AppData\Local\Temp\sqlite3.exe
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
safeboot: Network => The system is configured to boot to Safe Mode <==== ATTENTION
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 12%
Total physical RAM: 5942.69 MB
Available physical RAM: 5208.33 MB
Total Virtual: 5940.84 MB
Available Virtual: 5205.52 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:581.42 GB) (Free:90.47 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:14.65 GB) (Free:8.16 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Removable) (Total:7.45 GB) (Free:4.09 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: D0487305)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
LastRegBack: 2017-12-19 20:20
 
==================== End of FRST.txt ============================

  • 0

#6
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,198 posts
Hi itm7,

Thank you for the log. This system is reversely outdated. There is no service pack 1 (SP1) installed and you still have IE8. Internet explorer on Win7 should be at IE11.

Are there any personal files on this laptop that your son just can not live without? I see that there is a hidden recovery partition and if need be, we could restore to factory condition.

It looks like ComboFix was ran. See if you can get to the desktop in safe mode and transfer the Combo Fix log to the USB and post it in your next reply. I don't see any serious infection in the logs so I am wondering if this might be a hard ware problem.

Also, go here and click on How to Enter the Built-in Diagnostics (ePSA and PSA) to follow the instructions to run Dell's built in diagnostics and share with me the results.
  • 0

#7
itm7

itm7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Here is the combofix log:

ComboFix 17-12-11.01 - Kayla 12/18/2017  23:24:27.6.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.5943.3988 [GMT -8:00]
Running from: c:\users\Kayla\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2017-11-19 to 2017-12-19  )))))))))))))))))))))))))))))))
.
.
2017-12-19 07:29 . 2017-12-19 07:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2017-12-19 07:29 . 2017-12-19 07:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-12-19 06:51 . 2017-12-19 06:51 -------- d-----w- C:\found.001
2017-12-19 01:18 . 2017-11-18 00:30 13899592 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29424275-54C9-49B8-A316-730A90DA3CAD}\mpengine.dll
2017-12-13 05:41 . 2017-12-13 05:41 -------- d-----w- C:\$Windows.~WS
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-11-20 20:32 . 2010-11-12 04:54 545440 ------w- c:\windows\system32\MpSigStub.exe
2017-11-18 00:30 . 2010-11-13 17:20 13899592 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2016-11-09 05:39 10824 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\OVO2\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\ooVoo_Video_Chat\prxtbooVo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files (x86)\ooVoo_Video_Chat\prxtbooVo.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\OVO2\Passport.dll" [2016-11-09 10824]
.
[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2017-10-09 1421224]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2017-02-08 9363672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2015-06-24 231776]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2015-09-12 157456]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2015-06-24 518496]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-03-21 60712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"5KPlayer.exe"="c:\program files (x86)\DearMob\5KPlayer\5KPlayer.exe" [2017-01-03 4188560]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2016-11-09 1928776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2017-10-09 1421224]
.
c:\users\Kayla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk /p \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe EXPRESS;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe EXPRESS [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.search.ask.com/?tpid=OVO2&o=APN10379&pf=V5&trgb=IE,CR&p2=%5EABE%5EYYYYYY%5EYY%5EUS&gct=hp&apn_ptnrs=%5EABE&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=cr_17.0.963.46&apn_uid=9e4412f3-b9cf-4095-bb4e-7e8d54eac215&itbv=12.15.5.987&doi=2012-02-11&psv=&pt=tb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - (no file)
.
.
.
Completion time: 2017-12-18  23:31:22
ComboFix-quarantined-files.txt  2017-12-19 07:31
ComboFix2.txt  2017-12-19 06:05
ComboFix3.txt  2017-12-15 13:53
ComboFix4.txt  2017-12-14 03:48
ComboFix5.txt  2017-12-19 07:22
.
Pre-Run: 96,942,379,008 bytes free
Post-Run: 96,914,317,312 bytes free
.
- - End Of File - - 1AA4710221C9207E674165A52FFB43CC

  • 0

#8
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,198 posts
ok. Nothing serious found there. Check out that link concerning the diagnostics. The error code you posted in your first post has been associated with failing hardware (HDD/RAM)..
  • 0

#9
itm7

itm7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi Donna-

After running the Dell Diagnostics, one test showed as fail:

Hard Drive - DST Short Test

Test Results: Fail

Error Code 2000-0146

 

Thanks!


  • 0

#10
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,198 posts
Hi itm7,

Darn! I was afraid of that. The techs in the Hardware, Components and Peripherals forum would be more than happy to help guide you through the process of replacing the hard drive if you like. Or if you feel your are not tech savvy, call around to your local tech shops and compare prices.

Keep me informed to what you decide to do... :)

If you choose to give it a go yourself, go ahead and start a topic in the forum above for guidance. Once you make your decision I will close this topic.

Donna :)
  • 0

#11
itm7

itm7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi Donna-  Is there any remote possibility that it's something other than a hard drive replacement?  :)


  • 0

#12
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,198 posts
I have a lot of faith in the built in diagnostic utilities, though there are many other tests that could be performed to confirm the results/my suspicions.

You could try running a chkdsk scan from within the safe mode options. To do that, please click on the link below and scroll down to Method 2 ~ Through the Command Prompt:

https://www.wikihow....Chkdsk-Function

Follow the instructions given except when you get to where you type in the chkdsk command, make sure to type in:

chkdsk /r

The /r parameter/switch searches for bad sectors, recovers readable information and fixes errors on the disk. Typing in chkdsk only will do nothing but check the disk and not fix errors found.

The techs have other tests you can run that I am not familiar with if you would like to start a topic in the hardware forum and ask for a second opinion. :)
  • 0

#13
itm7

itm7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Thanks Donna!  I've been attempting to run chkdsk /r but after a few minutes it get hung up.  Any other thoughts?  I try again tonight. Thanks so much!   


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP