Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Maybe infected, but just soo slow [Closed]

Started by scraig1623 , Jul 05 2015 11:06 PM
malware and memory

  • This topic is locked This topic is locked

#1
scraig1623
Posted 05 July 2015 - 11:06 PM

scraig1623

    New Member

  • Member
  • Pip
  • 1 posts

i'm just looking to see if there is anything i can do to speed this laptop up.  i do a lot with Windows Media and it is just so slow and late to get going.  Thanks to anyone who can help

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015
Ran by Steve (administrator) on STEVE-PC on 05-07-2015 21:47:26
Running from C:\Users\Steve\Downloads
Loaded Profiles: Steve (Available Profiles: Steve)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\Mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\MPF\MpfSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\MPS\mps.exe
(McAfee Inc.) C:\Program Files\McAfee\MSK\msksrver.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee\MPS\mpsevh.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\mcmscsvc.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcsysmon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\mcuimgr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
() C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_190_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-16] (Synaptics, Inc.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-13] (Google)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [40072 2007-04-17] (soft thinks)
HKU\S-1-5-21-803311626-1204641325-531688224-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_190_ActiveX.exe [927920 2015-06-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-803311626-1204641325-531688224-1000\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-803311626-1204641325-531688224-1000\...\MountPoints2: {14d70d50-cdb0-11dc-bbfd-00e0b8c7618e} - G:\LaunchU3.exe -a
HKU\S-1-5-21-803311626-1204641325-531688224-1000\...\MountPoints2: {1a711794-caa2-11df-83f2-00e0b8c7618e} - F:\setupSNK.exe
HKU\S-1-5-21-803311626-1204641325-531688224-1000\...\MountPoints2: {2a695bf2-7159-11dc-8321-806e6f6e6963} - F:\setupSNK.exe
HKU\S-1-5-21-803311626-1204641325-531688224-1000\...\MountPoints2: {8859c5fd-4e7a-11e0-ad3c-00e0b8c7618e} - G:\LaunchU3.exe -a
HKU\S-1-5-21-803311626-1204641325-531688224-1000\...\MountPoints2: {af6f99a9-29e5-11dc-a836-806e6f6e6963} - E:\Intellimover\Setup.exe
HKU\S-1-5-21-803311626-1204641325-531688224-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2008-01-19] (Microsoft Corporation)
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-09-13] (Google)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [.DEFAULT] => http=127.0.0.1:49319;https=127.0.0.1:49319
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...ys=PTB&M=MT6840
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...ys=PTB&M=MT6840
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ys=PTB&M=MT6840
HKU\S-1-5-21-803311626-1204641325-531688224-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {6CBD8C91-9CEF-4FDC-8BF7-B02786E68262} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-803311626-1204641325-531688224-1000 -> DefaultScope {4BFFCE6B-A7CC-4FEB-A442-73AB5D738BD0} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-803311626-1204641325-531688224-1000 -> {4BFFCE6B-A7CC-4FEB-A442-73AB5D738BD0} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-803311626-1204641325-531688224-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...?q={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-06-08] (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-06-08] (Google Inc.)
Toolbar: HKU\S-1-5-21-803311626-1204641325-531688224-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-06-08] (Google Inc.)
Toolbar: HKU\S-1-5-21-803311626-1204641325-531688224-1000 -> MP3 Rocket Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-19] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100 192.168.1.1
Tcpip\..\Interfaces\{9E2ABAAB-B374-4D78-8ACC-EF80511F5363}: [DhcpNameServer] 208.180.42.68 208.180.42.100 192.168.1.1
Tcpip\..\Interfaces\{AA89B56D-2D05-4CC9-A49A-80C6E5A6F37E}: [DhcpNameServer] 24.121.85.2
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\9uaag50t.default
FF SelectedSearchEngine: Vosteran
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @emusic.com/dlm-plugin -> C:\Program Files\eMusic Download Manager\plugin\npemusic.dll [2010-01-20] (eMusic.com)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [2013-09-06] (McAfee, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-08] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-803311626-1204641325-531688224-1000: @emusic.com/dlm-plugin -> C:\Program Files\eMusic Download Manager\plugin\npemusic.dll [2010-01-20] (eMusic.com)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011-08-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-01-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-01-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-01-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-01-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-01-08] (Apple Inc.)
FF SearchPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\9uaag50t.default\searchplugins\ixquick-https.xml [2014-02-13]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2013-05-25]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\9uaag50t.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-29]
FF Extension: Firebug - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\9uaag50t.default\Extensions\[email protected] [2014-02-13]
FF Extension: SaveFrom.net helper - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\9uaag50t.default\Extensions\[email protected] [2014-02-14]
FF Extension: MP3 Rocket Downloader - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\9uaag50t.default\Extensions\[email protected] [2012-12-20]
FF Extension: Win on Quibids & DealDash - BidNinja PlugIn - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\9uaag50t.default\Extensions\{68b75e63-7ac2-4987-9b29-62fa5436dac9}.xpi [2014-02-14]
FF Extension: YouTube High Definition - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\9uaag50t.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-02-13]
FF Extension: Web Developer - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\9uaag50t.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-02-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-11]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2008-10-08]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-18]
CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-18]
CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-18]
CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-18]
CHR Extension: (SiteAdvisor) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-07-18]
CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-18]
CHR Extension: (roockketdeAL) - C:\ProgramData\jlhcapempabbopjacghoiolkjhedojgm\ []
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-02-11]
CHR HKLM\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
CHR HKU\S-1-5-21-803311626-1204641325-531688224-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [Äÿ] - No Path Or update_url value

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0027301435165271mcinstcleanup; C:\Windows\TEMP\002730~1.EXE [883024 2015-05-04] (McAfee, Inc.)
R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-12] (Symantec Corporation)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2007-09-06] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2007-09-06] (Symantec Corporation)
R2 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2007-09-06] (Symantec Corporation)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-13] (Google)
R2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [81920 2006-09-29] (Intel Corporation) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2015-06-04] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\McAfee\MSC\mcmscsvc.exe [767976 2008-01-09] (McAfee, Inc.)
R2 McNASvc; c:\program files\common files\mcafee\mna\mcnasvc.exe [2458128 2008-01-25] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [378184 2007-11-07] (McAfee, Inc.)
R2 McProxy; c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe [359248 2007-08-15] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan\Mcshield.exe [144704 2007-07-24] (McAfee, Inc.)
R3 McSysmon; C:\Program Files\McAfee\VirusScan\mcsysmon.exe [695624 2007-12-05] (McAfee, Inc.)
R2 MpfService; C:\Program Files\McAfee\MPF\MPFSrv.exe [856864 2007-07-18] (McAfee, Inc.)
R2 MPS9; C:\Program Files\McAfee\MPS\mps.exe [906792 2007-04-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\McAfee\MSK\MskSrver.exe [29264 2007-01-17] (McAfee Inc.)
R3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1245064 2008-03-09] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 9582e614; "C:\Windows\system32\rundll32.exe" "c:\Program Files\LinkModule\LinkModule.dll",serv
S2 bfc22a88; "C:\Windows\system32\rundll32.exe" "c:\Program Files\EngineRunner\EngineRunner.dll",serv

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-02] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-24] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79304 2007-11-22] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35240 2007-11-22] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [201320 2007-11-22] (McAfee, Inc.)
R3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [33832 2007-11-22] (McAfee, Inc.)
R3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40488 2007-12-02] (McAfee, Inc.)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [125728 2007-07-13] (McAfee, Inc.)
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [47488 2014-02-13] (NetFilterSDK.com) [File not signed]
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [418864 2007-07-31] (Symantec Corporation)
S3 SRS_AE_Service; C:\Windows\System32\drivers\SRS_AE_i386.sys [407368 2012-06-21] ()
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [649216 2007-01-02] (SigmaTel, Inc.)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124464 2009-01-07] (Symantec Corporation)
S3 Wdm1; C:\Windows\System32\Drivers\usbbc.sys [15576 2004-05-13] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-05 21:47 - 2015-07-05 21:49 - 00020447 _____ C:\Users\Steve\Downloads\FRST.txt
2015-07-05 21:45 - 2015-07-05 21:47 - 00000000 ____D C:\FRST
2015-07-05 21:43 - 2015-07-05 21:45 - 01636352 _____ (Farbar) C:\Users\Steve\Downloads\FRST.exe
2015-06-29 22:21 - 2015-06-29 22:23 - 74261938 _____ C:\Users\Steve\Downloads\Matt White - Shirley.zip
2015-06-10 03:17 - 2015-05-21 07:22 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 03:17 - 2015-04-24 08:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 03:16 - 2015-05-08 16:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 03:02 - 2015-05-04 15:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 03:02 - 2015-05-04 15:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 03:02 - 2015-05-04 15:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 03:02 - 2015-05-04 15:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 03:02 - 2015-05-04 14:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-09 20:50 - 2015-05-30 17:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 20:50 - 2015-05-30 16:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 20:50 - 2015-05-30 16:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 20:50 - 2015-05-30 16:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 20:50 - 2015-05-30 16:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 20:50 - 2015-05-30 16:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 20:50 - 2015-05-30 16:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 20:50 - 2015-05-30 16:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 20:50 - 2015-05-30 16:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 20:50 - 2015-05-30 16:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 20:50 - 2015-05-30 16:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 20:50 - 2015-05-30 16:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-09 20:50 - 2015-05-30 16:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-09 20:50 - 2015-05-30 16:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 20:50 - 2015-05-30 16:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-09 20:50 - 2015-05-30 16:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-09 20:50 - 2015-05-30 16:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-09 20:50 - 2015-05-30 16:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-09 20:50 - 2015-05-30 16:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 20:50 - 2015-05-30 16:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 20:50 - 2015-05-30 16:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-09 20:50 - 2015-05-30 16:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-05 21:41 - 2006-11-02 05:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-05 21:41 - 2006-11-02 05:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-05 21:38 - 2013-06-18 22:37 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-05 21:22 - 2013-10-19 21:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-05 11:07 - 2013-06-18 22:37 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-05 10:54 - 2007-07-03 22:37 - 00078701 _____ C:\Windows\system32\Config.MPF
2015-07-04 01:32 - 2007-05-22 15:09 - 01507067 _____ C:\Windows\WindowsUpdate.log
2015-07-02 21:35 - 2006-11-02 03:33 - 00758854 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-02 21:34 - 2015-03-22 19:18 - 00004009 _____ C:\Windows\setupact.log
2015-07-01 01:00 - 2007-05-22 15:31 - 00000368 _____ C:\Windows\Tasks\McQcTask.job
2015-06-29 20:44 - 2008-03-09 17:58 - 00000292 _____ C:\Windows\Tasks\Norton SystemWorks One Button Checkup.job
2015-06-24 14:54 - 2014-06-25 22:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-24 14:52 - 2007-08-05 19:36 - 00001466 _____ C:\Users\Steve\AppData\Roaming\wklnhst.dat
2015-06-24 14:50 - 2008-10-12 19:57 - 00000000 ____D C:\Users\Steve\Incomplete
2015-06-24 10:00 - 2007-05-22 15:31 - 00000000 ____D C:\ProgramData\McAfee
2015-06-24 10:00 - 2007-05-22 15:31 - 00000000 ____D C:\Program Files\McAfee
2015-06-23 22:22 - 2013-10-19 21:51 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-23 22:22 - 2013-10-19 21:51 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-22 15:43 - 2013-07-04 22:47 - 00001931 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-20 19:33 - 2010-06-28 18:44 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-06-20 19:32 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-19 22:51 - 2006-11-02 06:01 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-15 21:16 - 2008-01-14 08:39 - 00000000 ____D C:\Users\Steve\AppData\Local\Adobe
2015-06-10 20:10 - 2013-08-14 03:17 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 03:59 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\rescache
2015-06-10 03:38 - 2006-11-02 05:47 - 00304240 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 03:06 - 2006-11-02 03:24 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-06-09 20:10 - 2015-03-21 20:15 - 00071030 _____ C:\Windows\PFRO.log

==================== Files in the root of some directories =======

2014-12-01 01:33 - 2015-03-22 19:16 - 0000053 _____ () C:\Users\Steve\AppData\Roaming\LogFile.txt
2014-12-12 09:43 - 2014-12-17 20:01 - 0000156 _____ () C:\Users\Steve\AppData\Roaming\WB.CFG
2007-08-05 19:36 - 2015-06-24 14:52 - 0001466 _____ () C:\Users\Steve\AppData\Roaming\wklnhst.dat
2009-04-24 08:32 - 2009-04-24 08:32 - 0000680 _____ () C:\Users\Steve\AppData\Local\d3d9caps.dat
2007-07-03 22:47 - 2015-05-11 22:47 - 0022016 _____ () C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-13 22:43 - 2014-12-17 20:02 - 0000001 _____ () C:\Users\Steve\AppData\Local\DSI.DAT
2014-12-18 18:46 - 2015-03-22 20:21 - 0005581 _____ () C:\ProgramData\LUUnInstall.LiveUpdate

Some files in TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\CloudBackup2155.exe
C:\Users\Steve\AppData\Local\Temp\symlcsv1.exe
C:\Users\Steve\AppData\Local\Temp\vcredist_x86.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-20 19:52

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015
Ran by Steve at 2015-07-05 21:50:01
Running from C:\Users\Steve\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-803311626-1204641325-531688224-500 - Administrator - Disabled)
Guest (S-1-5-21-803311626-1204641325-531688224-501 - Limited - Disabled)
Steve (S-1-5-21-803311626-1204641325-531688224-1000 - Administrator - Enabled) => C:\Users\Steve

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan (Enabled - Out of date) {2A28CCAF-2E53-0F80-A82C-9572D1C24D8C}
AS: McAfee VirusScan (Enabled - Up to date) {91492D4B-0869-000E-929C-AE00AA450731}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall (Enabled) {12134D8A-643C-0ED8-8373-3C472F110AF7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Actiontec Gateway (HKLM\...\{9692FD03-6662-4E62-B08C-30DFF51651E1}) (Version:  - )
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.4.13090 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.7.0.0 - Ask.com) <==== ATTENTION
Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
BigFix (HKLM\...\{34FF0741-EC67-4C05-AC2A-6D257123DF2E}) (Version: 2.1.1.03 - BigFix)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
ccCommon (Version: 106.3.4.6 - Symantec) Hidden
Component Framework (Version: 2006.1.2.4 - Symantec Corporation) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
eMusic Download Manager 4.1.4 (HKLM\...\eMusic Download Manager) (Version: 4.1.4 - eMusic, Inc.)
File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Gateway Connect (HKLM\...\{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}) (Version: 1.1.0 - Acceller)
Gateway Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.025 - Gateway)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051F0}) (Version: 7.0.510 - Oracle)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java™ SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
Linkit_eBay (HKLM\...\{91B3BEC8-748B-4912-82ED-29D38E140B2A}) (Version: 1.0.0 - Gateway)
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
McAfee SecurityCenter (HKLM\...\MSC) (Version:  - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.235 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Digital Image Starter Edition 2006 (HKLM\...\PictureItSuiteTrial_v12) (Version: 11.0.2018 - Microsoft Corporation)
Microsoft Money 2006 (HKLM\...\Money2006b) (Version: 15 - Microsoft)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version:  - )
Mozilla Firefox 24.0 (x86 en-US) (HKLM\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
MP3 Rocket (HKLM\...\MP3 Rocket) (Version: 7.3.1 PRO - MP3 Rocket Inc)
MSRedist (Version: 1.0.0.0 - Symantec Corporation) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Cleanup (Version: 1.0.0 - Symantec Corporation) Hidden
Norton Protection Center (Version: 2.4.0.2 - Symantec Corporation) Hidden
Norton SystemWorks (Symantec Corporation) (HKLM\...\SymSetup.{71E7B3F5-CFAF-4C1E-B494-528E28707937}) (Version: 11.0.0.67 - Symantec Corporation)
Norton SystemWorks (Version: 1.0.0 - Symantec Corp.) Hidden
Norton SystemWorks (Version: 11.0.0.67 - Symantec Corporation) Hidden
Norton Utilities (Version: 21.0.0.0 - <no manufacturer>) Hidden
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
QuickConnect (HKLM\...\{4998FF95-709A-430A-B104-92A009ABB848}) (Version: 3.2 - Qwest)
QuickConnect (Version: 3.2 - Qwest) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5003.0 - SigmaTel)
SPBBC 32bit (Version: 3.3.3.15 - Symantec Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.3.0 - Synaptics)
SyncPlaylist (HKLM\...\SyncPlaylist) (Version:  - )
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}) (Version: 2.00.0000 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0000 - Texas Instruments Inc.) Hidden
Web Easy Professional (Version: 8.0.0 - Avanquest) Hidden
Web Easy Professional 8 (HKLM\...\{A6806D86-BFF3-49CD-8E2B-87BB3507E53F}) (Version: 8 - Avanquest)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E4}) (Version: 19.0.11293 - WinZip Computing, S.L. )
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-803311626-1204641325-531688224-1000_Classes\CLSID\{16C8C46E-C811-4977-BF0A-B5CC1FA78D95}\InprocServer32 -> C:\Users\Steve\AppData\Local\AskToolbar\Downloaded Program Files\xaddon.dll (Ask.com)
CustomCLSID: HKU\S-1-5-21-803311626-1204641325-531688224-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)

==================== Restore Points =========================

18-06-2015 00:00:09 Scheduled Checkpoint
19-06-2015 09:34:49 Windows Update
22-06-2015 10:39:55 Scheduled Checkpoint
23-06-2015 00:42:29 Scheduled Checkpoint
23-06-2015 01:34:55 Windows Update
24-06-2015 04:42:33 Scheduled Checkpoint
26-06-2015 10:50:54 Windows Update
28-06-2015 00:51:46 Scheduled Checkpoint
30-06-2015 08:14:03 Windows Update
03-07-2015 21:19:58 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06C3DC2C-091D-4684-B593-8F049A10F786} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {099449D4-21FF-40B0-BB2B-CDF3307E8683} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3D9D2B7F-491B-4591-8B85-CAC238437686} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {40EF9C7D-F747-48A5-B04D-FE3A6FE658EC} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Steve => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)
Task: {47000FEB-371A-45BA-B69B-55765947D0FB} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
Task: {55B9DD3F-198F-44E9-8B31-6DD69162B1D9} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {903D9F96-69DF-4E02-AB57-9C616D7A33AA} - System32\Tasks\McQcTask => c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04] (McAfee, Inc.)
Task: {B40E2D7C-3C84-4E07-82E5-EFE6D5056CD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {B9EE8B9B-B1A6-4575-ACF4-6ED860A1BEE8} - System32\Tasks\McDefragTask => c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04] (McAfee, Inc.)
Task: {C7E0A75F-782F-4CA4-97B0-D15ED80B1129} - \RocketTab No Task File <==== ATTENTION
Task: {D397074C-0DE5-47E3-8826-640C1E7DD00E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
Task: {EF08378F-1849-4A96-96F2-62D1F926FC72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {FA7C276B-2653-42FE-849F-0BFDD8BCBDF7} - System32\Tasks\Norton SystemWorks One Button Checkup => C:\Program Files\Norton SystemWorks\OBC.exe [2007-09-18] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\McDefragTask.job => c:\program files\mcafee\mqc\QcConsol.exe C:\Windows\system32\defrag.exe
Task: C:\Windows\Tasks\McQcTask.job => c:\program files\mcafee\mqc\QcConsol.exe
Task: C:\Windows\Tasks\Norton SystemWorks One Button Checkup.job => C:\Program Files\Norton SystemWorks\OBC.exe
Task: C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-03-25 15:25 - 2009-02-13 12:44 - 00117264 _____ () c:\Program Files\McAfee\SiteAdvisor\apengine.dll
2009-03-25 15:25 - 2009-02-13 12:44 - 00071696 _____ () c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
2009-03-25 15:25 - 2009-02-13 12:44 - 00207376 _____ () c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
2006-11-02 03:25 - 2006-12-11 19:04 - 00061440 _____ () C:\Windows\system32\igfxTMM.dll
2007-05-22 15:52 - 2006-12-11 19:01 - 00077824 _____ () C:\Windows\system32\hccutils.DLL
2007-05-22 15:52 - 2006-12-11 19:01 - 00077824 _____ () C:\Windows\System32\hccutils.DLL
2008-03-09 17:57 - 2008-03-09 17:57 - 01245064 _____ () C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
2008-03-09 17:57 - 2008-03-09 17:57 - 00359280 _____ () C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-803311626-1204641325-531688224-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
DNS Servers: 208.180.42.68 - 208.180.42.100

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: BigFix => c:\program files\Bigfix\bigfix.exe /atstartup
MSCONFIG\startupreg: ccApp => "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
MSCONFIG\startupreg: IAAnotif => "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
MSCONFIG\startupreg: mcagent_exe => C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
MSCONFIG\startupreg: MskAgentexe => C:\Program Files\McAfee\MSK\MskAgent.exe
MSCONFIG\startupreg: NapsterShell => C:\Program Files\Napster\napster.exe /systray
MSCONFIG\startupreg: SMSERIAL => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Zune Launcher => "c:\Program Files\Zune\ZuneLauncher.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{26DF1F0E-2613-48BA-A6D2-EA8F7ACEC3A5}] => (Allow) C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [TCP Query User{6DFD7A23-6007-462B-B2D5-BF618CB1BD47}C:\program files\java\jre1.6.0_01\bin\javaw.exe] => (Allow) C:\program files\java\jre1.6.0_01\bin\javaw.exe
FirewallRules: [UDP Query User{D13AB16C-4AD6-40E9-8F6E-481157484B95}C:\program files\java\jre1.6.0_01\bin\javaw.exe] => (Allow) C:\program files\java\jre1.6.0_01\bin\javaw.exe
FirewallRules: [TCP Query User{5476EAEE-EA26-4C3E-B873-8E099F16306F}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{A4A364D4-1F81-452D-B14E-64AF291FC045}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{EE3462DD-5A5E-4552-883E-8631ECECAC92}] => (Allow) LPort=80
FirewallRules: [{D590A4EA-F88F-4379-9C6F-86C0889EED73}] => (Allow) LPort=80
FirewallRules: [{D570DFCD-15FE-4324-ABEC-BC812F7C3CED}] => (Allow) LPort=80
FirewallRules: [{6AF01368-C874-4C7A-A8EA-001E2473B60F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{76FFFFC0-6031-4C13-8AC9-F7EBB9FCC23E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3CC91E0A-5A4F-4519-B129-F0B9B81556E5}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{B09BB7DB-FFB9-4365-B625-835D86425FBB}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{44708566-0D8E-4DFD-B315-C694521F776B}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DE00C382-602F-4963-B211-21184BE799CC}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{F44A9E70-C308-4ECB-8DD6-B3F606C8FD99}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{0323EC69-B6D6-4E76-B36D-1E5F06C286B6}] => (Allow) C:\Program Files\Zune\ZuneNSS.exe
FirewallRules: [{77900878-F9FB-4060-8E57-CE8D3A8F78A7}] => (Allow) C:\Program Files\Zune\ZuneNSS.exe
FirewallRules: [{E0B9E04B-1132-48BA-817F-72AB0D35ACA0}] => (Allow) C:\Program Files\Zune\ZuneNSS.exe
FirewallRules: [{0EC8B065-90B7-432D-8179-7741FE6ACDE1}] => (Allow) C:\Program Files\Zune\ZuneNSS.exe
FirewallRules: [{C29FB5D8-F749-4A35-8A10-4855BC272922}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{9B9ACE99-3394-4A25-9A73-7206F796AA27}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{37780327-0402-421D-B40C-09C9BA2E7239}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{33601808-ABE5-4AEE-BFA3-40152A81880E}] => (Allow) C:\Program Files\Zune\ZuneNSS.exe
FirewallRules: [{2E0AF83D-84E6-4DB1-A280-14318C15DCA2}] => (Allow) C:\Program Files\Zune\ZuneNSS.exe
FirewallRules: [{14AE6783-057B-4CDB-9FE5-ED2AA3775FB3}] => (Allow) C:\Program Files\Zune\ZuneNSS.exe
FirewallRules: [{0EBE9945-9DA0-469C-8782-A4EC781AA61C}] => (Allow) C:\Program Files\Zune\ZuneNSS.exe
FirewallRules: [{F58D0DE5-0267-4F52-837B-45CFC401766B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{35F19A40-140B-4DC2-8DF7-5228B82553CB}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{52687018-A100-4BE0-B15C-C45DA22FDB45}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{DDD0C1E7-BF5F-4F83-AB2F-411E93AA3B23}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/05/2015 10:54:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46676809

Error: (07/05/2015 10:54:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46676809

Error: (07/05/2015 10:54:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/05/2015 10:54:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46661084

Error: (07/05/2015 10:54:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46661084

Error: (07/05/2015 10:54:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/05/2015 00:08:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7889017

Error: (07/05/2015 00:08:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7889017

Error: (07/05/2015 00:08:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/05/2015 00:07:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7873198

System errors:
=============
Error: (07/05/2015 01:03:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Symantec Core LC

Error: (07/05/2015 10:57:50 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Symantec Core LC

Error: (07/05/2015 10:57:20 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Symantec Core LC

Error: (07/05/2015 10:55:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Symantec Core LC

Error: (07/05/2015 10:54:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Symantec Core LC

Error: (07/05/2015 00:08:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Symantec Core LC

Error: (07/05/2015 00:06:22 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Symantec Core LC

Error: (07/05/2015 00:05:54 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Error: (07/04/2015 09:57:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Symantec Core LC

Error: (07/04/2015 09:55:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Symantec Core LC

Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-07-05 21:48:48.011
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-05 21:48:47.530
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-05 21:48:47.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-05 21:48:46.438
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-24 15:17:11.826
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-24 15:17:11.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-24 15:17:10.792
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-24 15:17:10.283
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-24 15:17:09.774
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-06-24 15:17:09.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ Duo CPU T2450 @ 2.00GHz
Percentage of memory in use: 93%
Total physical RAM: 1013.45 MB
Available physical RAM: 68.92 MB
Total Virtual: 2562.91 MB
Available Virtual: 645.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:138.6 GB) (Free:68.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.45 GB) (Free:4.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Intellimover) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
Drive f: ( SEA DISC () (Fixed) (Total:149.01 GB) (Free:19.22 GB) FAT32
Drive g: (My Book) (Fixed) (Total:298.09 GB) (Free:10.98 GB) NTFS
Drive h: () (Removable) (Total:7.66 GB) (Free:7.17 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 71F58DC5)
Partition 1: (Not Active) - (Size=10.4 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=138.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: 0000B084)
Partition 1: (Not Active) - (Size=149 GB) - (Type=0C)

========================================================
Disk: 2 (Size: 298.1 GB) (Disk ID: 44FDFE06)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 232.9 GB) (Disk ID: 1FAB08BA)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=AF)

========================================================
Disk: 4 (Size: 7.7 GB) (Disk ID: A5D78BC7)
Partition 1: (Not Active) - (Size=7.7 GB) - (Type=0B)

==================== End of log ============================

 

 


  • 0

Advertisements

#2
Valinorum
Posted 06 July 2015 - 04:59 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Await my reply.
  • 0

#3
Valinorum
Posted 06 July 2015 - 05:17 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi scraig1623, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 

Please uninstall Google Chrome as it has been patched to developers' mode.


 
  • Step #1 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
    • Ask Toolbar

 
  • Step #2 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKU\S-1-5-21-803311626-1204641325-531688224-1000\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-803311626-1204641325-531688224-1000\...\MountPoints2: {14d70d50-cdb0-11dc-bbfd-00e0b8c7618e} - G:\LaunchU3.exe -a
HKU\S-1-5-21-803311626-1204641325-531688224-1000\...\MountPoints2: {1a711794-caa2-11df-83f2-00e0b8c7618e} - F:\setupSNK.exe
HKU\S-1-5-21-803311626-1204641325-531688224-1000\...\MountPoints2: {2a695bf2-7159-11dc-8321-806e6f6e6963} - F:\setupSNK.exe
HKU\S-1-5-21-803311626-1204641325-531688224-1000\...\MountPoints2: {8859c5fd-4e7a-11e0-ad3c-00e0b8c7618e} - G:\LaunchU3.exe -a
HKU\S-1-5-21-803311626-1204641325-531688224-1000\...\MountPoints2: {af6f99a9-29e5-11dc-a836-806e6f6e6963} - E:\Intellimover\Setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: [.DEFAULT] => http=127.0.0.1:49319;https=127.0.0.1:49319
SearchScopes: HKLM -> DefaultScope {6CBD8C91-9CEF-4FDC-8BF7-B02786E68262} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
C:\Users\Steve\AppData\Local\Google\Chrome
C:\Program Files\Google\Chrome
CustomCLSID: HKU\S-1-5-21-803311626-1204641325-531688224-1000_Classes\CLSID\{16C8C46E-C811-4977-BF0A-B5CC1FA78D95}\InprocServer32 -> C:\Users\Steve\AppData\Local\AskToolbar\Downloaded Program Files\xaddon.dll (Ask.com)
Task: {06C3DC2C-091D-4684-B593-8F049A10F786} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {3D9D2B7F-491B-4591-8B85-CAC238437686} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files\MyPC Backup
C:\Program Files\Ask.com
Task: {47000FEB-371A-45BA-B69B-55765947D0FB} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
c:\program files\common files\sparktrust
Task: {55B9DD3F-198F-44E9-8B31-6DD69162B1D9} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {C7E0A75F-782F-4CA4-97B0-D15ED80B1129} - \RocketTab No Task File <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
CMD: bitsadmin /reset /allusers
End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Required Log(s):
    • FRST Fix Log
Regards,
Valinorum
  • 0

#4
Valinorum
Posted 10 July 2015 - 01:11 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP