Win8.1: NortonAV and Windows Firewall won't turn on and stay on (Samsung 780Z laptop)

[Tex Arcana]

Norton AV and Windows Firewall won't turn on and stay on

Win8.1 new upgrade, Samsung 780Z laptop (fairly new--Win8 originally). It's my granddaughter's, she uses it for Photoshop and photographic work. It had stopped connecting to the internet, which is why she asked me to look at it. I cleaned out a bunch of junk via Ccleaner, Spybot:S&D, and NortonAV, but there is something left that's preventing Windows Firewall and Norton from starting; and I cannot get them to start manually.

I'm not real familiar with Win8.x (I'm on the bottom of the learning curve), the last time I had a similar issue was with XP, and I've never had the issue with 7. I remember something about a removal tool, but that's it.

As of today, the laptop has been very sluggish and unresponsive, at first neither DDS nor SecurityCheck would run, DDS would come back with a "cannot run in compatibility mode" message, and SecurityCheck just hung up, couldn't even terminate it in TaskManager. Finally, a bunch of dialog boxes for both popped up, which I killed. I then killed everything except this browser before running them, and they seemed to run fine.

Any help will be most appreciated. TIA.



SecurityCheck:

Read More:

Results of screen317's Security Check version 0.99.83
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Adobe Reader 10.1.10 Adobe Reader out of Date!
Mozilla Firefox (29.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

DDS outputs:

dds.txt:

Read More:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17037
Run by chelsea at 14:17:38 on 2014-05-24
Microsoft Windows 8.1 6.3.9600.0.1252.1.1033.18.8079.5909 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\WINDOWS\system32\taskhostex.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files\Elantech\ETDTouch.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\System32\skydrive.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe
C:\Windows\System32\SettingSyncHost.exe
C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskhost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Windows\System32\WWAHost.exe
C:\WINDOWS\System32\Taskmgr.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.default-search.net?sid=498&aid=100&itype=n&ver=12386&tm=344&src=hmp
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://samsung13.msn.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyServer =
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ips\ipsbho.dll
uRun: [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe --startup
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr/200
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://virtualkitchenshowroom.homedepot.com/VS/Core/Player/2020PlayerAX_WEB_Win32.cab
TCP: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{3854EABA-7532-4D93-AE48-5C4C378C7470} : NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{39DE28AE-F68C-4BB4-99FB-6760BBDDC911} : NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{39DE28AE-F68C-4BB4-99FB-6760BBDDC911} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{B427550D-D3BE-429E-B3A3-50F4772E7195} : NameServer = 208.69.150.250,208.69.150.252
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /S3HpProtect
x64-Run: [RtHDVBg_SRSSA] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SRSSA
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\qpmcl0ij.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmpfd.sys [2014-5-22 36096]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-8-7 644968]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2014-3-18 39768]
R0 intmsd;IntelliMemory Storage Filter Driver;C:\WINDOWS\System32\drivers\intmsd.sys [2013-1-14 104872]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2014-5-20 157016]
R1 {9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64;{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64;C:\WINDOWS\System32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys [2014-5-15 61112]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2013-8-22 76800]
R1 intmfs;IntelliMemory File System Filter Driver;C:\WINDOWS\System32\drivers\intmfs.sys [2013-1-14 29096]
R1 SymNetS;Symantec Network Security WFP Driver;C:\WINDOWS\System32\drivers\NISx64\1405000.01C\symnets.sys [2014-5-1 433752]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2014-5-22 239616]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2014-1-13 1198456]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2014-1-13 1161592]
R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2014-1-29 1593152]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2013-9-5 100104]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-1-14 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-1-14 169432]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe [2014-5-1 144368]
R2 SWUpdateService;SW Update Service;C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2014-4-4 3020632]
R3 acpials;ALS Sensor Filter;C:\WINDOWS\System32\drivers\acpials.sys [2014-3-18 9216]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\WINDOWS\System32\drivers\AmpPal.sys [2012-9-12 162344]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [2014-5-10 1530160]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\WINDOWS\System32\drivers\btmaux.sys [2013-11-7 140600]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\WINDOWS\System32\drivers\NISx64\1405000.01C\ccsetx64.sys [2014-5-1 169048]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-4-8 137648]
R3 ETD;Samsung TouchPad Input Device;C:\WINDOWS\System32\drivers\ETD.sys [2013-11-1 361264]
R3 ETDSMBus;ETDSMBus;C:\WINDOWS\System32\drivers\ETDSMBus.sys [2014-5-22 22832]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140523.001\IDSviA64.sys [2014-5-24 525016]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2013-9-9 449528]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2013-12-26 26008]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
R3 NETwNe64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\drivers\NETwew00.sys [2013-10-8 3345376]
R3 RadioHIDMini;Radio HID Mini-driver;C:\WINDOWS\System32\drivers\RadioHIDMini.sys [2012-11-13 23408]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\drivers\RtsUVStor.sys [2014-5-22 331992]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2014-5-22 827096]
R3 SensorsAlsDriver;UMDF Reflector service for SensorsAlsDriver;C:\WINDOWS\System32\drivers\WUDFRd.sys [2013-8-22 230912]
R3 SymDS;Symantec Data Store;C:\WINDOWS\System32\drivers\NISx64\1405000.01C\symds64.sys [2014-5-1 493656]
R3 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\System32\drivers\NISx64\1405000.01C\symefa64.sys [2014-5-1 1139800]
R3 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\drivers\NISx64\1405000.01C\ironx64.sys [2014-5-1 224416]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\WINDOWS\System32\drivers\usb3Hub.sys [2012-10-9 47072]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\WINDOWS\System32\drivers\xHCIPort.sys [2012-10-9 188896]
S0 SymELAM;Symantec ELAM Driver;C:\WINDOWS\System32\drivers\NISx64\1405000.01C\symelam.sys [2014-5-1 23448]
S2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2014-5-22 65640]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2013-8-22 782176]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2013-8-22 37768]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2013-8-22 37768]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2013-8-21 17624]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2014-3-18 226304]
S3 btmhsf;btmhsf;C:\WINDOWS\System32\drivers\btmhsf.sys [2013-12-11 1419576]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2013-8-21 24568]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2013-8-21 99320]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2013-8-22 651248]
S3 iBtFltCoex;iBtFltCoex;C:\WINDOWS\System32\drivers\iBtFltCoex.sys [2013-4-23 69088]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-5-22 169752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2014-3-18 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2013-12-26 38296]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 lfsvc;Windows Location Framework Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-8-22 37768]
S3 LSI_SAS3;LSI_SAS3;C:\WINDOWS\System32\drivers\lsi_sas3.sys [2013-8-21 81760]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc63.sys [2013-8-22 87040]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2014-3-18 924504]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2014-3-18 146776]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2013-8-22 37768]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2014-3-18 57176]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2013-8-22 26976]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2014-5-20 123224]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2014-5-20 347880]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2013-8-22 37768]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2013-8-22 37768]
S4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-9-12 731688]
S4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-15 135984]
S4 IntelliMemory;IntelliMemory;C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [2012-12-20 55720]
S4 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-2-28 174368]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-8-28 273136]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-5-19 1738200]
S4 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-5-19 2081752]
S4 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-5-19 171928]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2014-5-6 517096]
S4 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-8-28 3378416]
.
=============== Created Last 30 ================
.
2014-05-24 20:03:50 258224 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10240.bin
2014-05-24 19:55:51 -------- d-----w- C:\Users\chelsea\AppData\Roaming\Dropbox
2014-05-23 01:02:13 -------- dc-h--w- C:\ProgramData\{5B130DD6-48E9-4E5E-A5BD-45F6B4DF0602}
2014-05-23 01:02:06 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2014-05-23 01:02:06 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2014-05-23 01:01:48 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2014-05-23 01:01:38 -------- d-----w- C:\ProgramData\DDNi
2014-05-23 01:01:38 -------- d-----w- C:\Program Files (x86)\DDNi
2014-05-23 01:01:22 -------- dc-h--w- C:\ProgramData\{59F69B16-1A51-4796-B052-2F5E519860C3}
2014-05-23 01:01:21 -------- d-----w- C:\Users\chelsea\AppData\Local\III
2014-05-23 00:18:08 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2014-05-23 00:18:08 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-05-23 00:02:39 827096 ----a-w- C:\WINDOWS\System32\drivers\Rt630x64.sys
2014-05-23 00:02:39 74456 ----a-w- C:\WINDOWS\System32\RtNicProp64.dll
2014-05-23 00:01:54 22832 ----a-w- C:\WINDOWS\System32\drivers\ETDSMBus.sys
2014-05-23 00:01:39 -------- d-----w- C:\Users\chelsea\AppData\Local\Downloaded Installations
2014-05-23 00:00:32 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2014-05-22 23:59:32 -------- d-----w- C:\Users\chelsea\AppData\Roaming\Intel Corporation
2014-05-22 23:58:39 -------- d-----w- C:\WINDOWS\RSTLog
2014-05-22 23:43:54 -------- d-----w- C:\WINDOWS\LastGood.Tmp
2014-05-22 23:38:23 465624 ----a-w- C:\WINDOWS\System32\drivers\RtsPer.sys
2014-05-22 23:38:23 359128 ----a-w- C:\WINDOWS\System32\drivers\RtsPStor.sys
2014-05-22 23:38:23 331992 ----a-w- C:\WINDOWS\System32\drivers\RtsUVStor.sys
2014-05-22 23:38:23 313048 ----a-w- C:\WINDOWS\System32\drivers\RtsBaStor.sys
2014-05-22 23:38:23 291544 ----a-w- C:\WINDOWS\System32\drivers\RtsP2Stor.sys
2014-05-22 23:38:23 271064 ----a-w- C:\WINDOWS\System32\drivers\RtsUStor.sys
2014-05-22 23:38:22 9889352 ----a-w- C:\WINDOWS\SysWow64\RsCRIcon.dll
2014-05-21 16:25:04 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-05-20 23:59:21 -------- d-----w- C:\Program Files (x86)\StartIsBack
2014-05-20 23:47:22 -------- d---a-r- C:\Users\chelsea\OneDrive
2014-05-20 21:26:06 -------- d-sh--w- C:\Recovery
2014-05-20 21:25:57 -------- dc----w- C:\WINDOWS\Panther
2014-05-20 21:25:05 -------- d-----w- C:\Windows.old
2014-05-20 21:22:51 308224 ----a-w- C:\WINDOWS\System32\wusa.exe
2014-05-20 21:22:51 305152 ----a-w- C:\WINDOWS\SysWow64\wusa.exe
2014-05-20 21:20:17 2724864 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2014-05-20 21:20:17 2724864 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2014-05-20 21:18:28 982016 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Streaming.dll
2014-05-20 21:13:19 35480 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2014-05-20 21:13:19 102608 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-05-20 21:13:18 778936 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2014-05-20 21:13:17 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2014-05-20 21:13:16 124112 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2014-05-20 21:13:14 1166520 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2014-05-20 20:31:05 -------- d-----w- C:\WINDOWS\System32\SRSLabs
2014-05-20 20:30:59 -------- d-----w- C:\WINDOWS\SysWow64\RTCOM
2014-05-20 20:30:59 -------- d-----w- C:\Program Files\Realtek
2014-05-20 20:30:28 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2014-05-20 20:30:05 -------- d-----w- C:\Program Files\Elantech
2014-05-20 20:29:55 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2014-05-20 20:29:54 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2014-05-20 20:29:54 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2014-05-20 20:29:54 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2014-05-20 20:29:54 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2014-05-20 20:29:54 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2014-05-20 20:29:53 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2014-05-20 20:29:45 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2014-05-20 20:29:15 -------- d-----w- C:\Program Files\AMD
2014-05-20 17:22:45 -------- d-----w- C:\Users\chelsea\AppData\Roaming\library_dir
2014-05-20 17:20:16 -------- d-----w- C:\Users\chelsea\AppData\Roaming\Raptr
2014-05-20 17:20:16 -------- d-----w- C:\Program Files (x86)\Raptr
2014-05-20 17:11:09 -------- d-----w- C:\Users\chelsea\AppData\Local\ATI
2014-05-20 17:07:52 -------- d-----w- C:\AMD
2014-05-20 03:23:17 21040 ----a-w- C:\WINDOWS\System32\sdnclean64.exe
2014-05-20 03:23:15 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-05-20 03:23:09 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-20 03:14:03 119512 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2014-05-20 03:13:23 88280 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2014-05-20 03:13:23 63192 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2014-05-20 03:13:23 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2014-05-20 03:13:22 -------- d-----w- C:\ProgramData\Malwarebytes
2014-05-20 03:13:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-20 02:57:21 -------- d-----w- C:\Program Files\CCleaner
2014-05-19 17:56:29 -------- d-----w- C:\Program Files (x86)\SavErExtoensiOn
2014-05-19 17:49:41 -------- d-----w- C:\Program Files (x86)\predm
2014-05-19 17:12:35 -------- d-----w- C:\ProgramData\Intel(R) Update Manager
2014-05-19 13:57:28 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A8E93273-7D17-4686-847A-B25BD89531EB}\mpengine.dll
2014-05-18 19:48:41 -------- d-----w- C:\ProgramData\SavErExtoensiOn
2014-05-18 15:26:28 1031560 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2584F10-72C6-4B63-8E68-84EC4A82E36D}\gapaengine.dll
2014-05-16 03:29:31 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-05-16 03:28:23 270496 ----a-w- C:\WINDOWS\System32\MpSigStub.exe
2014-05-16 03:23:33 -------- d-----w- C:\Users\chelsea\AppData\Roaming\No Company Name
2014-05-16 03:23:14 61112 ----a-w- C:\WINDOWS\System32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys
2014-05-16 03:16:02 -------- d-----w- C:\Users\chelsea\AppData\Local\ElevatedDiagnostics
2014-05-11 02:03:05 -------- d-----w- C:\Program Files (x86)\Settings Manager
2014-05-06 18:26:27 -------- d-----w- C:\Users\chelsea\AppData\Roaming\uTorrent
2014-05-06 18:06:00 -------- d-----w- C:\Program Files (x86)\Photoshop
2014-05-06 17:37:12 -------- d-----w- C:\Users\chelsea\AppData\Roaming\GetPrivate
2014-05-06 17:37:01 -------- d-----w- C:\Users\chelsea\AppData\Roaming\Wise
2014-05-06 14:35:27 -------- d-----w- C:\ProgramData\SaveClicker
2014-05-06 14:35:27 -------- d-----w- C:\ProgramData\60cec433ccf7a3e0
2014-05-06 14:35:26 -------- d-----w- C:\Users\chelsea\AppData\Local\Torch
2014-05-06 14:35:26 -------- d-----w- C:\Users\chelsea\AppData\Local\Chromatic Browser
2014-05-06 14:35:26 -------- d-----w- C:\Program Files (x86)\SaveClicker
2014-05-06 14:35:25 -------- d-----w- C:\Users\chelsea\AppData\Local\Google
2014-05-06 14:35:25 -------- d-----w- C:\Users\chelsea\AppData\Local\Comodo
2014-05-06 14:30:43 -------- d-----w- C:\Users\chelsea\AppData\Local\Programs
2014-05-01 20:14:43 433752 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1405000.01C\symnets.sys
2014-05-01 20:14:42 796760 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1405000.01C\srtsp64.sys
2014-05-01 20:14:42 493656 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1405000.01C\symds64.sys
2014-05-01 20:14:42 36952 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1405000.01C\srtspx64.sys
2014-05-01 20:14:42 23448 ----a-r- C:\WINDOWS\System32\drivers\NISx64\1405000.01C\symelam.sys
2014-05-01 20:14:42 224416 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1405000.01C\ironx64.sys
2014-05-01 20:14:42 169048 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1405000.01C\ccsetx64.sys
2014-05-01 20:14:42 1139800 ----a-w- C:\WINDOWS\System32\drivers\NISx64\1405000.01C\symefa64.sys
2014-05-01 20:14:12 -------- d-----w- C:\WINDOWS\System32\drivers\NISx64\1405000.01C
2014-04-30 18:24:58 -------- d-----w- C:\Users\chelsea\AppData\Local\Diagnostics
2014-04-25 00:54:09 -------- d-----w- C:\WINDOWS\System32\MRT
2014-04-25 00:10:47 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2014-04-25 00:08:18 23350272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-04-25 00:08:18 22615040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
.
==================== Find3M ====================
.
2014-05-20 21:19:50 93696 ----a-w- C:\WINDOWS\System32\wudriver.dll
2014-05-20 21:18:28 955904 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2014-05-20 21:12:59 442880 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2014-05-20 21:12:59 2441216 ----a-w- C:\WINDOWS\apppatch\AcGenral.dll
2014-04-09 17:19:10 177312 ----a-w- C:\WINDOWS\System32\drivers\SYMEVENT64x86.SYS
2014-03-18 10:31:21 99328 ----a-w- C:\WINDOWS\System32\BdeHdCfgLib.dll
2014-03-18 10:31:21 794112 ----a-w- C:\WINDOWS\System32\fvewiz.dll
2014-03-18 10:31:21 720896 ----a-w- C:\WINDOWS\System32\fveapi.dll
2014-03-18 10:31:21 339456 ----a-w- C:\WINDOWS\System32\bdesvc.dll
2014-03-18 10:31:21 210944 ----a-w- C:\WINDOWS\System32\fveapibase.dll
2014-03-18 10:31:21 100352 ----a-w- C:\WINDOWS\System32\BitLockerDeviceEncryption.exe
2014-03-18 09:57:51 139776 ----a-w- C:\WINDOWS\System32\poqexec.exe
2014-03-18 09:57:51 124416 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2014-03-18 09:31:57 5632 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\ndiscap.sys.mui
2014-03-18 09:31:57 11264 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\NdisImPlatform.sys.mui
2014-03-18 09:31:56 7680 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\fwpkclnt.sys.mui
2014-03-18 09:31:56 2560 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\wfplwfs.sys.mui
2014-03-11 20:07:42 4550656 ----a-w- C:\WINDOWS\SysWow64\GPhotos.scr
.
============= FINISH: 14:18:31.62 ===============

attach.txt:

Read More:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8.1
Boot Device: \Device\HarddiskVolume2
Install Date: 5/20/2014 4:36:11 PM
System Uptime: 5/24/2014 12:09:07 PM (2 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NP780Z5E-S01UB
Processor: Intel(R) Core(TM) i7-3635QM CPU @ 2.40GHz | SOCKET 0 | 1200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 909 GiB total, 579.426 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Image File Execution Options =============
.
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
IFEO: browsersafeguard.exe - tasklist.exe
IFEO: dprotectsvc.exe - tasklist.exe
IFEO: jumpflip - tasklist.exe
IFEO: protectedsearch.exe - tasklist.exe
IFEO: searchinstaller.exe - tasklist.exe
IFEO: searchprotection.exe - tasklist.exe
IFEO: searchprotector.exe - tasklist.exe
IFEO: searchsettings.exe - tasklist.exe
IFEO: searchsettings64.exe - tasklist.exe
IFEO: snapdo.exe - tasklist.exe
IFEO: stinst32.exe - tasklist.exe
IFEO: stinst64.exe - tasklist.exe
IFEO: umbrella.exe - tasklist.exe
IFEO: utiljumpflip.exe - tasklist.exe
IFEO: volaro - tasklist.exe
IFEO: vonteera - tasklist.exe
IFEO: websteroids.exe - tasklist.exe
IFEO: websteroidsservice.exe - tasklist.exe
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
x64-IFEO: browsersafeguard.exe - tasklist.exe
x64-IFEO: dprotectsvc.exe - tasklist.exe
x64-IFEO: jumpflip - tasklist.exe
x64-IFEO: protectedsearch.exe - tasklist.exe
x64-IFEO: searchinstaller.exe - tasklist.exe
x64-IFEO: searchprotection.exe - tasklist.exe
x64-IFEO: searchprotector.exe - tasklist.exe
x64-IFEO: searchsettings.exe - tasklist.exe
x64-IFEO: searchsettings64.exe - tasklist.exe
x64-IFEO: snapdo.exe - tasklist.exe
x64-IFEO: stinst32.exe - tasklist.exe
x64-IFEO: stinst64.exe - tasklist.exe
x64-IFEO: umbrella.exe - tasklist.exe
x64-IFEO: utiljumpflip.exe - tasklist.exe
x64-IFEO: volaro - tasklist.exe
x64-IFEO: vonteera - tasklist.exe
x64-IFEO: websteroids.exe - tasklist.exe
x64-IFEO: websteroidsservice.exe - tasklist.exe
.
==== Installed Programs ======================
.
Absolute Reminder
Adobe Reader X (10.1.10) MUI
AMD Accelerated Video Transcoding
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Wireless Display v3.0
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CyberLink PowerDVD 10
D3DX10
E-POP
Easy File Share
Elements 11 Organizer
ETDWare X64 11.7.19.9_WHQL
Galerie de photos
Galería de fotos
Help Desk
Intel AppUp(SM) center
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) PRO/Wireless Driver
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1412.3)
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) Update Manager
Intel(R) WiDi
Intel® PROSet/Wireless Software
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
IntelliMemory
Malwarebytes Anti-Malware version 2.0.1.1004
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Movie Maker
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
Norton Internet Security
Oasis2Service
OEM Application Profile
PDF Settings CS6
Photo Common
Photo Gallery
Picasa 3
Plants vs. Zombies
PSE11 STI Installer
PX Profile Update
Quick Starter
Raptr
Realtek Card Reader
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Recovery
S Agent
Settings
Smart Advisor
Spybot - Search & Destroy
SRS Premium Sound
StartIsBack+
Support Center
Support Center FAQ
SW Update
User Guide
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 5.01 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
5/24/2014 12:11:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Oasis2Service service to connect.
5/24/2014 12:11:07 PM, Error: Service Control Manager [7000] - The Oasis2Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/24/2014 12:09:31 PM, Error: BTHUSB [30] - The local adapter does not support an important Low Energy controller state. The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff. Low Energy functionality will be disabled.
5/24/2014 1:55:13 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
5/22/2014 5:38:42 PM, Error: Service Control Manager [7034] - The Easy Launcher service terminated unexpectedly. It has done this 1 time(s).
5/22/2014 5:32:16 PM, Error: Service Control Manager [7030] - The Easy Launcher service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/22/2014 5:01:15 PM, Error: Service Control Manager [7034] - The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
5/22/2014 4:53:53 PM, Error: Service Control Manager [7030] - The SW Update Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/20/2014 4:59:40 PM, Error: Service Control Manager [7034] - The Sensor Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
5/20/2014 4:59:40 PM, Error: Service Control Manager [7031] - The Time Broker service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/20/2014 4:59:40 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
5/20/2014 4:59:40 PM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/20/2014 10:38:06 AM, Error: Service Control Manager [7022] - The Norton Online Backup service hung on starting.
5/20/2014 1:59:17 PM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
5/20/2014 1:58:57 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/20/2014 1:52:52 PM, Error: Service Control Manager [7023] -
5/20/2014 1:52:30 PM, Error: Service Control Manager [7001] - The Spybot-S&D 2 Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/20/2014 1:32:58 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with the following service-specific error: Server execution failed
5/20/2014 1:32:58 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80080005.
5/20/2014 1:30:58 PM, Error: Service Control Manager [7023] - The Network List Service service terminated with the following error: The device is not ready.
5/20/2014 1:28:41 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/19/2014 8:34:55 PM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: Access is denied.
5/19/2014 6:49:44 AM, Error: Service Control Manager [7000] - The Update ScanTack service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/19/2014 6:49:42 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Update ScanTack service to connect.
5/19/2014 10:56:47 AM, Error: Service Control Manager [7031] - The Update ScanTack service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/19/2014 10:39:07 AM, Error: Service Control Manager [7034] - The Util ScanTack service terminated unexpectedly. It has done this 1 time(s).
5/19/2014 10:36:10 AM, Error: Service Control Manager [7034] - The LPT System Updater Service service terminated unexpectedly. It has done this 1 time(s).
5/18/2014 7:55:20 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
5/18/2014 10:29:23 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================

​

 

[Corrine]

Hi, Tex Arcana.

Hmm, both Security Check and DDS show that Windows Firewall is enabled and Norton is running and updated.

1. Please download Farbar Service Scanner and run it on your granddaughter's computer.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

2. Your granddaughter has an outdated, vulnerable version of Adobe Reader. The most recent version (Adobe Reader XI, 11.0.06) for Windows is available here: Adobe - Adobe Reader : For Windows.

3. Since I'm seeing what looks like a bit of adware leftovers, let's double-check. Please download AdwCleaner by Xplode and save to your Desktop.

• Double-click AdwCleaner.exe to run the tool.
  Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
• Click the Scan button.
• AdwCleaner will begin. Be patient as the scan may take some time to complete.
• After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Copy and paste the contents of that logfile in your next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

[Tex Arcana]

Hi Corrine, I'm not surprised, it wasn't running when I first posted asking for help, but I had shut down the laptop since then.


Here ya go:


Farbar Service Scanner logfile:

Read More:

Farbar Service Scanner Version: 21-05-2014
Ran by chelsea (administrator) on 24-05-2014 at 18:44:24
Running from "C:\Users\chelsea\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2014-03-18 03:13] - [2014-03-18 03:13] - 0753664 ____A (Microsoft Corporation) 81979817943D830BF24571B7C1B28A1A



**** End of log ****

AdwCleaner logfile:

Read More:

# AdwCleaner v3.210 - Report created 24/05/2014 at 18:51:15
# Updated 19/05/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : chelsea - CHELSEACHERRY
# Running from : C:\Users\chelsea\Desktop\adwcleaner_3.210.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\chelsea\AppData\Roaming\regsvr32.exe_log.txt
File Found : C:\WINDOWS\System32\Tasks\BlockAndSurf_wd
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\SaveClicker
Folder Found : C:\Program Files (x86)\Settings Manager
Folder Found : C:\ProgramData\SaveClicker
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\chelsea\AppData\Local\Chromatic Browser
Folder Found : C:\Users\chelsea\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\torch

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\chelsea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk ( hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=US&userid=67665139-9c47-1d81-2572-d2cc60d988e8&searchtype=sc&installDate=06/05/2014&barcodeid=47360&um=0 )

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\blockAndSurf
Key Found : HKCU\Software\AppDataLow\Software\simplytech
Key Found : HKCU\Software\FreeSoftToday
Key Found : HKCU\Software\Linkey
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\simplytech
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\SystemK
Key Found : HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\FreeSoftToday
Key Found : [x64] HKCU\Software\Linkey
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : [x64] HKCU\Software\powerpack
Key Found : [x64] HKCU\Software\simplytech
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\SystemK
Key Found : [x64] HKCU\Software\TutoTag
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\Software\CompeteInc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Key Found : HKLM\Software\Tutorials
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.default-search.net?sid=498&aid=100&itype=n&ver=12386&tm=344&src=hmp

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\qpmcl0ij.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [6822 octets] - [24/05/2014 18:49:27]
AdwCleaner[R1].txt - [6706 octets] - [24/05/2014 18:51:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [6766 octets] ##########

 

[Corrine]

Hi, Tex Arcana.

Let's clean up the adware and see how the computer is running then.

1. Double-click AdwCleaner.exe to run the tool again.

• Click the Scan button.
• AdwCleaner will begin to scan your computer like it did before.
  Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
• After the scan has finished,
• This time click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

2. Please download Junkware Removal Tool to your desktop.

• Disable your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-mouse click it and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Does the computer seem to be operating correctly now?

 

[Tex Arcana]

AdwCleaner logfile:

Read More:

# AdwCleaner v3.210 - Report created 25/05/2014 at 10:56:12
# Updated 19/05/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : chelsea - CHELSEACHERRY
# Running from : C:\Users\chelsea\Desktop\adwcleaner_3.210.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SaveClicker
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\Settings Manager
Folder Deleted : C:\Program Files (x86)\SaveClicker
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\chelsea\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\chelsea\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
File Deleted : C:\Users\chelsea\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\WINDOWS\System32\Tasks\BlockAndSurf_wd

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\chelsea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\FreeSoftToday
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\SystemK
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\blockAndSurf
Key Deleted : HKCU\Software\AppDataLow\Software\simplytech
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\qpmcl0ij.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [6822 octets] - [24/05/2014 18:49:27]
AdwCleaner[R1].txt - [6882 octets] - [24/05/2014 18:51:15]
AdwCleaner[R2].txt - [6942 octets] - [25/05/2014 10:55:00]
AdwCleaner[S0].txt - [5819 octets] - [25/05/2014 10:56:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5879 octets] ##########

JRT logfile:

Read More:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by chelsea on Sun 05/25/2014 at 11:10:06.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/25/2014 at 11:17:55.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

At the moment is seems okay--as okay Win8.1 seems to run, it's still got sluggishness issues (as compared to Win7), but it seems okay so far. I'll hammer on it bit and see what shakes loose.

 

[Tex Arcana]

Well, at the moment, Windows Explorer doesn't seem to want to start, clicking the taskbar icon does nothing, and launching from the Start menu search bar pops a blank Explorer window that just sits there doing nothing.

EDIT: it finally came up, but it's VERY slow to respond. I just clicked on Desktop from This PC, and it doesn't even register my click. It's occupying 0% CPU and 6.8MB of memory. CPU is barely active, disk utilization pegged at 100% briefly.

 

[Tex Arcana]

EDIT#2: now it's snappy and quick, :wtf:?

 

[Corrine]

Looking at the Event Log, there are a couple things you/your granddaughter may want to consider.

1) Oasis2Service: Aside from the fact that the service failed to start/timed out when trying to connect to the internet, read over the description and consider if your granddaughter really needs it. Oasis2Service by DDNi

2) There were a couple of indications of problems with Shadow Backup, in particular, "The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit." Since there appears to be ample space available (C: is FIXED (NTFS) - 909 GiB total, 579.426 GiB free), you may wish to increase the user imposed limit, particularly if your granddaughter tends to install/test different programs.

To check how much space is allocated:

1. Go to Control Panel\All Control Panel Items\System.
2. Select the System Protection link
3. With C: highlighted, click on the Configure button.
4. Look at the "Max Usage slider" to how much disk space is allocated to System Protection to use for restore points. If it is at 10% or less, you may want to increase it slightly to 15%.
5. Click OK to save any changes or cancel if you decide to leave it alone.

 

[Tex Arcana]

I can tell you without a doubt that she doesn't need the Oasis2Service, it's gone.

I have also already increased the slider to 10%, after running those last items you recommended. I'll kick it to 15%, as well.


Is there anything else?

 

[Corrine]

Hi, Tex Arcana.

Let's take care of removing the tools used:

Please download Delfix from here.

Ensure the following boxes are checked:

• Remove disinfection tools
• Create registry backup
• Purge system restore
  
  
• Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply and let me know if you have any questions.

 

[Tex Arcana]

She retrieved the laptop last night, so I won't be able to do that last step. I did remove the tools I could, however.

So far, it seems to be working well. Thank you so much for all your help!!

 

[Corrine]

You are very welcome, Tex Arcana. It take teamwork. I'm glad that between the two of us, we were able to help your granddaughter with her computer. If you can point her to the instructions to run Delfix, it will merely clean up any remaining tools as well as creating a new system restore point and registry backup.

You may also want to refer her to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?".