• Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

  • Due to the complexity and risks involved our formally trained malware staff will be the only ones allowed to help with malware removal advice. Thank you.

[Solved] Do I have a virus?

Trazza

FPCH Member
Joined
Apr 8, 2009
PC Experience
PC Illiterate
Hi guys was wondering if anyone can help me. A couple of months ago I had to restore my laptop to factory settings and managed to do it with not much trouble.

Since then I seem to have had nothing but trouble when surfing the net. Whichever search engine I use (google chrome, firefox and IE ) the laptop stops responding and it can take

anything from 20 seconds to 5 minuets for it to start responding
.
Is there anything I can do?

My laptop is an Acer Aspire 5742 with an i3cpu and 3gb Ram and I am using windows 7 home premium 64 bit operating system i have Norton gold antivirus
.
Hope someone can help.

Many thanks

Tracey
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Location
Midlands, UK
PC Experience
Very Experienced
Hi Tracey ,

I have moved your thread to a more appropriate forum.

I'm not being funny when I say this, but some of the problems you experience could well be attributed to Norton.
I doubt you could find one member of staff here that would recommend that Security software.

Let's take a closer look at your system and see if we can find out exactly what's causing the problem.


For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator


  • When the tool opens click Yes to disclaimer.


  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.


  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.


In your next reply, please submit:
Both reports from FRST


Thanks.
 

Trazza

FPCH Member
Joined
Apr 8, 2009
PC Experience
PC Illiterate
Hi Starbuck I have tried several times to download the farbar recovery scan tool x64 but every time I click on it to open it removes itself from my downloads.
I realised that I had put this question in the wrong place and had just done the antimalaware check which was on your sticky here are thoose results
Malwarebytes Anti-Malware
www.malwarebytes.org




Protection, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Protection, Malware Protection, Starting,
Protection, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Protection, Malware Protection, Started,
Protection, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Protection, Malicious Website Protection, Starting,
Protection, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Protection, Malicious Website Protection, Started,
Error, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Update, Bad md5 or size: akadomains, 11,
Error, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Update, Bad md5 or size: akaips, 11,
Update, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Manual, AKA IP Database, 0.0.0.0, 2015.9.11.2,
Update, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Manual, Remediation Database, 2015.5.13.1, 2015.9.30.1,
Update, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.9.11.2,
Update, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Manual, IP Database, 0.0.0.0, 2015.10.4.1,
Update, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.10.2.1,
Update, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Manual, Domain Database, 0.0.0.0, 2015.10.3.2,
Update, 04/10/2015 15:38, SYSTEM, TRACEY-PC, Manual, Malware Database, 2015.6.3.3, 2015.10.4.2,
Protection, 04/10/2015 15:38, SYSTEM, TRACEY-PC, Protection, Refresh, Starting,
Protection, 04/10/2015 15:38, SYSTEM, TRACEY-PC, Protection, Malicious Website Protection, Stopping,
Protection, 04/10/2015 15:38, SYSTEM, TRACEY-PC, Protection, Malicious Website Protection, Stopped,
Protection, 04/10/2015 15:38, SYSTEM, TRACEY-PC, Protection, Refresh, Success,
Protection, 04/10/2015 15:38, SYSTEM, TRACEY-PC, Protection, Malicious Website Protection, Starting,
Protection, 04/10/2015 15:38, SYSTEM, TRACEY-PC, Protection, Malicious Website Protection, Started,
Scan, 04/10/2015 15:52, SYSTEM, TRACEY-PC, Manual, Start:04/10/2015 15:38, Duration:14 min 11 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,


(end)
Thanks for your quick reply Tracey
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Location
Midlands, UK
PC Experience
Very Experienced
I have tried several times to download the farbar recovery scan tool x64 but every time I click on it to open it removes itself from my downloads.
Disable Norton and any other security you have in place and then try again.
It's probably a security program being over zealous.

just done the antimalaware check which was on your sticky here are those results
Unfortunately, you highlighted the wrong line.... there are 2 types of reports.
It's the scan report we need.

Thanks any way.

Restart MBAM
  • Click on the History tab >> Application Logs.
  • Double click on the scan log which shows the Date and time of the scan that showed the infections.


  • Click 'Copy to Clipboard'


  • Paste the contents of the clipboard into your reply.
 

Trazza

FPCH Member
Joined
Apr 8, 2009
PC Experience
PC Illiterate
Thanks for the tip would have been trying to download that for hours
here is the results

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-10-2015
Ran by Tracey (administrator) on TRACEY-PC (04-10-2015 16:41:35)
Running from C:\Users\Tracey.Tracey-PC\Downloads
Loaded Profiles: Tracey (Available Profiles: Tracey)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\n360.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Tracey.Tracey-PC\Downloads\FRST64 (1).exe




==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4024205753-1016382499-939920564-1001\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-07-27] (Samsung)
HKU\S-1-5-21-4024205753-1016382499-939920564-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-08-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
Startup: C:\Users\Tracey.Tracey-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-10-03]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Tracey.Tracey-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-10-03]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: [DhcpNameServer] 168.95.1.1
Tcpip\..\Interfaces\{75A4AA5A-CE40-44A4-B284-2A166AFF1547}: [DhcpNameServer] 192.168.1.254


Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-4024205753-1016382499-939920564-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
HKU\S-1-5-21-4024205753-1016382499-939920564-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4024205753-1016382499-939920564-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4024205753-1016382499-939920564-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4024205753-1016382499-939920564-1001 -> {55BC0EAB-D46C-4CCE-B145-D79D06945876} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4024205753-1016382499-939920564-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://uk.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=GB&ver=5
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-4024205753-1016382499-939920564-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)


FireFox:
========
FF ProfilePath: C:\Users\Tracey.Tracey-PC\AppData\Roaming\Mozilla\Firefox\Profiles\3br9jf9f.default-1441883769561
FF NewTab: www.google.com
FF Homepage: hxxps://www.google.co.uk/?gfe_rd=cr&ei=72nxVcbCBILj8weH46XwCw&gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Extension: Adblock Plus - C:\Users\Tracey.Tracey-PC\AppData\Roaming\Mozilla\Firefox\Profiles\3br9jf9f.default-1441883769561\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-18]
FF HKLM-x32\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [2015-10-04]


Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR DefaultSearchURL: Default -> hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=apn10506&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Profile: C:\Users\Tracey.Tracey-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tracey.Tracey-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-18]
CHR Extension: (Google Docs) - C:\Users\Tracey.Tracey-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-18]
CHR Extension: (Google Drive) - C:\Users\Tracey.Tracey-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-18]
CHR Extension: (YouTube) - C:\Users\Tracey.Tracey-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-18]
CHR Extension: (Norton Security Toolbar) - C:\Users\Tracey.Tracey-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-09-18]
CHR Extension: (Google Search) - C:\Users\Tracey.Tracey-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-18]
CHR Extension: (Google Sheets) - C:\Users\Tracey.Tracey-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-18]
CHR Extension: (Google Docs Offline) - C:\Users\Tracey.Tracey-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-18]
CHR Extension: (Norton Identity Safe) - C:\Users\Tracey.Tracey-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-09-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tracey.Tracey-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-18]
CHR Extension: (Norton Safe) - C:\Users\Tracey.Tracey-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-10-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tracey.Tracey-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-18]
CHR Extension: (Gmail) - C:\Users\Tracey.Tracey-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-18]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-02]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-02]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\N360.exe [282016 2015-09-24] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20150928.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605040.018\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20151002.004\IDSvia64.sys [767216 2015-09-23] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20151004.001\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20151004.001\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605040.018\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605040.018\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605040.018\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\TurboYourPC\Service.sys [X]


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2015-10-04 16:41 - 2015-10-04 16:42 - 00023113 _____ C:\Users\Tracey.Tracey-PC\Downloads\FRST.txt
2015-10-04 16:41 - 2015-10-04 16:41 - 02193408 _____ (Farbar) C:\Users\Tracey.Tracey-PC\Downloads\FRST64 (1).exe
2015-10-04 16:40 - 2015-10-04 16:41 - 00000000 ____D C:\FRST
2015-10-04 16:40 - 2015-10-04 16:40 - 02193408 _____ (Farbar) C:\Users\Tracey.Tracey-PC\Downloads\FRST64.exe
2015-10-04 15:36 - 2015-10-04 15:38 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-04 15:36 - 2015-10-04 15:36 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-04 15:36 - 2015-10-04 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-04 15:36 - 2015-10-04 15:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-04 15:36 - 2015-10-04 15:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-04 15:36 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-04 15:36 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-04 15:36 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-10-04 15:34 - 2015-10-04 15:35 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Tracey.Tracey-PC\Downloads\mbam-setup-2.1.8.1057.exe
2015-10-03 15:03 - 2015-10-03 15:03 - 00000000 ____D C:\Users\Tracey.Tracey-PC\Documents\OneNote Notebooks
2015-10-02 15:36 - 2015-10-02 15:36 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-09-30 16:26 - 2015-09-30 16:28 - 71807792 _____ (Apple Inc.) C:\Users\Tracey.Tracey-PC\Downloads\iCloudSetup.exe
2015-09-18 17:55 - 2015-09-18 19:48 - 00000000 ____D C:\Users\Tracey.Tracey-PC\AppData\Roaming\Apple Computer
2015-09-18 17:55 - 2015-09-18 17:55 - 00000000 ____D C:\Users\Tracey.Tracey-PC\AppData\Local\Apple Computer
2015-09-18 17:54 - 2015-09-18 17:54 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-18 17:54 - 2015-09-18 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-18 17:54 - 2015-09-18 17:54 - 00000000 ____D C:\ProgramData\Apple Computer
2015-09-18 17:54 - 2015-09-18 17:54 - 00000000 ____D C:\Program Files\iTunes
2015-09-18 17:54 - 2015-09-18 17:54 - 00000000 ____D C:\Program Files\iPod
2015-09-18 17:54 - 2015-09-18 17:54 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-18 17:53 - 2015-09-18 17:53 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-18 17:53 - 2015-09-18 17:53 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-09-18 17:53 - 2015-09-18 17:53 - 00000000 ____D C:\Users\Tracey.Tracey-PC\AppData\Local\Apple
2015-09-18 17:53 - 2015-09-18 17:53 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-18 17:51 - 2015-09-18 17:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-18 17:51 - 2015-09-18 17:53 - 00000000 ____D C:\ProgramData\Apple
2015-09-18 17:51 - 2015-09-18 17:51 - 00000000 ____D C:\Program Files\Bonjour
2015-09-18 17:51 - 2015-09-18 17:51 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-18 17:45 - 2015-09-18 17:49 - 167601944 _____ (Apple Inc.) C:\Users\Tracey.Tracey-PC\Downloads\iTunes6464Setup.exe
2015-09-18 11:12 - 2015-09-29 19:18 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-18 11:12 - 2015-09-18 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-18 11:10 - 2015-10-04 16:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-18 11:10 - 2015-10-04 13:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-18 11:10 - 2015-09-18 11:12 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-18 11:10 - 2015-09-18 11:10 - 00929872 _____ (Google Inc.) C:\Users\Tracey.Tracey-PC\Downloads\ChromeSetup(1).exe
2015-09-18 11:10 - 2015-09-18 11:10 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-18 11:10 - 2015-09-18 11:10 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-18 11:09 - 2015-09-18 12:22 - 00000000 ____D C:\Users\Tracey.Tracey-PC\AppData\Local\Google
2015-09-18 11:08 - 2015-09-18 11:09 - 00929872 _____ (Google Inc.) C:\Users\Tracey.Tracey-PC\Downloads\ChromeSetup.exe
2015-09-10 12:16 - 2015-09-10 12:16 - 00000000 ____D C:\Users\Tracey.Tracey-PC\Desktop\Old Firefox Data
2015-09-10 12:04 - 2015-09-10 12:04 - 00002970 _____ C:\Windows\System32\Tasks\{4A445AB9-D59C-46D4-98B5-85FE45999321}


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2015-10-04 15:42 - 2015-08-04 16:06 - 01794814 _____ C:\Windows\WindowsUpdate.log
2015-10-04 14:35 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-04 14:35 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-04 13:47 - 2015-08-04 16:03 - 00177162 _____ C:\Windows\PFRO.log
2015-10-04 13:47 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-04 13:47 - 2009-07-14 05:51 - 00049668 _____ C:\Windows\setupact.log
2015-10-04 10:26 - 2015-08-04 18:54 - 01249440 _____ C:\Windows\IE11_main.log
2015-10-03 15:03 - 2009-07-14 06:13 - 00782940 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-02 15:35 - 2015-08-04 18:12 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-10-02 15:35 - 2015-08-04 18:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-10-02 15:35 - 2015-08-04 17:18 - 00002229 _____ C:\Users\Public\Desktop\Norton 360.LNK
2015-10-02 15:35 - 2015-08-04 17:17 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-09-30 19:07 - 2015-08-06 12:47 - 00000000 ____D C:\Users\Tracey.Tracey-PC\AppData\Roaming\SoftGrid Client
2015-09-28 12:11 - 2015-08-04 16:24 - 00000000 ____D C:\Program Files (x86)\Launch Manager
2015-09-19 08:23 - 2015-08-04 17:04 - 00086096 _____ C:\Users\Tracey.Tracey-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-15 22:26 - 2010-08-30 10:24 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS
2015-09-13 09:34 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-09 20:07 - 2015-08-10 11:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 20:05 - 2015-08-04 19:20 - 00000000 ____D C:\Windows\system32\MRT
2015-09-09 19:21 - 2015-08-08 14:09 - 00000000 ____D C:\Users\Tracey.Tracey-PC\AppData\Local\CrashDumps


==================== Files in the root of some directories =======


2010-08-30 10:12 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe


==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2015-10-01 12:24


==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-10-2015
Ran by Tracey (2015-10-04 16:42:28)
Running from C:\Users\Tracey.Tracey-PC\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-08-04 16:03:11)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-4024205753-1016382499-939920564-500 - Administrator - Disabled)
Guest (S-1-5-21-4024205753-1016382499-939920564-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4024205753-1016382499-939920564-1002 - Limited - Enabled)
Tracey (S-1-5-21-4024205753-1016382499-939920564-1001 - Administrator - Enabled) => C:\Users\Tracey.Tracey-PC


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.5 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-GB)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-4024205753-1016382499-939920564-1001\...\MyFreeCodec) (Version: - )
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 22.5.4.24 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== Restore Points =========================


27-09-2015 19:14:04 Windows Update
28-09-2015 10:54:15 Windows Update
28-09-2015 13:28:34 Windows Update
28-09-2015 14:25:21 Windows Update
28-09-2015 21:50:02 Windows Update
29-09-2015 09:06:06 Windows Update
29-09-2015 21:22:27 Windows Update
30-09-2015 08:02:42 Windows Update
30-09-2015 13:11:05 Windows Update
30-09-2015 16:30:05 Installed iCloud
30-09-2015 19:07:55 Windows Update
01-10-2015 10:47:40 Windows Update
01-10-2015 22:21:04 Windows Update
02-10-2015 10:51:27 Windows Update
02-10-2015 23:00:31 Windows Update
03-10-2015 09:59:08 Windows Update
03-10-2015 10:46:59 Windows Update
03-10-2015 23:00:27 Windows Update
04-10-2015 02:55:24 Windows Update
04-10-2015 09:39:19 Windows Update
04-10-2015 10:24:57 Windows Update


==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {0360295F-7299-4E47-949A-0910865C05DD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\WSCStub.exe [2015-09-24] (Symantec Corporation)
Task: {04E6C20B-87C9-457F-B1A1-527B4CB1B28E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {26D214E2-018F-4D25-9311-97EB49889C5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-18] (Google Inc.)
Task: {6FA9189B-A6DA-4F19-BE2E-EF9256A3544C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {7DE347FC-E694-4EC6-A794-A898166D439B} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {98DA2CB1-8D83-4932-A722-7CD736B299F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-18] (Google Inc.)
Task: {BC3C5849-C109-487A-B4AC-2AB1E480145B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {E578C3DC-99AD-42C3-B379-A0D2FF7A7F9E} - System32\Tasks\{4A445AB9-D59C-46D4-98B5-85FE45999321} => Firefox.exe
Task: {EF7863BB-BF1E-47F0-9F45-C75EC12D7B09} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


==================== Loaded Modules (Whitelisted) ==============


2015-09-15 14:25 - 2015-09-15 14:25 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-06-28 23:20 - 2010-06-28 23:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 23:12 - 2010-06-28 23:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2015-08-06 11:11 - 2015-08-06 11:11 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\939daa9c24a14d0673e781725dcf0b9d\IsdiInterop.ni.dll
2010-08-30 10:03 - 2010-04-13 17:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-08-30 10:45 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2015-09-29 19:18 - 2015-09-24 03:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-29 19:18 - 2015-09-24 03:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-09-29 19:18 - 2015-09-24 03:34 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)




==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)




==================== EXE Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)




==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-4024205753-1016382499-939920564-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tracey.Tracey-PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


(Currently there is no automatic fix for this section.)


MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [{74EA4FC4-773A-4831-A322-BD6CA06EBC02}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{0DDF194E-4DA1-4252-AB3E-345112F8A67A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{F91D21DB-7DB0-416F-91F9-537998C5DC11}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{86F639FD-56CA-4955-B480-0D96126A7C25}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{885335DE-88D4-424A-B7AD-797F9C41E407}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8EC8F8DC-1B51-482E-8A32-94A58EA3E3CF}] => (Allow) svchost.exe
FirewallRules: [{7C6B61D3-6504-4020-9219-60B5527C0280}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{1C390699-C740-4455-8363-2ADD4C104F3D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{51F98525-1F0C-4C45-B129-ED34BEEE40C3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E222EEA3-3688-4D81-B497-215884B108E9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E6254AEE-7A72-4847-A7E4-21903CADCF4D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CE9FDEF7-4385-4976-9243-9F8FB1692F91}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{564C558B-BCFB-46DD-A5C2-5DABAFE0B4D8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DD172E73-8F83-4764-B0B3-013656E1CFED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9F09EC4D-BADA-4C53-9069-B7184A63B1B6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E99492E7-8314-4B8E-A951-2C8611B7A71C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Faulty Device Manager Devices =============




==================== Event log errors: =========================


Application errors:
==================
Error: (10/04/2015 12:32:04 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.


Error: (10/04/2015 12:31:06 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


Error: (10/03/2015 03:40:06 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.


Error: (10/03/2015 03:37:33 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


Error: (10/02/2015 01:54:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.


Error: (10/02/2015 01:52:59 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


Error: (10/02/2015 01:15:25 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


Error: (10/01/2015 12:26:12 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.


Error: (10/01/2015 12:25:14 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


Error: (09/30/2015 03:38:12 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Microsoft Word: Rejected Safe Mode action : Word failed to start correctly last time. Starting Word in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.


Do you want to start Word in safe mode?.
Rejected Safe Mode action : Microsoft Word.




System errors:
=============
Error: (10/04/2015 10:26:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.


Error: (10/04/2015 10:25:00 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7160A13D-73DA-4CEA-95B9-37356478588A}


Error: (10/04/2015 02:56:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.


Error: (10/03/2015 11:05:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.


Error: (10/03/2015 03:14:01 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 15:12:04 on ‎03/‎10/‎2015 was unexpected.


Error: (10/03/2015 10:48:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.


Error: (10/02/2015 11:14:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UNS service.


Error: (10/02/2015 11:12:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Error: (10/02/2015 11:11:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.


Error: (10/01/2015 10:22:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.




==================== Memory info ===========================


Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 69%
Total physical RAM: 2806.71 MB
Available physical RAM: 856.58 MB
Total Virtual: 5611.62 MB
Available Virtual: 2966.01 MB


==================== Drives ================================


Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:217.75 GB) NTFS


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2787F85B)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)


==================== End of Addition.txt ============================


Hopefully this is the MBAM report
Malwarebytes Anti-Malware
www.malwarebytes.org


Scan Date: 04/10/2015
Scan Time: 15:38
Logfile:
Administrator: Yes


Version: 2.1.8.1057
Malware Database: v2015.10.04.02
Rootkit Database: v2015.10.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled


OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Tracey


Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384858
Time Elapsed: 14 min, 11 sec


Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled


Processes: 0
(No malicious items detected)


Modules: 0
(No malicious items detected)


Registry Keys: 0
(No malicious items detected)


Registry Values: 0
(No malicious items detected)


Registry Data: 0
(No malicious items detected)


Folders: 0
(No malicious items detected)


Files: 0
(No malicious items detected)


Physical Sectors: 0
(No malicious items detected)




(end)
Thanks Tracey
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Location
Midlands, UK
PC Experience
Very Experienced
Hi Tracey

Hopefully this is the MBAM report
Yes, that's the one. :)

There's nothing malicious showing in the reports, so I'm thinking this problem is related to a conflict with some of the installed software.
We'll check for that.

I see you have installed the trial version of MBAM.

License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
I recommend that you change this to the free version.

Start MBAM and click on the End Free Trial button.



This will stop the Realtime sections from running...... but will still be able to be used.
Just leave it installed and update it before running any future scans.

Step 1
Let's run a few cleanup routines with FRST.

Please download the attached fixlist.txt file (bottom of this post) and save it to the Download folder.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.



The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.


Step 2
If the system is still showing signs of the stated problem.... let's try a clean boot.

Hold down the Windows key on your keyboard and press the R key.
With the Run dialogue window open, type in msconfig and click the OK button.

You should now be looking at the System Configuration window. Click on the Services tab.

On the Services tab, youll notice a long list of services available on your PC
First, check the box labeled Hide All Microsoft Services. <<<<<<<<<<< Important
Next, click the Disable All button

By performing these two steps, you have effectively turned off all services from third-party software developers. All Microsoft services remain intact and will be ready to load when you reboot Windows.

Finally, click the OK button and reboot the system

When you reboot, you may get messages that certain hardware and software are not unavailable. This is normal.

Just be sure to hide all Microsoft services before you use the Disable All button. Otherwise, you may encounter boot up errors when you reboot your PC.

Remember, running Windows like this is just temporary.

Now see if the system is any faster.
If it is, then the problem lies with one or more of the programs that has been disabled.

After you have finished troubleshooting, follow these steps to reset the computer to start normally.

To restore Windows to a normal start up functionality:
  • Start the System Configuration Utility again (MSCONFIG)
  • On the "General" tab:
  • Click to select "Normal Startup"
  • Click "OK"
  • Choose the "Exit with Restart" option to restart your computer.

In your next reply, please submit:
Fixlog.txt (from FRST)

also let me know if there was any difference when running the clean boot.


Thanks.
 

Attachments

Trazza

FPCH Member
Joined
Apr 8, 2009
PC Experience
PC Illiterate
Hi Starbuck I have run the fix and try to attach the results.
My norton has just informed me that it has removed FRST as it is unsafe but hopefully the results are still in downloads. I have ended my trial version of MBAM as you suggested

Fix result of Farbar Recovery Scan Tool (x64) Version:03-10-2015
Ran by Tracey (2015-10-04 18:26:41) Run:1
Running from C:\Users\Tracey.Tracey-PC\Downloads
Loaded Profiles: Tracey (Available Profiles: Tracey)
Boot Mode: Normal
==============================================


fixlist content:
*****************
SearchScopes: HKU\S-1-5-21-4024205753-1016382499-939920564-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4024205753-1016382499-939920564-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\TurboYourPC\Service.sys [X]
FirewallRules: [{74EA4FC4-773A-4831-A322-BD6CA06EBC02}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{0DDF194E-4DA1-4252-AB3E-345112F8A67A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
C:\Program Files\Common Files\mcafee
CMD: ipconfig /flushdns
EmptyTemp:
Hosts:
*****************


HKU\S-1-5-21-4024205753-1016382499-939920564-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-4024205753-1016382499-939920564-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
WinRing0_1_2_0 => service removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{74EA4FC4-773A-4831-A322-BD6CA06EBC02} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0DDF194E-4DA1-4252-AB3E-345112F8A67A} => value removed successfully
"C:\Program Files\Common Files\mcafee" => File/Folder not found.


========= ipconfig /flushdns =========




Windows IP Configuration


Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 3.9 GB temporary data Removed.




The system needed a reboot..


==== End of Fixlog 18:29:46 ====
Hope I have done things correctly and will try computer to see if its any better if not I will go to step 2 and report my findings tomorrow if thats ok
thanks for the help Tracey
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Location
Midlands, UK
PC Experience
Very Experienced
Hi Tracy,

My norton has just informed me that it has removed FRST as it is unsafe
Doesn't surprise me.
We do get this from time to time with our tools, it's the way that they search and fix that gets them flagged. ( but they are totally safe )
Out of the 2 programs I'd say that Norton is the one that isn't safe!

EmptyTemp: => 3.9 GB temporary data Removed.
That will have made some noticeable difference to how the system runs :)

will try computer to see if its any better if not I will go to step 2 and report my findings tomorrow if thats ok
Yep, that's fine.
I'm around most evenings so just reply when you can.
 

Trazza

FPCH Member
Joined
Apr 8, 2009
PC Experience
PC Illiterate
Hi Starbuck

Tried computer and it was no better so I did step 2 and tried again my findings are as follows

for 10 mins everything was fantastic then back to normal when I tried to open chrome it took 30 seconds for the page to open and 2 mins for any new tabs to open.

Just a thought but every day I am getting the same 10 updates from windows and again every day it says they have been downloaded but when i shut computer down the same 10 updates say they are being downloaded again and when I check the next day most say they are there but I think 1 says it could not be downloaded.

Did i do something wrong when I restored computer to factory settings.

Also whilst I have got such knowledgeable help which programs do I need to have on my start-up or is this what I have disabled this morning?

Thank you very much for the time you are spending on my problems I hope to hear from you later. Tracey
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Location
Midlands, UK
PC Experience
Very Experienced
Hi Tracy

I am getting the same 10 updates from windows and again every day it says they have been downloaded but when i shut computer down the same 10 updates say they are being downloaded again and when I check the next day most say they are there but I think 1 says it could not be downloaded.
We can try the quick fix for this first.....

An automatic troubleshooter is available that fixes some problems with Windows Update, and it might resolve this error for you.
Click .... Microsoft Fix it
The instructions are easy and are on the link page.

Did i do something wrong when I restored computer to factory settings
Probably not.
It may well be that one or more of the windows update settings became corrupt.
If the Fixit from Microsoft doesn't fix it then we can try repairing the windows update files with a new copy.

which programs do I need to have on my start-up or is this what I have disabled this morning?
Most of the startup items would have been disabled when you ran the clean boot.
Obviously these will start up again when you return to a normal boot.

The Start up items showing in the FRST report are these: ( The ones in bold are the items that don't need to run as they can be started manually if required)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)

Odd one this....
Installed with Apple's iTunes for Windows. Note: Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4024205753-1016382499-939920564-1001\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDL R.exe [1015104 2015-07-27] (Samsung)

I've always used Samsung phones/tablets but have never installed Kies as I've never seen the need for it..... but it's obviously your choice.

We can stop the bold items from running, but it may not make a huge difference.

Question:
What made you install Norton?
 

Trazza

FPCH Member
Joined
Apr 8, 2009
PC Experience
PC Illiterate
Hi Starbuck

Question:
What made you install Norton?[/QUOTE]

When I needed security for the laptop I went to PC World and this is what they advised. Once upon a time I used AVG and Avast but the people at pc world managed to convince my husband that they were rubbish because they were free. (husband believes that people are currently spying on us via a virus but he always thinks we have a virus)

I tried the Microsoft fix it when I couldn't get the updates to download but it did not make any difference.

I am still running with all the programs disabled ATM and it seems to be a little better again.

thanks Tracey
 

Trazza

FPCH Member
Joined
Apr 8, 2009
PC Experience
PC Illiterate
Sorry forgot to say if you can help me with stopping programs from automatically starting at start up I would be very grateful

Regards Tracey.
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Location
Midlands, UK
PC Experience
Very Experienced
Hi Tracey

I went to PC World and this is what they advised.
Ar right.... explains a lot.
PC World are driven by commission and are good at selling you stuff you don't need.
Obviously they also know nothing about security software.
Norton is a known resource hog.
I would recommend removing it but obviously you have paid for it now and don't want to lose money.
How long have you had it installed?

Once upon a time I used AVG and Avast but the people at pc world managed to convince my husband that they were rubbish because they were free
At one time they were both good, but I wouldn't recommend either now.
This is not because they're free though...... it's to do with false positives, software problems and lately, AVG actually admitting they will be selling your details to advertisers to make money.

husband believes that people are currently spying on us via a virus
You can't knock someone for being cautious .... but there is no sign of any virus on your system.

I tried the Microsoft fix it when I couldn't get the updates to download but it did not make any difference.
Ok, let's see if there's a corruption within one of the files then.

If this comes back negative..... turn off Norton and then try the windows updates again.
It has been know for security software to interfere with the updates.

Click Start >> All Programs >> Accessories,
Now right-click Command Prompt, and then click Run as administrator.
If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
Type the following command, and then press the ENTER key on the keyboard: (the space is meant to be there between the c and the / )
sfc /scannow

The sfc /scannow command scans all protected system files and replaces incorrect versions or corrupt versions with correct Microsoft versions.

Running the scannow command doesn't always work the first time it's run.... so it's recommended to run it a couple of times.
It may take awhile to run, please don't use your system whilst the command is in progress.

I am still running with all the programs disabled ATM and it seems to be a little better again.
Ok, but remember we can't run it like this all the time.

if you can help me with stopping programs from automatically starting at start up I would be very grateful
No problem. I'll write a script to do that once we have tried to sort out the Windows update problem.
 

Trazza

FPCH Member
Joined
Apr 8, 2009
PC Experience
PC Illiterate
I have been using Norton for 20 months but when it runs out in January I will be looking for something better. Any suggestions.

I ran the sfc /scannow twice both times showing no faults.

I then turned the normal start up back on so i could disable norton.

I then turned off all norton and tried to install updates it said that 11 updates were available but it only downloaded 10 when I went to check in downloads it said

Failed 1 update error found code 9c57 internet explorer 11 for windows 7 for x64 based system failed.

Just to be sure with the sfc /scannow I tried running that also with norton disabled but no joy.

Arrrrrggggg

Thanks Tracey
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Location
Midlands, UK
PC Experience
Very Experienced
Hi Tracey

Failed 1 update error found code 9c57 internet explorer 11 for windows 7 for x64 based system failed.
That explains this then:

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Have just spent awhile searching this....
It seems to effect Laptops more than Desktops and there doesn't seem to be a definitive answer ( apart from a re-install )
There are quite a few people having this problem with Win7 64bit when trying to update to IE11.
Even Microsoft doesn't come up with an answer that fixes it.

These are the 2 main things to try:
  • Download and run the System Update Readiness Tool
    You need to click on the download for: Windows 7 64-bit (x64)
    Instructions are on the link page.

  • Download and try installing IE11 manually......Internet Explorer 11
    You need the version for your system: English .... Windows 7 SP1 64bit

If these don't work, is a re-install an option?

I have been using Norton for 20 months but when it runs out in January I will be looking for something better. Any suggestions.
I run:
Emsisoft AntiMalware on 2 x Win7 systems. (paid version)
Eset Nod32 on 1 x Win8.1 and 1 x Win10 (paid version)
Windows Defender on 1 x Win10. (free.... comes pre-installed on Win 10 )

 

Trazza

FPCH Member
Joined
Apr 8, 2009
PC Experience
PC Illiterate
Hi Starbuck I have tried to install IE11 manually several times but no joy. I have downloaded the System Update Readiness Tool and it installed a hotfix for KB947821 it then said finished and to exit and I haven't seen it since. I do not really want to do another re-install as it took me forever to get the laptop running as i want it (or should I say how my husband wants it).

I have noticed this morning that my windows live mail has stopped working and was wondering if its something that I have done in the process of trying to fix the laptop.

I can sign into web mail and see my emails there but WLM just keeps trying to connect then times out.

On the antivirus discussion a friend of my daughters has just offered me a copy of Eset Nod32 for business use for free and I was wondering if you thought I should use it and if you do would I have to uninstall all Norton first.

I will wait to hear from you

Thanks Tracey
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Location
Midlands, UK
PC Experience
Very Experienced
Hi Tracey,

I have tried to install IE11 manually several times but no joy
It was a long shot, but at least we tried.

I do not really want to do another re-install as it took me forever to get the laptop running as i want it (or should I say how my husband wants it).
I fully understand.
As you are using Chrome as your default browser, it shouldn't matter too much about IE11.
You did say:
I then turned off all norton and tried to install updates it said that 11 updates were available but it only downloaded 10 when I went to check in downloads it said

Failed 1 update error found code 9c57 internet explorer 11 for windows 7 for x64 based system failed.
So I'm assuming that the other updates came through.
The only thing that I can see that you may miss out on is the free Win10 upgrade.
Your system will need to have all the updates before Win10 will install.
I did notice that the Win10 notification is not showing on your system.... I suspect this is because the system is still running IE8.

I have noticed this morning that my windows live mail has stopped working and was wondering if its something that I have done in the process of trying to fix the laptop.
No, nothing we have done would cause this.
It may well be just a problem with WLM ( their end )and will probably sort itself out.
Have you tried it again since?

a friend of my daughters has just offered me a copy of Eset Nod32 for business use for free and I was wondering if you thought I should use it and if you do would I have to uninstall all Norton first.
Definitely a good choice.
Nod32 Business for Windows comes in 2 types.
  • Endpoint Security ..... this is the full package and will contain a Firewall.
    If you decide to use the Firewall, you will need to turn off the Windows Firewall or they will conflict.
  • Endpoint Antivirus .... The lighter version which doesn't contain a Firewall, so you will need to use the Windows Firewall.

Norton will need to be completely removed before installing Nod32.
Disable Norton ( stop it from running ) and then uninstall it from the add/remove list in Control Panel.

Because Norton usually leaves a lot of leftovers behind, we'll need to run a cleanup tool:

Download: Norton Removal Tool

Download it to your 'Desktop'.
Then click on the desktop icon to run the removal tool.
When complete, install your new AntiVirus program.

Let me know how it goes.
 

Trazza

FPCH Member
Joined
Apr 8, 2009
PC Experience
PC Illiterate
I have just tried WLM again and its still not working.

If WLM doesn't come back on on its own do you think uninstalling it and re-installing it will work?

I am also assuming that all the other updates came through but if its like any other time they will be there again tomorrow waiting to be downloaded.

I will not be getting the Eset Nod 32 till later in the week but I will let you know how it goes.

Thanks Tracey
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Location
Midlands, UK
PC Experience
Very Experienced
If WLM doesn't come back on on its own do you think uninstalling it and re-installing it will work?
I'd try repairing Windows Mail first.

Windows Live Mail doesn't have its own repair feature, it is part of the Windows Essentials 2012 package, which does have a repair function. Since this function repairs all applications that are a part of Windows Essentials 2012, repairing Windows Essentials 2012 should fix your Windows Live Mail problems.

  • Click Start >> Control Panel.
  • Click the "Uninstall a program" link. If you are using the classic Control Panel view, click "Programs and Features."
  • Click "Windows Live Essentials" from the list of installed programs.
  • Click "Repair all Windows Essentials programs" to repair Windows Live Mail.
  • Click the "Close" button after the repair successfully finishes.


I will not be getting the Eset Nod 32 till later in the week but I will let you know how it goes.
Ok, at least you have the info for when you need it.


Question:
Are these all working versions?
Microsoft Office 2010
Microsoft Office Home and Student 2010
Microsoft Office Starter 2010
I'm just trying to work out why so many versions of Office, when just the Main one would do.
 

Trazza

FPCH Member
Joined
Apr 8, 2009
PC Experience
PC Illiterate
To be honest I have no idea why all the office stuff is when I re-installed windows I just put my microsoft office disk in and installed it.

I have tried to fix WLM the way you suggested already and after the repair everything in windows essentials is repaired apart from Mail.

I know you say not to do anything to the computer whilst you are helping me and I didn't but my husband thought he would help and restore the laptop to an earlier time whilst I was waiting for your reply and I think I am back to square one. I have told him he shouldn't have touched it but its too late now whats done is done.

Do I now need to start from the top and do all the things we have previously done including the fix you sent me or is this redundant now.

I am really sorry about this and have banned husband from using computer till we have sorted it out.

Oh and after the restore to an earlier time WLM still not working

Thanks Tracey
 
Top Bottom