Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to do Windows Update or anti-virus patch application


  • This topic is locked This topic is locked
7 replies to this topic

#1 babyruth

babyruth

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:07:32 PM

Posted 08 September 2016 - 11:32 AM

When I try to do windows update it just keeps saying searching for update, even if I leave it scanning for a day and a half, and if I try to do a Norton anti-virus patch application the computer says applying patch application for up to a day, by then I'm tiered of waiting, and I end up having to turn it off manually because I can't even get Ctrl, Alt, Delete to work. Someone, not from this site, tried to help me and said I had a virus called the Zeus Trojan and wanted to charge me money to fix it, but I don't know if  I believe them, cause they just called me up out of the blue and said I had it after doing one scan, and I not even sure how much I can trust them. Unlike bleeping computer I have experience working with all of you, and I trust your work.

 

In addition to the Farbar Recovery Scan Tool Result and the Addition Scan I'm going to add the results of what that other persons scan gave me last in the list.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Elizabeth (administrator) on ELIZABETH-PC (08-09-2016 10:59:47)
Running from C:\Users\Elizabeth\Desktop
Loaded Profiles: Elizabeth (Available Profiles: Elizabeth)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\nis.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_22_0_0_210_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-3175931283-3933049633-1595192464-1000\...\Run: [cdloader] => C:\Users\Elizabeth\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-3175931283-3933049633-1595192464-1000\...\RunOnce: [98_10148242609346] => C:\Users\Elizabeth\AppData\Local\LMIR0001.tmp_r.bat [347 2016-09-08] ()
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2C920889-A6A8-4D7B-AD03-48BD4A9E8BDE}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3175931283-3933049633-1595192464-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3175931283-3933049633-1595192464-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.att.net/
SearchScopes: HKU\S-1-5-21-3175931283-3933049633-1595192464-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3175931283-3933049633-1595192464-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon
FF Extension: (Norton Identity Safe) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon [2016-07-27]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-19]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-19]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\NIS.exe [289080 2016-08-16] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160826.008\BHDrvx64.sys [1854712 2016-08-26] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1607010.020\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-07-23] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-07-23] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\IPSDefs\20160907.001\IDSvia64.sys [876760 2016-07-22] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1607010.020\SRTSP64.SYS [773360 2016-08-09] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1607010.020\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1607010.020\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-07-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1607010.020\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1607010.020\SYMNETS.SYS [567536 2016-06-01] (Symantec Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160727.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160727.001\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-08 10:59 - 2016-09-08 11:00 - 00009432 _____ C:\Users\Elizabeth\Desktop\FRST.txt
2016-09-08 10:51 - 2016-09-08 10:51 - 00000347 _____ C:\Users\Elizabeth\AppData\Local\LMIR0001.tmp_r.bat
2016-09-08 10:46 - 2016-09-08 10:46 - 00005137 _____ C:\Users\Elizabeth\Desktop\computer help.txt
2016-09-08 10:00 - 2016-09-08 10:00 - 00000000 ____D C:\Users\Elizabeth\Desktop\FRST-OlderVersion
2016-09-07 15:25 - 2016-09-07 15:25 - 00003747 _____ C:\Users\Elizabeth\Desktop\MTB.txt
2016-09-07 10:31 - 2016-09-07 10:31 - 00000000 ____D C:\Users\Elizabeth\Desktop\tweaking.com_windows_repair_aio
2016-09-07 10:23 - 2016-09-07 10:24 - 27522641 _____ C:\Users\Elizabeth\Downloads\tweaking.com_windows_repair_aio.zip
2016-09-01 09:30 - 2016-09-01 09:30 - 00000000 ____D C:\Users\Elizabeth\AppData\Local\tjnet
2016-08-30 10:25 - 2016-08-30 11:08 - 00000000 ____D C:\Users\Elizabeth\AppData\Roaming\mjusbsp
2016-08-30 10:25 - 2016-08-30 10:25 - 00001068 _____ C:\Users\Elizabeth\Desktop\magicJack.lnk
2016-08-30 10:25 - 2016-08-30 10:25 - 00001054 _____ C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2016-08-30 10:25 - 2016-08-30 10:25 - 00000000 ____D C:\ProgramData\magicJack
2016-08-30 10:24 - 2016-08-30 10:58 - 00000000 ____D C:\Users\Elizabeth\AppData\Local\magicJack
2016-08-22 11:31 - 2016-08-22 11:31 - 00892416 _____ (Farbar) C:\Users\Elizabeth\Desktop\MiniToolBox.exe
2016-08-21 19:31 - 2016-08-21 19:31 - 00000000 ____D C:\3c9e832bf6e898b3167ffc6b7a
2016-08-21 19:30 - 2016-08-21 19:31 - 01686586 _____ C:\Users\Elizabeth\Desktop\Windows6.1-KB3177725-x64.msu
2016-08-21 19:06 - 2016-08-21 19:06 - 00000000 ____D C:\ceef0cc9ab370999bc0cd173f74aae
2016-08-19 11:01 - 2016-08-19 11:01 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-08-12 06:13 - 2016-08-12 06:13 - 00021669 _____ C:\Users\Elizabeth\Documents\bookmark.htm
2016-08-12 06:13 - 2016-08-12 06:13 - 00000703 _____ C:\Users\Elizabeth\Documents\feeds.opml
2016-08-11 15:44 - 2016-08-11 15:44 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ELIZABETH-PC-Windows-7-Home-Premium-(64-bit).dat
2016-08-11 15:44 - 2016-08-11 15:44 - 00000000 ____D C:\RegBackup
2016-08-11 15:28 - 2016-08-11 15:28 - 00007184 _____ C:\bootsqm.dat
2016-08-11 12:17 - 2016-08-11 12:17 - 00003670 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-08-11 12:17 - 2016-08-11 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-08-11 12:16 - 2016-08-11 12:17 - 00188957 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2016-08-11 12:16 - 2016-08-11 12:16 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-08-11 12:03 - 2016-08-11 12:07 - 00000000 ____D C:\AdwCleaner
2016-08-11 12:02 - 2016-08-11 12:02 - 03712064 _____ C:\Users\Elizabeth\Desktop\AdwCleaner.exe
2016-08-11 11:49 - 2016-09-08 10:59 - 00000000 ____D C:\FRST
2016-08-11 11:46 - 2016-09-08 10:00 - 02397696 _____ (Farbar) C:\Users\Elizabeth\Desktop\FRST64.exe
2016-08-10 16:55 - 2016-08-10 16:56 - 00000066 _____ C:\Users\Elizabeth\Documents\New Text Document.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-08 10:50 - 2015-12-17 22:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-08 09:10 - 2009-07-13 23:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-08 09:10 - 2009-07-13 23:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-08 09:07 - 2011-03-20 22:25 - 00731508 _____ C:\Windows\system32\perfh00A.dat
2016-09-08 09:07 - 2011-03-20 22:25 - 00153368 _____ C:\Windows\system32\perfc00A.dat
2016-09-08 09:07 - 2011-03-20 22:11 - 00731856 _____ C:\Windows\system32\perfh00C.dat
2016-09-08 09:07 - 2011-03-20 22:11 - 00144472 _____ C:\Windows\system32\perfc00C.dat
2016-09-08 09:07 - 2009-07-14 00:13 - 02552924 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-08 09:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-09-08 09:02 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-08 08:39 - 2015-12-07 02:11 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-09-07 13:40 - 2009-07-13 23:45 - 00275120 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-07 12:02 - 2015-12-09 17:57 - 00000000 ____D C:\Users\Elizabeth\AppData\Local\CrashDumps
2016-09-07 11:56 - 2009-07-13 21:34 - 00000439 _____ C:\Windows\win.ini
2016-09-07 11:43 - 2015-10-21 16:17 - 02552924 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-09-07 10:21 - 2015-12-03 15:54 - 00060560 _____ C:\Users\Elizabeth\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-19 11:06 - 2015-11-30 22:06 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2016-08-19 11:01 - 2015-10-20 21:48 - 00002407 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2016-08-19 11:01 - 2015-10-20 21:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2016-08-19 11:01 - 2015-10-20 21:47 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2016-08-11 18:52 - 2009-07-13 21:34 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_572
2016-08-11 16:32 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-08-11 16:26 - 2009-07-13 21:34 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_651
2016-08-11 12:23 - 2016-01-06 11:15 - 00000000 ____D C:\Users\Elizabeth\AppData\Roaming\Skype
2016-08-10 20:15 - 2015-10-26 21:53 - 00000000 ____D C:\Users\Elizabeth\AppData\Local\NPE
2016-08-10 20:08 - 2015-10-26 22:01 - 00000000 ____D C:\NPE

==================== Files in the root of some directories =======

2016-09-08 10:51 - 2016-09-08 10:51 - 0000347 _____ () C:\Users\Elizabeth\AppData\Local\LMIR0001.tmp_r.bat
2016-04-11 17:41 - 2016-04-11 17:43 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-19 11:46

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Elizabeth (08-09-2016 11:00:56)
Running from C:\Users\Elizabeth\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-10-19 14:58:17)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3175931283-3933049633-1595192464-500 - Administrator - Disabled)
Elizabeth (S-1-5-21-3175931283-3933049633-1595192464-1000 - Administrator - Enabled) => C:\Users\Elizabeth
Guest (S-1-5-21-3175931283-3933049633-1595192464-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
magicJack (HKU\S-1-5-21-3175931283-3933049633-1595192464-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Microsoft .NET Framework 4.6.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.7.1.32 - Symantec Corporation)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.9 - Tweaking.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07A002DC-452E-406A-B270-AC27D9DD11AE} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3EE3150D-28EB-4CD7-8CBE-7639E4D16812} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2016-08-16] (Symantec Corporation)
Task: {74C8D5A4-DF55-40A0-94B7-39E8D9DCA45F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3175931283-3933049633-1595192464-1000
Task: {83D7934A-F01F-4E5A-89F6-8BA1F9F48070} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {8408B46D-237E-4AF4-9221-71F9DAD08978} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {8765B97C-88F5-4ACB-8E1A-6B5929E2580B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.7.1.32\WSCStub.exe [2016-08-16] (Symantec Corporation)
Task: {91B3E652-0AC9-4CD4-895B-18B85456147B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-23] (Adobe Systems Incorporated)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {F0F31B84-EF26-4327-92C1-AAB9BBB5065A} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {F399329B-B6E4-4991-ACE3-F635B31EA497} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-09-07 11:56 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3175931283-3933049633-1595192464-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8F2063FD-6628-40C2-9FE4-F5EA9C9365B1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5622DC88-6A83-4447-ADCB-C1F07F3D8211}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{CE1AA216-72C3-4383-B549-36C40034BDA7}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4E21AE4A-CAEA-45DA-9C07-B3D2F4717C69}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{35A9C60A-35EE-4EDC-96D4-223D343721F5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D2BD981D-F6C3-4181-BD62-176A92AB0A47}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C805E5A3-5CD5-40DE-9E2E-AA7BC300348B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

==================== Restore Points =========================

11-04-2016 15:02:20 Windows Update
11-04-2016 16:35:45 Windows Update
11-04-2016 17:05:38 Windows Update
11-04-2016 17:40:09 Installed TurboTax 2015 wrapper
12-08-2016 06:31:23 Windows Update
07-09-2016 11:22:10 Tweaking.com - Windows Repair

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2016 01:40:33 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (09/07/2016 01:40:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (09/07/2016 12:02:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Repair_Windows.exe, version: 3.9.0.10, time stamp: 0x57c48a80
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x736a4f5d
Faulting process id: 0x734
Faulting application start time: 0x01d2091d137a5ff2
Faulting application path: C:\Users\Elizabeth\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\Repair_Windows.exe
Faulting module path: unknown
Report Id: d84d301c-751c-11e6-b00d-a5a82732896c

Error: (09/07/2016 11:47:48 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\ES-ES\AACLIENT.MFL while recovering .MOF file marked with autorecover.

Error: (09/07/2016 11:47:07 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\FR-FR\AACLIENT.MFL while recovering .MOF file marked with autorecover.

Error: (09/07/2016 11:46:18 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL while recovering .MOF file marked with autorecover.

Error: (09/07/2016 11:45:17 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF while recovering .MOF file marked with autorecover.

Error: (09/07/2016 10:50:31 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.

Operation:
   Instantiating VSS server

Error: (09/07/2016 10:50:31 AM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered
].

Operation:
   Instantiating VSS server

Error: (08/31/2016 06:14:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18231 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8e4

Start Time: 01d203dcb6741689

Termination Time: 1206

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

System errors:
=============
Error: (09/08/2016 10:53:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2016 10:52:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2016 10:43:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2016 10:42:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2016 10:33:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2016 10:32:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2016 10:23:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2016 10:22:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2016 10:13:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2016 10:12:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

==================== Memory info ===========================

Processor: AMD E-450 APU with Radeon™ HD Graphics
Percentage of memory in use: 51%
Total physical RAM: 3836.06 MB
Available physical RAM: 1853.61 MB
Total Virtual: 7670.33 MB
Available Virtual: 6095.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:244.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 852B20DE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

Here's what they said about my computer.

 

 

Processes

 PID  Name                     CPU%  Priority  Type            Memory  Mem%  User

---------------------------------------------------------------------------------------------------------
1012  svchost.exe               46%        32  Service      314.14 MB    9%  NT AUTHORITY\SYSTEM
1524  LMISupportM32.exe         27%        32  Service       61.14 MB    1%  NT AUTHORITY\SYSTEM
   0  System Idle Process       14%
   4  System                     7%
2928  dwm.exe                    2%       128  Interactive   67.55 MB    2%  Elizabeth-PC\Elizabeth
2016  LMI_Rescue_srv.exe         2%        32  Service       96.04 MB    2%  NT AUTHORITY\SYSTEM
1564  LMI_Rescue_srv.exe         1%        32  Service       24.96 MB    0%  NT AUTHORITY\SYSTEM
3440  FRST64.exe                 1%        32  Interactive   63.13 MB    1%  Elizabeth-PC\Elizabeth
 288  smss.exe                   0%        32  Service        1.53 MB    0%  NT AUTHORITY\SYSTEM
 380  csrss.exe                  0%        32  Service        6.08 MB    0%  NT AUTHORITY\SYSTEM
1328  conhost.exe                0%        32  Service        3.52 MB    0%  NT AUTHORITY\SYSTEM
 448  wininit.exe                0%       128  Service        5.84 MB    0%  NT AUTHORITY\SYSTEM
 500  services.exe               0%        32  Service       12.92 MB    0%  NT AUTHORITY\SYSTEM
 640  svchost.exe                0%        32  Service       12.81 MB    0%  NT AUTHORITY\SYSTEM
3184  dllhost.exe                0%        32  Interactive   27.57 MB    0%  Elizabeth-PC\Elizabeth
 704  svchost.exe                0%        32  Service       11.19 MB    0%  NT AUTHORITY\NETWORK SERVICE
 792  atiesrxx.exe               0%        32  Service        5.62 MB    0%  NT AUTHORITY\SYSTEM
1052  atieclxx.exe               0%        32  Service        8.26 MB    0%  NT AUTHORITY\SYSTEM
 864  svchost.exe                0%        32  Service       33.86 MB    1%  NT AUTHORITY\LOCAL SERVICE
 900  svchost.exe                0%        32  Service      226.60 MB    6%  NT AUTHORITY\SYSTEM
1320  wlanext.exe                0%        32  Service        7.29 MB    0%  NT AUTHORITY\SYSTEM
3800  WUDFHost.exe               0%        32  Service        7.73 MB    0%  NT AUTHORITY\LOCAL SERVICE
 928  svchost.exe                0%        32  Service       21.29 MB    0%  NT AUTHORITY\LOCAL SERVICE
2296  taskeng.exe                0%        32  Interactive    7.64 MB    0%  Elizabeth-PC\Elizabeth
 472  WR_Tray_Icon.exe           0%     16384  Interactive    4.64 MB    0%  Elizabeth-PC\Elizabeth
 656  svchost.exe                0%        32  Service        7.61 MB    0%  NT AUTHORITY\SYSTEM
1112  svchost.exe                0%        32  Service       28.83 MB    0%  NT AUTHORITY\NETWORK SERVICE
1284  svchost.exe                0%        32  Service       28.25 MB    0%  NT AUTHORITY\LOCAL SERVICE
1424  spoolsv.exe                0%        32  Service       21.33 MB    0%  NT AUTHORITY\SYSTEM
1544  svchost.exe                0%        32  Service       14.55 MB    0%  NT AUTHORITY\SYSTEM
1700  svchost.exe                0%        32  Service       14.50 MB    0%  NT AUTHORITY\LOCAL SERVICE
1780  NIS.exe                    0%        32  Service      115.58 MB    3%  NT AUTHORITY\SYSTEM
2888  NIS.exe                    0%        32  Interactive   33.64 MB    1%  Elizabeth-PC\Elizabeth
1932  svchost.exe                0%        32  Service       11.70 MB    0%  NT AUTHORITY\LOCAL SERVICE
1552  SearchIndexer.exe          0%        32  Service       43.64 MB    1%  NT AUTHORITY\SYSTEM
2944  svchost.exe                0%        32  Service        9.58 MB    0%  NT AUTHORITY\LOCAL SERVICE
 768  svchost.exe                0%        32  Service        7.66 MB    0%  NT AUTHORITY\NETWORK SERVICE
 984  IntuitUpdateService.exe    0%        32  Service       22.33 MB    0%  NT AUTHORITY\SYSTEM
 520  lsass.exe                  0%        32  Service       15.87 MB    0%  NT AUTHORITY\SYSTEM
 528  lsm.exe                    0%        32  Service        6.57 MB    0%  NT AUTHORITY\SYSTEM
 464  csrss.exe                  0%        32  Service       12.91 MB    0%  NT AUTHORITY\SYSTEM
 752  winlogon.exe               0%       128  Service        9.57 MB    0%  NT AUTHORITY\SYSTEM
3024  explorer.exe               0%        32  Interactive   81.55 MB    2%  Elizabeth-PC\Elizabeth
4700  notepad.exe                0%        32  Interactive    9.57 MB    0%  Elizabeth-PC\Elizabeth
2144  lmi_rescue.exe             0%        32  Interactive   48.37 MB    1%  Elizabeth-PC\Elizabeth



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:32 PM

Posted 09 September 2016 - 09:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-3175931283-3933049633-1595192464-1000\...\RunOnce: [98_10148242609346] => C:\Users\Elizabeth\AppData\Local\LMIR0001.tmp_r.bat [347 2016-09-08] ()
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3175931283-3933049633-1595192464-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3175931283-3933049633-1595192464-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160727.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160727.001\EX64.SYS [X]
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {8408B46D-237E-4AF4-9221-71F9DAD08978} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {F399329B-B6E4-4991-ACE3-F635B31EA497} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
C:\Users\Elizabeth\AppData\Local\LMIR0001.tmp_r.bat
cmd: netsh winsock reset catalog

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 babyruth

babyruth
  • Topic Starter

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:07:32 PM

Posted 09 September 2016 - 06:09 PM

I haven't done anything with the computer yet, since I ran the scan, but I thought I ought to send you the Fixlog.txt first then try it out.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Elizabeth (09-09-2016 17:57:12) Run:1
Running from C:\Users\Elizabeth\Desktop
Loaded Profiles: Elizabeth (Available Profiles: Elizabeth)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-3175931283-3933049633-1595192464-1000\...\RunOnce: [98_10148242609346] => C:\Users\Elizabeth\AppData\Local\LMIR0001.tmp_r.bat [347 2016-09-08] ()
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3175931283-3933049633-1595192464-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3175931283-3933049633-1595192464-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160727.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160727.001\EX64.SYS [X]
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {8408B46D-237E-4AF4-9221-71F9DAD08978} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {F399329B-B6E4-4991-ACE3-F635B31EA497} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
C:\Users\Elizabeth\AppData\Local\LMIR0001.tmp_r.bat
cmd: netsh winsock reset catalog

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3175931283-3933049633-1595192464-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\98_10148242609346 => value not found.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3175931283-3933049633-1595192464-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3175931283-3933049633-1595192464-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
NAVENG => service could not remove
NAVEX15 => service could not remove
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8408B46D-237E-4AF4-9221-71F9DAD08978}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8408B46D-237E-4AF4-9221-71F9DAD08978}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F399329B-B6E4-4991-ACE3-F635B31EA497}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F399329B-B6E4-4991-ACE3-F635B31EA497}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully
"C:\Users\Elizabeth\AppData\Local\LMIR0001.tmp_r.bat" => not found.

========= netsh winsock reset catalog =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4396280 B
Java, Flash, Steam htmlcache => 541 B
Windows/system/drivers => 122425464 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66228 B
LocalService => 0 B
NetworkService => 0 B
Elizabeth => 3507268 B

RecycleBin => 38355 B
EmptyTemp: => 136.5 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 17:58:08 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:32 PM

Posted 10 September 2016 - 07:43 AM

Let me know what problems persists when you can.

#5 babyruth

babyruth
  • Topic Starter

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:07:32 PM

Posted 12 September 2016 - 12:34 PM

I still can not update my computer. I let scan for updates all weekend, and it was still scanning until a few minutes before, I didn't think it should take that long, so I stopped it and posted this reply. 

 

I will be able to reply around 3 pm my time.


Edited by babyruth, 12 September 2016 - 12:35 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:32 PM

Posted 12 September 2016 - 12:37 PM

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

#7 babyruth

babyruth
  • Topic Starter

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:07:32 PM

Posted 12 September 2016 - 06:41 PM

I'm sorry I've been feeling sick, so I'm unable to do that today. I'll get in touch with you tomorrow. 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:32 PM

Posted 19 September 2016 - 08:38 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users