Many issues, unable to run MBAM, computer slow, explorer crashing

[RobertHelfst]

I tried to resolve this issue with a soft refresh, but it failed to complete. I had to run MBAM Chameleon to complete a scan. Unable to install any antivirus past the cruddy bloatware trial. A factory reset has not resolved the issue either. Any help is greatly appreciated. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-08-2015

Ran by Robert (administrator) on HelfstDesktop (12-08-2015 22:01:47)

Running from C:\Users\Robert\Downloads

Loaded Profiles: Robert (Available Profiles: Robert)

Platform: Windows 8 Pro (X64) Language: English (United States)

Internet Explorer Version 10 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe

(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\CamMute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe

(LITEON) C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\skdh8821.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

(LENOVO INCORPORATED.) C:\Program Files\Lenovo\QuickSnipService\QuickSnipService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Lenovo) C:\Program Files\Lenovo\QuickSnipService\QuickSnipInput.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe

(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe

(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)

HKLM\...\Run: [skd8821] => C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe [384000 2012-03-27] (LITE-ON TECHNOLOGY CORP.)

HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [311208 2012-09-05] (Lenovo Group Limited)

HKLM\...\Run: [Lenovo Settings Dependency Package] => wscript.exe "C:\Program Files\Lenovo\SettingsDependency\cpyMachineInformation_xml.vbs"

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [585792 2012-12-07] (Lenovo Corporation)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)

HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [27464 2013-04-09] ()

HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [738032 2014-03-04] (Lenovo)

HKU\S-1-5-21-428984259-273349680-1421280203-1001\...\Run: [GoogleChromeAutoLaunch_8CC0C224CAA679A6B63017BE99A17B85] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)

ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-428984259-273349680-1421280203-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB

HKU\S-1-5-21-428984259-273349680-1421280203-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com

SearchScopes: HKU\S-1-5-21-428984259-273349680-1421280203-1001 -> DefaultScope {ECF1E8A7-2FBE-432A-9754-E63F12F301C7} URL = 

SearchScopes: HKU\S-1-5-21-428984259-273349680-1421280203-1001 -> {ECF1E8A7-2FBE-432A-9754-E63F12F301C7} URL = 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{C9B90677-7266-43A7-997B-4431BD3F7B13}: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-03-25] (Nitro PDF)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-12] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-12] (Google Inc.)

FF Plugin HKU\S-1-5-21-428984259-273349680-1421280203-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2013-03-25] (Intel)

FF Plugin HKU\S-1-5-21-428984259-273349680-1421280203-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2013-03-25] (Intel)

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn [2015-08-12]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn [2015-08-12]

 

Chrome: 

=======

CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-12]

CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-12]

CHR Extension: (Google Search) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-12]

CHR Extension: (Google Play Music) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-08-12]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-12]

CHR Extension: (Norton Identity Protection) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-08-12]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-12]

CHR Extension: (Trend Micro Toolbar) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2015-08-12]

CHR Extension: (Gmail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-12]

CHR Extension: (Bookindy – Browse Amazon, buy independent) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkojccpfacognnfgbafojnnlkeifcmhe [2015-08-12]

CHR Extension: (Writer) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2015-08-12]

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-03-04]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2014-03-04] (Lenovo)

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]

R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156104 2013-06-03] (Intel Corporation)

S3 intelsba; C:\Program Files\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [48832 2013-04-10] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)

R2 Lenovo QuickSnip Service; C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe [220488 2013-05-13] (LENOVO INCORPORATED.)

R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [562504 2013-05-13] (LENOVO INCORPORATED.)

R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [671808 2012-12-07] (Lenovo Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)

R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)

R3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63816 2013-04-09] (Lenovo)

S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186696 2013-04-09] (Lenovo Group Limited)

R2 Sks8821; C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe [137216 2010-05-04] () [File not signed]

S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-04-19] ()

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2014-03-04] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130522.001\BHDrvx64.sys [1393240 2013-05-20] (Symantec Corporation)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)

S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)

S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385272 2013-04-23] (Motorola Solutions, Inc.)

R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)

R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [498032 2012-07-12] (Intel Corporation)

R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-08-12] (Symantec Corporation)

U3 EraserUtilDrv11220; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [138912 2013-05-22] (Symantec Corporation)

U3 EraserUtilDrv11511; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11511.sys [153936 2015-08-12] (Symantec Corporation)

R0 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [65776 2014-03-04] (Windows ® Win 7 DDK provider)

R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130402.100\IDSVia64.sys [513184 2013-03-04] (Symantec Corporation)

S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20150812.003\ENG64.SYS [138488 2015-08-12] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20150812.003\EX64.SYS [2146040 2015-08-12] (Symantec Corporation)

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3311072 2013-02-21] (Intel Corporation)

R3 SRTSP; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)

R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)

R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)

R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)

S0 SymELAM; C:\Windows\System32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2013-03-04] (Symantec Corporation)

R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-03-04] (Symantec Corporation)

R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)

R3 SymNetS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-08-13 00:09 - 2015-08-13 00:09 - 00000000 ____D C:\WINDOWS\CSC

2015-08-12 21:59 - 2015-08-12 21:59 - 00000000 __SHD C:\AI_RecycleBin

2015-08-12 21:59 - 2015-08-12 21:59 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Reason Software Company Inc

2015-08-12 21:49 - 2015-08-12 21:49 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin

2015-08-12 20:41 - 2015-08-12 20:41 - 00000000 ____D C:\Users\Robert\Downloads\mbam-chameleon-3.1.25.0

2015-08-12 20:40 - 2015-08-12 20:40 - 06383209 _____ C:\Users\Robert\Downloads\mbam-chameleon-3.1.25.0.zip

2015-08-12 20:39 - 2015-08-12 20:39 - 02178872 _____ (Reason Software Company Inc.) C:\Users\Robert\Downloads\ShouldIRemoveIt_Setup.exe

2015-08-12 20:34 - 2015-08-12 20:34 - 00025590 _____ C:\Users\Robert\Downloads\Addition.txt

2015-08-12 20:33 - 2015-08-12 22:01 - 00018878 _____ C:\Users\Robert\Downloads\FRST.txt

2015-08-12 20:33 - 2015-08-12 22:01 - 00000000 ____D C:\FRST

2015-08-12 20:31 - 2015-08-12 20:31 - 02173952 _____ (Farbar) C:\Users\Robert\Downloads\frst64.exe

2015-08-12 20:31 - 2015-08-12 20:31 - 02173952 _____ (Farbar) C:\Users\Robert\Downloads\FRST64 (1).exe

2015-08-12 20:29 - 2015-08-12 20:29 - 06924624 _____ (Trend Micro Inc.) C:\Users\Robert\Downloads\TTi_10.0_EL_Downloader.exe

2015-08-12 20:24 - 2015-08-12 21:29 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-08-12 20:24 - 2015-08-12 20:45 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-08-12 20:24 - 2015-08-12 20:24 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-08-12 20:24 - 2015-08-12 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-08-12 20:24 - 2015-08-12 20:24 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-08-12 20:24 - 2015-08-12 20:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-08-12 20:24 - 2015-06-18 11:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-08-12 20:24 - 2015-06-18 11:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-08-12 20:22 - 2015-08-12 20:23 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Robert\Downloads\mbam-setup-2.1.8.1057.exe

2015-08-12 20:20 - 2015-08-12 21:25 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-08-12 20:20 - 2015-08-12 20:25 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-08-12 20:20 - 2015-08-12 20:21 - 00000000 ____D C:\Users\Robert\AppData\Local\Google

2015-08-12 20:20 - 2015-08-12 20:20 - 00003898 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2015-08-12 20:20 - 2015-08-12 20:20 - 00003662 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2015-08-12 20:20 - 2015-08-12 20:20 - 00002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-08-12 20:20 - 2015-08-12 20:20 - 00000000 ____D C:\Users\Robert\AppData\Local\Deployment

2015-08-12 20:20 - 2015-08-12 20:20 - 00000000 ____D C:\Users\Robert\AppData\Local\Apps\2.0

2015-08-12 20:20 - 2015-08-12 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-08-12 20:20 - 2015-08-12 20:20 - 00000000 ____D C:\Program Files (x86)\Google

2015-08-12 20:19 - 2015-08-12 20:26 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-428984259-273349680-1421280203-1001

2015-08-12 20:17 - 2015-08-12 20:17 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Nitro PDF

2015-08-12 20:14 - 2015-08-12 20:14 - 00000000 ____D C:\Users\Robert\AppData\Roaming\ATI

2015-08-12 20:14 - 2015-08-12 20:14 - 00000000 ____D C:\Users\Robert\AppData\Local\ATI

2015-08-12 20:13 - 2015-08-12 20:13 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security

2015-08-12 20:13 - 2015-08-12 20:13 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Intel Corporation

2015-08-12 20:12 - 2015-08-12 20:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD

2015-08-12 20:12 - 2015-08-12 20:12 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Lenovo

2015-08-12 20:12 - 2015-08-12 20:12 - 00000000 ____D C:\Users\Robert\AppData\Local\Power2Go

2015-08-12 20:11 - 2015-08-12 20:12 - 00000193 _____ C:\Users\Robert\AppData\Local\RegisteredPackageInformation.xml

2015-08-12 20:11 - 2015-08-12 20:11 - 00001441 _____ C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-08-12 20:11 - 2015-08-12 20:11 - 00000020 ___SH C:\Users\Robert\ntuser.ini

2015-08-12 20:11 - 2015-08-12 20:11 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Intel

2015-08-12 20:11 - 2015-08-12 20:11 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Adobe

2015-08-12 20:11 - 2015-08-12 20:11 - 00000000 ____D C:\Users\Robert\AppData\Local\VirtualStore

2015-08-12 20:11 - 2015-08-12 20:11 - 00000000 ____D C:\Users\Robert\AppData\Local\Packages

2015-08-12 20:11 - 2015-08-12 20:11 - 00000000 ____D C:\Users\Robert

2015-08-12 20:11 - 2014-03-04 03:19 - 00000000 ___RD C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-08-12 20:11 - 2014-03-04 03:17 - 00000000 ___RD C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-08-12 20:11 - 2014-03-04 02:48 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Macromedia

2015-08-12 20:11 - 2013-04-01 21:53 - 00002149 _____ C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DesktopToastsForCriticalUpdates.lnk

2015-08-12 20:11 - 2012-07-26 04:13 - 00000000 ___RD C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-08-12 20:11 - 2012-07-26 04:13 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-08-12 14:45 - 2015-08-12 14:45 - 00000000 _____ C:\Recovery.txt

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-08-12 21:07 - 2012-07-26 03:28 - 00850046 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2015-08-12 21:03 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\rescache

2015-08-12 21:03 - 2012-07-26 03:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-08-12 20:25 - 2014-03-04 02:26 - 00332172 _____ C:\WINDOWS\WindowsUpdate.log

2015-08-12 20:23 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp

2015-08-12 20:19 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\system32\sru

2015-08-12 20:17 - 2014-03-04 02:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo

2015-08-12 20:12 - 2014-03-04 02:57 - 00000000 ____D C:\ProgramData\Norton

2015-08-12 20:12 - 2014-03-04 02:49 - 629145600 ___SH C:\WINDOWS\lenovo_fastboot.img

2015-08-12 20:12 - 2012-07-26 01:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM

2015-08-12 20:11 - 2014-03-04 03:01 - 00078105 _____ C:\WINDOWS\modules.log

2015-08-12 20:11 - 2012-07-26 04:12 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2015-08-12 20:11 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\WinStore

2015-08-12 14:46 - 2014-03-04 02:42 - 00291288 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2015-08-12 14:46 - 2013-03-25 17:02 - 00106716 _____ C:\WINDOWS\PFRO.log

2015-08-12 13:39 - 2012-07-26 04:13 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template

 

==================== Files in the root of some directories =======

 

2015-08-12 20:11 - 2015-08-12 20:12 - 0000193 _____ () C:\Users\Robert\AppData\Local\RegisteredPackageInformation.xml

2014-03-04 02:39 - 2014-03-04 02:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2014-03-04 02:52 - 2014-03-04 02:52 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log

2014-03-04 02:50 - 2014-03-04 02:50 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

2014-03-04 02:51 - 2014-03-04 02:51 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log

2014-03-04 02:52 - 2014-03-04 02:52 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2013-03-25 17:02

 

==================== End of log ============================

[TwinHeadedEagle]

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

• We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
• Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
• Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
• Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
• Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
• Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
• I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

---

Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.

  (XP users click run after receipt of Windows Security Warning - Open File).

• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

[RobertHelfst]

Please see the attached scan logs. And thank you for the expedient reply 

Addition.txt

FRST.txt

[TwinHeadedEagle]

Check Disk

• Press the + R on your keyboard at the same time. Type cmd and click OK.
• Copy/Enter the command below and press Enter:

• chkdsk C: /r

• You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
• All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.

Check Disk report:

• Press the + R on your keyboard at the same time. Type eventvwr and click OK.
• In the left panel, expand Windows Logs and then click on Application.
• Now, on the right side, click on Filter Current Log.
• Under Event Sources, check only Wininit and click OK.
• Now you'll be presented with one or multiple Wininit logs.
• Click on an entry corresponding to the date and time of the disk check.
• On the top main menu, click Action > Copy > Copy Details as Text.
• Paste the contents into your next reply.

[RobertHelfst]

Hello,

 

I will run the Check Disk sometime today. I am posting from my laptop at the moment. My desktop in question attempted to autoupdate and configure the new data but failed and is reverting changes at the moment.

 

Do you suspect that I have a bad HDD?

 

Again, thank you much for your assistance

[RobertHelfst]

I attempted to run the first step and received this message in response:

 

"Access Denied as you do not have sufficient privileges.

You have to invoke this utility running in elevated mode."

 

Please advise 

[TwinHeadedEagle]

Open Metro, type CMD, then right click --> Run as Administrator

[RobertHelfst]

Thank you. It has been sitting at 27% for quite some time (I am again writing from my laptop). I will let it run overnight and hope for the best.

[RobertHelfst]

Log Name:      Application

Source:        Microsoft-Windows-Wininit

Date:          8/16/2015 9:26:54 PM

Event ID:      1001

Task Category: None

Level:         Information

Keywords:      Classic

User:          N/A

Computer:      HelfstDesktop

Description:

 

 

Checking file system on C:

The type of the file system is NTFS.

Volume label is Windows8_OS.

 

A disk check has been scheduled.

Windows will now check the disk.                         

 

CHKDSK is verifying files (stage 1 of 5)...

  271104 file records processed.                                         

 

File verification completed.

  3231 large file records processed.                                   

 

  0 bad file records processed.                                     

 

 

CHKDSK is verifying indexes (stage 2 of 5)...

  336332 index entries processed.                                        

 

Index verification completed.

  0 unindexed files scanned.                                        

 

  0 unindexed files recovered.                                      

 

 

CHKDSK is verifying security descriptors (stage 3 of 5)...

Cleaning up 314 unused index entries from index $SII of file 0x9.

Cleaning up 314 unused index entries from index $SDH of file 0x9.

Cleaning up 314 unused security descriptors.

Security descriptor verification completed.

  32615 data files processed.                                           

 

CHKDSK is verifying Usn Journal...

  34935320 USN bytes processed.                                            

 

Usn Journal verification completed.

 

CHKDSK is verifying file data (stage 4 of 5)...

  271088 files processed.                                                

 

File data verification completed.

 

CHKDSK is verifying free space (stage 5 of 5)...

  106307671 free clusters processed.                                        

 

Free space verification is complete.

CHKDSK discovered free space marked as allocated in the volume bitmap.

 

Windows has made corrections to the file system.

No further action is required.

 

 473661439 KB total disk space.

  47893940 KB in 211608 files.

    149348 KB in 32616 indexes.

         0 KB in bad sectors.

    387463 KB in use by the system.

     65536 KB occupied by the log file.

 425230688 KB available on disk.

 

      4096 bytes in each allocation unit.

 118415359 total allocation units on disk.

 106307672 allocation units available on disk.

 

Internal Info:

00 23 04 00 0b ba 03 00 cc 61 07 00 00 00 00 00  .#.......a......

97 00 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  ....,...........

a0 02 11 c6 be 00 00 00 70 4b 1e c6 be 00 00 00  ........pK......

 

Windows has finished checking your disk.

Please wait while your computer restarts.

 

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />

    <EventID Qualifiers="16384">1001</EventID>

    <Version>0</Version>

    <Level>4</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x80000000000000</Keywords>

    <TimeCreated SystemTime="2015-08-17T01:26:54.000000000Z" />

    <EventRecordID>1641</EventRecordID>

    <Correlation />

    <Execution ProcessID="0" ThreadID="0" />

    <Channel>Application</Channel>

    <Computer>HelfstDesktop</Computer>

    <Security />

  </System>

  <EventData>

    <Data>

 

Checking file system on C:

The type of the file system is NTFS.

Volume label is Windows8_OS.

 

A disk check has been scheduled.

Windows will now check the disk.                         

 

CHKDSK is verifying files (stage 1 of 5)...

  271104 file records processed.                                         

 

File verification completed.

  3231 large file records processed.                                   

 

  0 bad file records processed.                                     

 

 

CHKDSK is verifying indexes (stage 2 of 5)...

  336332 index entries processed.                                        

 

Index verification completed.

  0 unindexed files scanned.                                        

 

  0 unindexed files recovered.                                      

 

 

CHKDSK is verifying security descriptors (stage 3 of 5)...

Cleaning up 314 unused index entries from index $SII of file 0x9.

Cleaning up 314 unused index entries from index $SDH of file 0x9.

Cleaning up 314 unused security descriptors.

Security descriptor verification completed.

  32615 data files processed.                                           

 

CHKDSK is verifying Usn Journal...

  34935320 USN bytes processed.                                            

 

Usn Journal verification completed.

 

CHKDSK is verifying file data (stage 4 of 5)...

  271088 files processed.                                                

 

File data verification completed.

 

CHKDSK is verifying free space (stage 5 of 5)...

  106307671 free clusters processed.                                        

 

Free space verification is complete.

CHKDSK discovered free space marked as allocated in the volume bitmap.

 

Windows has made corrections to the file system.

No further action is required.

 

 473661439 KB total disk space.

  47893940 KB in 211608 files.

    149348 KB in 32616 indexes.

         0 KB in bad sectors.

    387463 KB in use by the system.

     65536 KB occupied by the log file.

 425230688 KB available on disk.

 

      4096 bytes in each allocation unit.

 118415359 total allocation units on disk.

 106307672 allocation units available on disk.

 

Internal Info:

00 23 04 00 0b ba 03 00 cc 61 07 00 00 00 00 00  .#.......a......

97 00 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  ....,...........

a0 02 11 c6 be 00 00 00 70 4b 1e c6 be 00 00 00  ........pK......

 

Windows has finished checking your disk.

Please wait while your computer restarts.

</Data>

  </EventData>

</Event>

[TwinHeadedEagle]

Very good. How is your PC behaving now?

[RobertHelfst]

Still running slow. Takes close to 10 minutes to log into my account. Weird little disk icon by my cursor is still appearing. I've not yet attempted to run or install MBAM or any other software. 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.

  (XP users click run after receipt of Windows Security Warning - Open File).

• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

[RobertHelfst]

Please see attached. 

Addition.txt

FRST.txt

[TwinHeadedEagle]

It seems there is something bad going on with your hard drive, and it is probably malfunctioned. PC seems clean and some errors are indicating hard drive issue.

[RobertHelfst]

Thank you very much for your help. Guess on the bright side it's the perfect time to upgrade to a SSD! 

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!