Inactive Gateway laptop isn't working

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
I got it into safe mode shortly after posting that actually. heres RougeKiller's results
RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Safe mode
User : Haze [Administrator]
Mode : Delete -- Date : 02/12/2015 09:13:37

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2512060604-3290686341-2400719373-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer13.msn.com -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2512060604-3290686341-2400719373-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer13.msn.com -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LT012-9WS142 +++++
--- User ---
[MBR] 6aad5726a7e3e2379fb3d5681f3cd54a
[BSP] 63cee2c46d5f81553bfb3f5df82421c5 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: hp v165w USB Device +++++
--- User ---
[MBR] 35d0fec862600f0ea65cdd8a999058d1
[BSP] a7d4e6a80c1d9806368da98c9c33294b : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 MB
1 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 MB
2 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 MB
3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): -1409286144 | Size: 27 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
 
Is it okay to download combofix on my good computer then transfer it on a flashdrive because my laptop will freeze in safe mode with networkinig
 
I cannot run combofix, it tells me this apps cannot be run on your computer, check with the publisher for a compatible version, I tried to run RKill then run combofix renamed after and it still says the same thing
 
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
I cant run ADWCleaner because when it reboots the computer it starts up in normal mode and freezes, and when I boot it back up the file is not there
 
Here are my results
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8 x64
Ran by Haze on Wed 02/18/2015 at 10:41:22.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/18/2015 at 10:42:31.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Haze (administrator) on JAKE on 18-02-2015 10:43:33
Running from E:\
Loaded Profiles: Haze (Available profiles: Haze)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gateway MyBackup Tray.lnk
ShortcutTarget: Gateway MyBackup Tray.lnk -> C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe (NTI Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2512060604-3290686341-2400719373-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
HKU\S-1-5-21-2512060604-3290686341-2400719373-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.DLL (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2015-02-06]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-02-16]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\Exts\Chrome.crx [2012-12-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
S3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
S2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-11-20] (ELAN Microelectronics Corp.)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe [143928 2012-06-14] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
S2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-03-23] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2013-03-23] (Broadcom Corporation)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20120615.003\BHDrvx64.sys [1377440 2012-06-11] (Symantec Corporation)
S1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1400000.088\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20120611.002\IDSVia64.sys [509088 2012-06-11] (Symantec Corporation)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [97496 2015-02-12] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-16] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-03-23] (Dritek System Inc.)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1400000.088\SRTSP64.SYS [753312 2012-05-24] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1400000.088\SRTSPX64.SYS [37496 2012-01-11] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1400000.088\SYMDS64.SYS [485024 2012-05-24] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1400000.088\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1400000.088\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-12-27] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1400000.088\Ironx64.SYS [222368 2012-05-24] (Symantec Corporation)
S3 SymNetS; C:\Windows\system32\drivers\NISx64\1400000.088\SYMNETS.SYS [431224 2012-05-09] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [35064 2015-02-16] ()
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20120616.009\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20120616.009\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 10:43 - 2015-02-18 10:43 - 00000000 ____D () C:\FRST
2015-02-18 10:42 - 2015-02-18 10:42 - 00000619 _____ () C:\Users\Haze\Desktop\JRT.txt
2015-02-18 10:38 - 2015-02-18 10:38 - 00000117 _____ () C:\WINDOWS\system32\netcfg-90812.txt
2015-02-18 10:26 - 2015-02-18 10:26 - 00000117 _____ () C:\WINDOWS\system32\netcfg-44625.txt
2015-02-18 10:23 - 2015-02-18 10:25 - 00000000 ____D () C:\AdwCleaner
2015-02-17 09:58 - 2015-02-17 12:56 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Haze\Desktop\rkill.exe
2015-02-17 09:58 - 2015-02-17 10:02 - 00005322 _____ () C:\Users\Haze\Desktop\Rkill.txt
2015-02-17 09:58 - 2015-02-12 12:00 - 15431256 _____ () C:\Users\Haze\Desktop\RogueKiller.exe
2015-02-17 09:58 - 2015-02-12 09:14 - 00002735 _____ () C:\Users\Haze\Desktop\RKreport_DEL_02122015_091337.log
2015-02-16 16:47 - 2015-02-16 16:47 - 00000000 ____D () C:\ProgramData\Wild Tangent
2015-02-16 16:46 - 2015-02-16 16:46 - 00000000 ____D () C:\Users\Haze\AppData\Roaming\WildTangent
2015-02-16 16:13 - 2015-02-16 16:13 - 00000117 _____ () C:\WINDOWS\system32\netcfg-224765.txt
2015-02-16 16:09 - 2015-02-16 16:09 - 00003656 ____N () C:\bootsqm.dat
2015-02-16 16:08 - 2015-02-16 16:08 - 00000000 __SHD () C:\found.000
2015-02-16 16:06 - 2015-02-16 16:06 - 00000117 _____ () C:\WINDOWS\system32\netcfg-349109031.txt
2015-02-16 16:06 - 2015-02-16 16:06 - 00000117 _____ () C:\WINDOWS\system32\netcfg-349108484.txt
2015-02-12 13:26 - 2015-02-12 14:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-12 13:25 - 2015-02-12 14:04 - 00000000 ____D () C:\Users\Haze\Desktop\mbar
2015-02-12 09:10 - 2015-02-16 16:23 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-02-12 09:10 - 2015-02-12 09:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-12 09:04 - 2015-02-12 09:04 - 00000000 ____H () C:\Users\Haze\Documents\Default.rdp
2015-02-09 15:11 - 2015-02-09 15:14 - 00014026 _____ () C:\Users\Haze\Desktop\attach.txt
2015-02-09 15:11 - 2015-02-09 15:14 - 00008565 _____ () C:\Users\Haze\Desktop\dds.txt
2015-02-09 14:30 - 2015-02-16 16:11 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 14:29 - 2015-02-12 13:25 - 00097496 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-09 14:29 - 2015-02-09 14:29 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-09 14:29 - 2015-02-09 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-09 14:29 - 2015-02-09 14:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-09 14:29 - 2015-02-09 14:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-09 14:29 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-09 14:29 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-09 13:59 - 2015-02-09 13:59 - 00000000 ____D () C:\WINDOWS\pss
2015-02-09 10:33 - 2015-02-09 10:33 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-02-09 10:30 - 2015-02-09 10:30 - 00012288 _____ () C:\WINDOWS\system32\umstartup.etl
2015-02-06 15:11 - 2015-02-06 15:11 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2512060604-3290686341-2400719373-1001
2015-02-06 15:07 - 2014-05-14 17:02 - 00059424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-02-06 15:07 - 2014-05-14 14:43 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-02-06 15:07 - 2014-05-14 14:43 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-02-06 15:07 - 2014-05-14 14:43 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-02-06 15:07 - 2014-05-14 14:42 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-02-06 15:07 - 2013-08-15 21:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-02-06 15:07 - 2012-11-05 20:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-02-06 15:07 - 2012-11-05 20:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wushareduxresources.dll
2015-02-06 14:43 - 2015-02-06 15:09 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2015-02-06 14:23 - 2015-02-06 14:23 - 00000000 ____D () C:\Users\Haze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gateway
2015-02-06 14:22 - 2015-02-06 14:22 - 00284512 _____ () C:\WINDOWS\Minidump\020615-21687-01.dmp
2015-02-06 14:18 - 2015-02-06 14:18 - 00000000 ____D () C:\Program Files (x86)\OEM
2015-02-06 14:17 - 2015-02-06 14:17 - 00001967 _____ () C:\Users\Public\Desktop\Netflix.lnk
2015-02-06 14:17 - 2015-02-06 14:17 - 00001742 _____ () C:\Users\Public\Desktop\Buy Online.lnk
2015-02-06 14:17 - 2015-02-06 14:17 - 00001441 _____ () C:\Users\Haze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-06 14:17 - 2015-02-06 14:17 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-02-06 14:17 - 2015-02-06 14:17 - 00000000 ____D () C:\Users\Haze\AppData\Roaming\lm
2015-02-06 14:17 - 2015-02-06 14:17 - 00000000 ____D () C:\Users\Haze\AppData\Roaming\Adobe
2015-02-06 14:17 - 2015-02-06 14:17 - 00000000 ____D () C:\ProgramData\OEM_E471269A730D
2015-02-06 14:17 - 2015-02-06 14:17 - 00000000 ____D () C:\Program Files\Accessory Store
2015-02-06 14:16 - 2015-02-06 14:17 - 00000000 ____D () C:\Users\Haze\AppData\Local\Packages
2015-02-06 14:16 - 2015-02-06 14:16 - 00000000 ____D () C:\Users\Haze\AppData\Local\VirtualStore
2015-02-06 14:15 - 2015-02-12 14:08 - 283270927 _____ () C:\WINDOWS\MEMORY.DMP
2015-02-06 14:15 - 2015-02-06 14:22 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-06 14:15 - 2015-02-06 14:15 - 00284456 _____ () C:\WINDOWS\Minidump\020615-26125-01.dmp
2015-02-06 14:12 - 2015-02-18 10:38 - 01213167 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-06 14:12 - 2015-02-09 10:37 - 00000000 ____D () C:\Users\Haze
2015-02-06 14:12 - 2015-02-06 14:12 - 00000020 ___SH () C:\Users\Haze\ntuser.ini
2015-02-06 14:12 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Haze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-06 14:12 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Haze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-06 14:12 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Haze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-06 14:12 - 2012-07-26 00:13 - 00000000 ____D () C:\Users\Haze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-06 14:11 - 2015-02-06 14:11 - 00000117 _____ () C:\WINDOWS\system32\netcfg-97281.txt
2015-02-06 14:11 - 2015-02-06 14:11 - 00000117 _____ () C:\WINDOWS\system32\netcfg-95484.txt
2015-02-06 14:08 - 2015-02-06 14:08 - 00000117 _____ () C:\WINDOWS\system32\netcfg-43189736.txt
2015-02-06 14:07 - 2015-02-06 14:08 - 00000117 _____ () C:\WINDOWS\system32\netcfg-43189408.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 10:37 - 2012-07-25 23:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 16:46 - 2012-12-27 01:02 - 00002664 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - gateway.lnk
2015-02-16 16:46 - 2012-12-27 01:02 - 00002654 ____N () C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
2015-02-16 16:46 - 2012-12-27 01:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-16 16:46 - 2012-12-27 01:01 - 00000000 ____D () C:\ProgramData\WildTangent
2015-02-16 16:13 - 2012-07-25 21:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-16 16:06 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-12 13:26 - 2012-07-25 23:28 - 00848230 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-12 13:22 - 2012-12-27 00:25 - 00015292 _____ () C:\WINDOWS\PFRO.log
2015-02-09 10:33 - 2012-07-25 23:21 - 00027042 _____ () C:\WINDOWS\setupact.log
2015-02-06 15:09 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-06 14:52 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-02-06 14:24 - 2012-12-27 01:09 - 00000000 ____D () C:\ProgramData\Norton
2015-02-06 14:24 - 2012-07-25 21:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-06 14:17 - 2013-03-23 03:32 - 00000000 ____D () C:\ProgramData\OEM
2015-02-06 14:16 - 2012-07-26 00:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-02-06 14:16 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\WinStore

Some content of TEMP:
====================
C:\Users\Haze\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Haze\AppData\Local\Temp\Quarantine.exe
C:\Users\Haze\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-12-27 00:25

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Haze at 2015-02-18 10:44:09
Running from E:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.96 - Broadcom Corporation)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4427.52 - CyberLink Corp.)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
ETDWare PS/2-X64 11.6.16.003_WHQL (HKLM\...\Elantech) (Version: 11.6.16.003 - ELAN Microelectronic Corp.)
Gateway Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Gateway Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.3001 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Gateway Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Gateway)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Gateway Incorporated)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.0.0.136 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

06-02-2015 14:52:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 21:26 - 2012-07-25 21:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {066947B4-8FBA-4C52-BE21-0AE6D7CFC73C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe [2012-07-05] (Symantec Corporation)
Task: {18FBBC2B-E427-452F-8BF2-58321AFF76CE} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Gateway\Gateway Recovery Management\Notification\Notification.exe [2012-10-08] (Acer Incorporated)
Task: {1E79EB97-6CCD-4960-AA45-AE6415634082} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-12-13] (Acer Incorporated)
Task: {5F641409-9BC8-4B2B-AE9C-06E790D7B2D8} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink)
Task: {76DF8213-75BC-4A44-9427-C6CD1722A560} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\WSCStub.exe [2012-07-24] (Symantec Corporation)
Task: {AA0F398C-788E-4CBC-AA5D-01D1267C630F} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-11-06] ()
Task: {CB3C31F0-AED9-44D9-9437-8C64CF1A1AA3} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {F33A8860-58D2-41A3-B00F-87E746CC701C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe [2012-07-05] (Symantec Corporation)
Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup

==================== Loaded Modules (whitelisted) ==============


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2512060604-3290686341-2400719373-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Gateway01.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2512060604-3290686341-2400719373-500 - Administrator - Disabled)
Guest (S-1-5-21-2512060604-3290686341-2400719373-501 - Limited - Disabled)
Haze (S-1-5-21-2512060604-3290686341-2400719373-1001 - Administrator - Enabled) => C:\Users\Haze

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (02/18/2015 10:44:10 AM) (Source: DCOM) (EventID: 10005) (User: jake)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/18/2015 10:43:34 AM) (Source: DCOM) (EventID: 10005) (User: jake)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/18/2015 10:43:10 AM) (Source: DCOM) (EventID: 10005) (User: jake)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/18/2015 10:43:02 AM) (Source: DCOM) (EventID: 10005) (User: jake)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/18/2015 10:42:56 AM) (Source: DCOM) (EventID: 10005) (User: jake)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/18/2015 10:42:32 AM) (Source: DCOM) (EventID: 10005) (User: jake)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Percentage of memory in use: 14%
Total physical RAM: 3909.27 MB
Available physical RAM: 3344.23 MB
Total Pagefile: 7877.27 MB
Available Pagefile: 7361.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:448.85 GB) (Free:420.13 GB) NTFS
Drive e: () (Removable) (Total:15.23 GB) (Free:15.17 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E6A934C5)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 15.2 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================
 
I apologize for delay. It looks like email notification missed me.

redtarget.gif

Running from E:\
Click to expand...
Please move FRST to proper location (Desktop).

redtarget.gif

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    731 bytes · Views: 2
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by Haze at 2015-02-25 12:56:25 Run:1
Running from C:\Users\Haze\Desktop
Loaded Profiles: Haze (Available profiles: Haze)
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [LManager] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20120616.009\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20120616.009\EX64.SYS [X]
C:\Users\Haze\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Haze\AppData\Local\Temp\Quarantine.exe
C:\Users\Haze\AppData\Local\Temp\sqlite3.dll

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
NAVENG => Service deleted successfully.
NAVEX15 => Service deleted successfully.
C:\Users\Haze\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Haze\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Haze\AppData\Local\Temp\sqlite3.dll => Moved successfully.

==== End of Fixlog 12:56:25 ====
 
Last scans....

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Farbar Service Scanner Version: 17-01-2015
Ran by Haze (administrator) on 26-02-2015 at 09:04:49
Running from "E:\"
Microsoft Windows 8 (X64)
Boot Mode: Minimal
****************************************************************
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
Nsi Service is not running. Checking service configuration:
The start type of Nsi service is OK.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.
nsiproxy Service is not running. Checking service configuration:
The start type of nsiproxy service is OK.
The ImagePath of nsiproxy service is OK.
tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx: "\SystemRoot\system32\DRIVERS\tdx.sys".
afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.

Firewall Disabled Policy:
==================

System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Policy:
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Results of screen317's Security Check version 0.99.97
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Defender
Norton Internet Security
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java 64-bit 8 Update 31
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
and Sophos did not detect any threats, but I installed and updated it in normal mode, then had to switch over to safe mode to run the scan, I don't know if that would make a difference
 
I tried to update and run the scan in normal mode but it kept freezing before it could finish then I would have to reboot my computer and restart
 
Go Start>Run (Start Search in Vista/7), type in:
msconfig
Click OK (hit Enter in Vista/7).

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?
 
You must log in or register to reply here.

Similar threads

F
Problem with laptop. Faulty motherboard?
Replies
5
Views
1K
bazz2004
B
T
System Slow During Certain Events
Replies
6
Views
1K
TheBorgInva
T
Jimmy2x
AMD formally addresses rare driver bug suspected of bricking Windows installations
Replies
19
Views
846
AdamNovagen
AdamNovagen

Latest posts

Back