Jump to content

malware help


Recommended Posts

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Thanks,

 

Kevin

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014

Ran by Jennifer (administrator) on JNEWBIE on 21-03-2014 23:00:59

Running from C:\Users\Jennifer\Downloads

Windows 8.1 Pro (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe

(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe

(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Lenovo, Japan, Ltd.) C:\Program Files (x86)\Lenovo\Tablet Service\LENOVO.TABSVC.exe

(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe

(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE

(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE

(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tpnumlkd.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe

(ReviverSoft LLC) C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe

(Microsoft Corporation) C:\Windows\System32\skydrive.exe

(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe

(Lenovo.) C:\Windows\System32\TpShocks.exe

(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe

(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\x64\avfulsvr.exe

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe

() C:\Program Files (x86)\Integrated Camera\Monitor.exe

(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe

() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [LenovoOptMouseUpdate] - C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited)

HKLM\...\Run: [TpShocks] - C:\WINDOWS\system32\TpShocks.exe [382248 2013-02-12] (Lenovo.)

HKLM\...\Run: [LnvMobHotspotClient] - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [2668024 2013-01-28] (Lenovo)

HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [594936 2013-02-28] (Lenovo Corporation)

HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)

HKLM-x32\...\Run: [iMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)

HKLM-x32\...\Run: [integrated Camera_Monitor] - C:\Program Files (x86)\Integrated Camera\monitor.exe [1841528 2012-08-10] ()

HKLM-x32\...\Run: [intelSBA] - C:\Program Files (x86)\Intel\Intel® Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel® Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60

HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [738032 2013-06-23] (Lenovo)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1638550677-2088146564-2875212767-1001\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [457728 2013-09-29] (Microsoft Corporation)

HKU\S-1-5-21-1638550677-2088146564-2875212767-1001\...\Run: [Google Update] - C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-23] (Google Inc.)

GroupPolicyUsers\S-1-5-21-1638550677-2088146564-2875212767-1002\User: Group Policy restriction detected <======= ATTENTION

GroupPolicyUsers\S-1-5-21-1638550677-2088146564-2875212767-1001\User: Group Policy restriction detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13-comm.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13-comm.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com

SearchScopes: HKLM - DefaultScope {961456DC-A46A-4020-A33A-1685D695D657} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS

SearchScopes: HKLM - {961456DC-A46A-4020-A33A-1685D695D657} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS

SearchScopes: HKLM-x32 - DefaultScope {961456DC-A46A-4020-A33A-1685D695D657} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS

SearchScopes: HKLM-x32 - {961456DC-A46A-4020-A33A-1685D695D657} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS

SearchScopes: HKCU - DefaultScope {961456DC-A46A-4020-A33A-1685D695D657} URL = 

SearchScopes: HKCU - {961456DC-A46A-4020-A33A-1685D695D657} URL = 

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 208.186.46.5 208.186.47.5 8.8.8.8

 

Chrome: 

=======

CHR Extension: (Google Docs) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-24]

CHR Extension: (Google Drive) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-24]

CHR Extension: (YouTube) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-24]

CHR Extension: (Google Search) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-24]

CHR Extension: (Norton Identity Protection) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-11-24]

CHR Extension: (Google Wallet) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]

CHR Extension: (Gmail) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-24]

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2013-12-16]

 

==================== Services (Whitelisted) =================

 

S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [152568 2013-02-28] (Lenovo Corporation)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [960368 2012-12-14] (Broadcom Corporation.)

R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies)

R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2013-06-23] (Lenovo)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-19] (Intel Corporation)

R2 intelsba; C:\Program Files (x86)\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [47368 2012-07-12] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)

R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [1628664 2013-02-06] (Lenovo Group Limited)

R2 LENOVO.TABSVC; C:\Program Files (x86)\Lenovo\Tablet Service\LENOVO.TABSVC.exe [992112 2012-08-23] (Lenovo, Japan, Ltd.)

S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [677880 2013-02-28] (Lenovo Corporation)

R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)

R2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [465912 2013-01-28] (Lenovo)

R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [462840 2013-02-22] ()

S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)

R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)

S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] ()

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2013-06-23] (Broadcom Corporation)

S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)

S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)

R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)

R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)

R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies)

R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies)

S3 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [66288 2013-06-23] (Windows ® Win 7 DDK provider)

S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)

S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)

S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)

R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20131220.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)

R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)

S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-29] (Microsoft Corporation)

S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20131222.006\ENG64.SYS [126040 2013-11-21] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20131222.006\EX64.SYS [2099288 2013-11-21] (Symantec Corporation)

R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)

S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)

S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)

R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.)

R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)

R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)

S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44784 2013-05-09] (Synaptics Incorporated)

R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1063288 2012-07-20] (Sunplus)

S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)

R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)

S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-28] (Microsoft Corporation)

S3 SWIX64; C:\Program Files (x86)\Lenovo\System Update\tvsuhd64.sys [33856 2012-09-12] (Lenovo Group Limited)

R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)

R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)

S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-11-15] (Symantec Corporation)

R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-11-23] (Symantec Corporation)

S3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)

S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-03-21 22:54 - 2014-03-21 22:54 - 00286040 _____ () C:\WINDOWS\Minidump\032114-29687-01.dmp

2014-03-21 22:51 - 2014-03-21 22:52 - 02157056 _____ (Farbar) C:\Users\Jennifer\Downloads\FRST64 (1).exe

2014-03-21 21:24 - 2014-03-21 21:25 - 00038545 _____ () C:\Users\Jennifer\Downloads\Addition.txt

2014-03-21 21:23 - 2014-03-21 23:00 - 00018336 _____ () C:\Users\Jennifer\Downloads\FRST.txt

2014-03-21 21:23 - 2014-03-21 22:53 - 00000000 ____D () C:\FRST

2014-03-21 21:23 - 2014-03-21 22:52 - 02157056 _____ (Farbar) C:\Users\Jennifer\Downloads\FRST64.exe

2014-03-21 21:19 - 2014-03-21 22:55 - 00000000 ___RD () C:\Users\Jennifer\SkyDrive

2014-03-21 21:12 - 2014-03-21 21:19 - 00000000 ___RD () C:\Users\Jennifer\SkyDrive (5).old

2014-03-21 21:11 - 2014-03-21 21:11 - 00262144 _____ () C:\WINDOWS\Minidump\032114-37437-01.dmp

2014-03-20 20:18 - 2014-03-21 21:12 - 00000000 __RDO () C:\Users\Jennifer\SkyDrive (4).old

2014-03-20 20:14 - 2014-03-20 20:14 - 00000000 _____ () C:\Recovery.txt

2014-03-20 20:00 - 2014-03-20 20:00 - 00000000 ____D () C:\$WINDOWS.~BT

2014-03-20 19:34 - 2014-03-20 19:34 - 00286040 _____ () C:\WINDOWS\Minidump\032014-27906-01.dmp

2014-03-20 18:42 - 2014-03-20 18:42 - 00286040 _____ () C:\WINDOWS\Minidump\032014-27218-01.dmp

2014-03-20 18:31 - 2014-03-20 18:32 - 00286040 _____ () C:\WINDOWS\Minidump\032014-29750-01.dmp

2014-03-20 18:18 - 2014-03-20 18:19 - 00286040 _____ () C:\WINDOWS\Minidump\032014-29125-01.dmp

2014-03-19 22:06 - 2014-03-19 22:06 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security

2014-03-19 20:28 - 2014-03-21 22:41 - 00000000 ____D () C:\WINDOWS\pss

2014-03-19 19:22 - 2014-03-19 19:22 - 00286040 _____ () C:\WINDOWS\Minidump\031914-28625-01.dmp

2014-03-19 19:05 - 2014-03-19 19:05 - 00001136 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-03-19 19:05 - 2014-03-19 19:05 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Malwarebytes

2014-03-19 19:05 - 2014-03-19 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-19 18:59 - 2014-03-19 19:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jennifer\Downloads\mbam-setup-1.75.0.1300 (1).exe

2014-03-19 18:55 - 2014-03-19 19:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-03-19 18:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-03-19 18:50 - 2014-03-19 18:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jennifer\Downloads\mbam-setup-1.75.0.1300.exe

2014-03-19 18:34 - 2014-03-20 20:18 - 00000000 __RDO () C:\Users\Jennifer\SkyDrive (3).old

2014-03-19 18:33 - 2014-03-19 18:33 - 00002232 ____N () C:\bootsqm.dat

2014-03-19 18:18 - 2014-03-19 18:18 - 00000000 ___SH () C:\DkHyperbootSync

2014-03-19 16:55 - 2014-03-19 16:55 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Mozilla

2014-03-19 16:51 - 2014-03-19 16:52 - 00286040 _____ () C:\WINDOWS\Minidump\031914-29671-01.dmp

2014-03-18 20:52 - 2014-03-18 20:52 - 00286040 _____ () C:\WINDOWS\Minidump\031814-25546-01.dmp

2014-03-18 20:01 - 2014-03-19 18:34 - 00000000 __RDO () C:\Users\Jennifer\SkyDrive (2).old

2014-03-18 20:00 - 2014-03-18 20:00 - 00286040 _____ () C:\WINDOWS\Minidump\031814-25859-01.dmp

2014-03-18 19:48 - 2014-03-18 19:48 - 00286040 _____ () C:\WINDOWS\Minidump\031814-32984-01.dmp

2014-03-18 19:09 - 2014-03-18 19:09 - 00286040 _____ () C:\WINDOWS\Minidump\031814-18265-01.dmp

2014-03-18 18:32 - 2014-03-18 18:32 - 00286040 _____ () C:\WINDOWS\Minidump\031814-19171-01.dmp

2014-03-18 18:17 - 2014-03-21 22:54 - 912646764 _____ () C:\WINDOWS\MEMORY.DMP

2014-03-18 18:17 - 2014-03-21 22:54 - 00000000 ____D () C:\WINDOWS\Minidump

2014-03-18 18:17 - 2014-03-18 18:17 - 00286040 _____ () C:\WINDOWS\Minidump\031814-28468-01.dmp

2014-03-16 13:41 - 2014-03-16 13:41 - 00000019 _____ () C:\Users\Jennifer\Downloads\text_0 (1).txt

2014-03-13 16:21 - 2013-10-30 17:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys

2014-03-13 16:21 - 2013-10-30 17:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys

2014-03-13 16:21 - 2013-10-30 17:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys

2014-03-12 18:18 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-03-12 18:18 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-03-12 18:18 - 2013-12-20 03:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2014-03-12 18:18 - 2013-12-20 03:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2014-03-12 18:17 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-03-12 18:17 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-03-12 18:17 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-03-12 18:17 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-03-12 18:17 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-03-12 18:17 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-03-12 18:17 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-03-12 18:17 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-03-12 18:17 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-03-12 18:17 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-03-12 18:17 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-03-12 18:17 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-03-12 18:17 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-03-12 18:17 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-03-12 18:17 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-03-12 18:17 - 2014-02-10 20:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2014-03-12 18:17 - 2014-02-10 19:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll

2014-03-12 18:17 - 2014-02-10 19:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll

2014-03-12 18:17 - 2014-01-31 09:15 - 00311640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys

2014-03-12 18:17 - 2014-01-31 09:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2014-03-12 18:17 - 2014-01-31 09:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2014-03-12 18:17 - 2014-01-31 06:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2014-03-12 18:17 - 2014-01-31 02:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll

2014-03-12 18:17 - 2014-01-29 02:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll

2014-03-12 18:17 - 2014-01-29 01:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe

2014-03-12 18:17 - 2014-01-29 01:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

2014-03-12 18:17 - 2014-01-29 01:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll

2014-03-12 18:17 - 2014-01-29 01:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2014-03-12 18:17 - 2014-01-29 00:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll

2014-03-12 18:17 - 2014-01-29 00:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe

2014-03-12 18:17 - 2014-01-29 00:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

2014-03-12 18:17 - 2014-01-28 23:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll

2014-03-12 18:17 - 2014-01-28 17:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll

2014-03-12 18:17 - 2014-01-27 12:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll

2014-03-12 18:17 - 2014-01-27 12:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll

2014-03-12 18:17 - 2014-01-27 12:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE

2014-03-12 18:17 - 2014-01-27 11:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll

2014-03-12 18:17 - 2014-01-27 11:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll

2014-03-12 18:17 - 2014-01-27 11:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll

2014-03-12 18:17 - 2014-01-27 11:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE

2014-03-12 18:17 - 2014-01-27 11:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll

2014-03-12 18:17 - 2014-01-27 10:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll

2014-03-12 18:17 - 2014-01-27 10:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll

2014-03-12 18:17 - 2014-01-27 10:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll

2014-03-12 18:17 - 2014-01-27 08:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2014-03-12 18:17 - 2014-01-27 08:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2014-03-12 18:17 - 2014-01-27 04:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml

2014-03-12 18:17 - 2014-01-17 16:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2014-03-12 18:17 - 2014-01-17 14:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll

2014-03-12 18:17 - 2013-12-21 07:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe

2014-03-12 18:17 - 2013-12-21 01:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll

2014-03-11 18:18 - 2014-03-11 18:18 - 00000019 _____ () C:\Users\Jennifer\Downloads\text_0.txt

 

==================== One Month Modified Files and Folders =======

 

2014-03-21 23:01 - 2014-03-21 21:23 - 00018336 _____ () C:\Users\Jennifer\Downloads\FRST.txt

2014-03-21 23:00 - 2014-03-21 21:23 - 00000000 ____D () C:\FRST

2014-03-21 23:00 - 2013-11-28 23:22 - 02030479 _____ () C:\WINDOWS\WindowsUpdate.log

2014-03-21 23:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-03-21 22:59 - 2013-09-29 21:04 - 00005448 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-03-21 22:58 - 2013-11-24 22:13 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\CrashDumps

2014-03-21 22:57 - 2013-11-22 19:54 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Nitro PDF

2014-03-21 22:55 - 2014-03-21 21:19 - 00000000 ___RD () C:\Users\Jennifer\SkyDrive

2014-03-21 22:55 - 2013-11-28 23:22 - 00000000 ____D () C:\Users\Jennifer

2014-03-21 22:55 - 2013-11-24 09:06 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-21 22:55 - 2013-11-22 20:07 - 00000320 _____ () C:\WINDOWS\Tasks\Start Registry Reviver for jnewbie@Jennifer(logon).job

2014-03-21 22:54 - 2014-03-21 22:54 - 00286040 _____ () C:\WINDOWS\Minidump\032114-29687-01.dmp

2014-03-21 22:54 - 2014-03-18 18:17 - 912646764 _____ () C:\WINDOWS\MEMORY.DMP

2014-03-21 22:54 - 2014-03-18 18:17 - 00000000 ____D () C:\WINDOWS\Minidump

2014-03-21 22:54 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-03-21 22:52 - 2014-03-21 22:51 - 02157056 _____ (Farbar) C:\Users\Jennifer\Downloads\FRST64 (1).exe

2014-03-21 22:52 - 2014-03-21 21:23 - 02157056 _____ (Farbar) C:\Users\Jennifer\Downloads\FRST64.exe

2014-03-21 22:49 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-03-21 22:42 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2014-03-21 22:41 - 2014-03-19 20:28 - 00000000 ____D () C:\WINDOWS\pss

2014-03-21 21:25 - 2014-03-21 21:24 - 00038545 _____ () C:\Users\Jennifer\Downloads\Addition.txt

2014-03-21 21:19 - 2014-03-21 21:12 - 00000000 ___RD () C:\Users\Jennifer\SkyDrive (5).old

2014-03-21 21:12 - 2014-03-20 20:18 - 00000000 __RDO () C:\Users\Jennifer\SkyDrive (4).old

2014-03-21 21:11 - 2014-03-21 21:11 - 00262144 _____ () C:\WINDOWS\Minidump\032114-37437-01.dmp

2014-03-21 21:04 - 2013-12-23 19:49 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1638550677-2088146564-2875212767-1001UA.job

2014-03-20 20:18 - 2014-03-19 18:34 - 00000000 __RDO () C:\Users\Jennifer\SkyDrive (3).old

2014-03-20 20:14 - 2014-03-20 20:14 - 00000000 _____ () C:\Recovery.txt

2014-03-20 20:00 - 2014-03-20 20:00 - 00000000 ____D () C:\$WINDOWS.~BT

2014-03-20 19:34 - 2014-03-20 19:34 - 00286040 _____ () C:\WINDOWS\Minidump\032014-27906-01.dmp

2014-03-20 19:26 - 2013-11-24 09:06 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-20 18:42 - 2014-03-20 18:42 - 00286040 _____ () C:\WINDOWS\Minidump\032014-27218-01.dmp

2014-03-20 18:32 - 2014-03-20 18:31 - 00286040 _____ () C:\WINDOWS\Minidump\032014-29750-01.dmp

2014-03-20 18:19 - 2014-03-20 18:18 - 00286040 _____ () C:\WINDOWS\Minidump\032014-29125-01.dmp

2014-03-20 18:08 - 2013-09-29 20:55 - 00032646 _____ () C:\WINDOWS\PFRO.log

2014-03-19 22:24 - 2012-07-26 01:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP

2014-03-19 22:06 - 2014-03-19 22:06 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security

2014-03-19 20:11 - 2013-06-23 18:13 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration

2014-03-19 19:22 - 2014-03-19 19:22 - 00286040 _____ () C:\WINDOWS\Minidump\031914-28625-01.dmp

2014-03-19 19:11 - 2013-11-22 20:02 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1638550677-2088146564-2875212767-1001

2014-03-19 19:05 - 2014-03-19 19:05 - 00001136 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-03-19 19:05 - 2014-03-19 19:05 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Malwarebytes

2014-03-19 19:05 - 2014-03-19 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-19 19:05 - 2014-03-19 18:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-03-19 19:00 - 2014-03-19 18:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jennifer\Downloads\mbam-setup-1.75.0.1300 (1).exe

2014-03-19 18:50 - 2014-03-19 18:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jennifer\Downloads\mbam-setup-1.75.0.1300.exe

2014-03-19 18:34 - 2014-03-18 20:01 - 00000000 __RDO () C:\Users\Jennifer\SkyDrive (2).old

2014-03-19 18:33 - 2014-03-19 18:33 - 00002232 ____N () C:\bootsqm.dat

2014-03-19 18:18 - 2014-03-19 18:18 - 00000000 ___SH () C:\DkHyperbootSync

2014-03-19 17:51 - 2013-08-22 07:46 - 00338908 _____ () C:\WINDOWS\setupact.log

2014-03-19 16:55 - 2014-03-19 16:55 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Mozilla

2014-03-19 16:52 - 2014-03-19 16:51 - 00286040 _____ () C:\WINDOWS\Minidump\031914-29671-01.dmp

2014-03-18 20:52 - 2014-03-18 20:52 - 00286040 _____ () C:\WINDOWS\Minidump\031814-25546-01.dmp

2014-03-18 20:01 - 2013-11-29 08:22 - 00000000 __RDO () C:\Users\Jennifer\SkyDrive.old

2014-03-18 20:00 - 2014-03-18 20:00 - 00286040 _____ () C:\WINDOWS\Minidump\031814-25859-01.dmp

2014-03-18 19:51 - 2013-11-22 19:54 - 00000466 _____ () C:\Users\Jennifer\AppData\Local\RegisteredPackageInformation.xml

2014-03-18 19:48 - 2014-03-18 19:48 - 00286040 _____ () C:\WINDOWS\Minidump\031814-32984-01.dmp

2014-03-18 19:09 - 2014-03-18 19:09 - 00286040 _____ () C:\WINDOWS\Minidump\031814-18265-01.dmp

2014-03-18 18:32 - 2014-03-18 18:32 - 00286040 _____ () C:\WINDOWS\Minidump\031814-19171-01.dmp

2014-03-18 18:25 - 2013-11-28 23:22 - 00000000 ____D () C:\Users\boys

2014-03-18 18:22 - 2013-08-22 07:44 - 00474080 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-03-18 18:17 - 2014-03-18 18:17 - 00286040 _____ () C:\WINDOWS\Minidump\031814-28468-01.dmp

2014-03-18 18:17 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-03-18 18:17 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-03-18 18:17 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender

2014-03-18 18:17 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-03-16 16:01 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

2014-03-16 15:58 - 2013-12-26 19:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-16 15:58 - 2013-12-26 19:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-03-16 15:57 - 2013-11-28 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-03-16 15:24 - 2013-11-28 18:48 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1638550677-2088146564-2875212767-1002

2014-03-16 13:41 - 2014-03-16 13:41 - 00000019 _____ () C:\Users\Jennifer\Downloads\text_0 (1).txt

2014-03-16 12:04 - 2013-12-23 19:49 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1638550677-2088146564-2875212767-1001Core.job

2014-03-12 08:12 - 2013-11-28 18:29 - 00000193 _____ () C:\Users\boys\AppData\Local\RegisteredPackageInformation.xml

2014-03-11 18:18 - 2014-03-11 18:18 - 00000019 _____ () C:\Users\Jennifer\Downloads\text_0.txt

2014-03-10 22:32 - 2014-01-04 11:53 - 00028966 _____ () C:\Users\Jennifer\Documents\smile chart_paxton.xlsx

2014-03-10 22:23 - 2013-11-22 19:53 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Packages

2014-03-10 22:20 - 2013-08-22 08:36 - 00000000 __RSD () C:\WINDOWS\Media

2014-03-06 22:33 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports

2014-03-04 15:53 - 2013-08-22 08:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-03-04 15:53 - 2013-08-22 08:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-03-02 16:53 - 2013-11-28 18:31 - 00000000 ___RD () C:\Users\boys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-03-02 16:53 - 2013-11-28 18:31 - 00000000 ___RD () C:\Users\boys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-02-28 23:05 - 2014-03-12 18:18 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-02-28 21:58 - 2014-03-12 18:17 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-02-28 21:30 - 2014-03-12 18:18 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-02-28 21:17 - 2014-03-12 18:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-02-28 20:54 - 2014-03-12 18:17 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-02-28 20:47 - 2014-03-12 18:17 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-02-28 20:42 - 2014-03-12 18:17 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-02-28 20:18 - 2014-03-12 18:17 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-02-28 20:14 - 2014-03-12 18:17 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-02-28 20:10 - 2014-03-12 18:17 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-02-28 20:03 - 2014-03-12 18:17 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-02-28 19:57 - 2014-03-12 18:17 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-02-28 19:38 - 2014-03-12 18:17 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-02-28 19:32 - 2014-03-12 18:17 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-02-28 19:27 - 2014-03-12 18:17 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-02-28 19:25 - 2014-03-12 18:17 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-02-28 19:25 - 2014-03-12 18:17 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-02-23 10:20 - 2013-11-22 20:06 - 00000000 ____D () C:\ldiag

2014-02-22 18:23 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-02-22 14:22 - 2013-11-22 19:56 - 00000000 ___RD () C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-02-22 14:22 - 2013-11-22 19:56 - 00000000 ___RD () C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-02-22 14:19 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-02-22 14:19 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\MediaViewer

2014-02-22 14:19 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\FileManager

2014-02-22 14:19 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Camera

2014-02-22 14:19 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism

2014-02-22 14:19 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\Dism

2014-02-20 19:59 - 2013-06-23 18:07 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo

2014-02-20 19:59 - 2013-06-23 17:53 - 00000000 ____D () C:\Program Files\Lenovo

 

Files to move or delete:

====================

C:\ProgramData\RegistryReviver.exe

 

 

Some content of TEMP:

====================

C:\Users\Jennifer\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exe

C:\Users\Jennifer\AppData\Local\Temp\nitro_pro8_x64(1).exe

C:\Users\Jennifer\AppData\Local\Temp\nitro_pro8_x64.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys

[2014-03-12 18:17] - [2014-01-31 09:15] - 0311640 ____A (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02

 

 

 

LastRegBack: 2014-03-18 19:28

 

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log..

 

Post those logs to your next reply, let me know if any remaining issues or concerns.. One other point, there is an error showing in your logs:

 

 

System errors:
=============
Error: (03/21/2014 09:24:51 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

That will have to checked when your system is clean..

 

Kevin

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014

Ran by Jennifer at 2014-03-22 08:29:42 Run:1

Running from C:\Users\Jennifer\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

GroupPolicyUsers\S-1-5-21-1638550677-2088146564-2875212767-1002\User: Group Policy restriction detected <======= ATTENTION

GroupPolicyUsers\S-1-5-21-1638550677-2088146564-2875212767-1001\User: Group Policy restriction detected <======= ATTENTION

C:\ProgramData\RegistryReviver.exe

C:\Users\Jennifer\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exe

C:\Users\Jennifer\AppData\Local\Temp\nitro_pro8_x64(1).exe

C:\Users\Jennifer\AppData\Local\Temp\nitro_pro8_x64.exe

AlternateDataStreams: C:\Windows:nlsPreferences

AlternateDataStreams: C:\Users\Jennifer\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\Jennifer\SkyDrive (2).old:ms-properties

AlternateDataStreams: C:\Users\Jennifer\SkyDrive (3).old:ms-properties

AlternateDataStreams: C:\Users\Jennifer\SkyDrive (4).old:ms-properties

AlternateDataStreams: C:\Users\Jennifer\SkyDrive (5).old:ms-properties

AlternateDataStreams: C:\Users\Jennifer\SkyDrive.old:ms-properties

End

*****************

 

C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1638550677-2088146564-2875212767-1002\User => Moved successfully.

C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1638550677-2088146564-2875212767-1001\User => Moved successfully.

C:\ProgramData\RegistryReviver.exe => Moved successfully.

C:\Users\Jennifer\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exe => Moved successfully.

C:\Users\Jennifer\AppData\Local\Temp\nitro_pro8_x64(1).exe => Moved successfully.

C:\Users\Jennifer\AppData\Local\Temp\nitro_pro8_x64.exe => Moved successfully.

C:\Windows => ":nlsPreferences" ADS removed successfully.

"C:\Users\Jennifer\SkyDrive" => ":ms-properties" ADS not found.

"C:\Users\Jennifer\SkyDrive (2).old" => ":ms-properties" ADS not found.

"C:\Users\Jennifer\SkyDrive (3).old" => ":ms-properties" ADS not found.

"C:\Users\Jennifer\SkyDrive (4).old" => ":ms-properties" ADS not found.

"C:\Users\Jennifer\SkyDrive (5).old" => ":ms-properties" ADS not found.

"C:\Users\Jennifer\SkyDrive.old" => ":ms-properties" ADS not found.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====
Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.03.22.07

 

Windows 8 x64 NTFS

Internet Explorer 11.0.9600.16521

Jennifer :: JNEWBIE [administrator]

 

Protection: Enabled

 

3/22/2014 10:21:18 AM

mbam-log-2014-03-22 (10-21-18).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 261243

Time elapsed: 4 minute(s), 21 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

copy and paste the report in next reply

 

Post ESET log, also let me know if there are any remaining issues or concerns....

 

Kevin

Link to post
Share on other sites

I tried to run the ESET online scanner. 

 

The computer froze, then this appeared.

 

LegacyFeatures.exe

configuration parser error  0xC00CE505

error parsing

c:\\windows\microsoft.net\frameworkv4.0.30329\config\machine.config

 

it restarted and while i tried to start ESET again, this happened:

Your PC ran into a problem and needs to restart. We just collecting some error info, and then we'll restart you. --it's been doing this since the problem started. Today it had an additional  loud buzzing sound

 

restarted, then this before i could get Explorer opened:

wermgr.exe--application Error

The instruction at 0x676cfa5c referenced memory at 0x676a272c The memory couldn not be written. Click OK to terminate the program.

Click ok to terminate the program.

 

restarted and then this:

The instruction at 0x73fa29f5  referenced memory at 0x71b8c8ec. The memory couldn't be read.

Click ok to termitate the program.

 

Your PC ran into a problem and needs to restart. We just collecting some error info, and then we'll restart you. --it's been doing this since the problem started.

Link to post
Share on other sites

When i started teh computer this morning, it had a screen open "Automatic Repair  Windows coudln't load correctly  System Restore can try to restore your PC to an earlier point in the time when it worked correctly. This rpair will not change personal data, but it might remove some apps that were installed recently. You cannot undo this process.  

 

Should I System Restore? 

Link to post
Share on other sites

system restore did not successfully complete. c:\ might be corrupt. 

 

startup repair couldn't repair PC

 

Error Checking after doing CHKDSK  windows found error on this drive that need to be repaired. Close this dialog box and then repair the drive.  There was no option to fix the c:\

 

I was trying to do a complete restore -- the other repairs and keeping my documents wasn't working.  and it deleted my profile.   it's in Safe Mode. The other profile is for my kids... the computer won't let me open their profile since it's in Safe Mode.

Link to post
Share on other sites

 

System errors:

=============

Error: (03/21/2014 09:24:51 PM) (Source: disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

 

It is a strong possibility the HD is corrupt, if that proves to be the case maybe we can use a Live CD such as Ubuntu to save any important data from the corrupt HD.  The best way forward is to try "Refresh" see if that helps. As you are running Windows 8.1 go to the following link, expand and use "Refreshing your PC without affecting your files"

 

http://windows.microsoft.com/en-gb/windows-8/restore-refresh-reset-pc

 

Let me know if that helps,

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.