leehaze Posted March 21, 2014 ID:805890 Share Posted March 21, 2014 Chrome wasn't working, then computer shut itself down with a screen that said it was collecting data and would restart when it was done. I tried using Malware and removing in Safe Mode, but when I returned to regular mode same problems occur. Advice? Link to post Share on other sites More sharing options...
kevinf80 Posted March 21, 2014 ID:805906 Share Posted March 21, 2014 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Thanks, Kevin Link to post Share on other sites More sharing options...
leehaze Posted March 22, 2014 Author ID:806263 Share Posted March 22, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014Ran by Jennifer (administrator) on JNEWBIE on 21-03-2014 23:00:59Running from C:\Users\Jennifer\DownloadsWindows 8.1 Pro (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Lenovo, Japan, Ltd.) C:\Program Files (x86)\Lenovo\Tablet Service\LENOVO.TABSVC.exe(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tpnumlkd.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe(ReviverSoft LLC) C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe(Microsoft Corporation) C:\Windows\System32\skydrive.exe(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe(Lenovo.) C:\Windows\System32\TpShocks.exe(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\x64\avfulsvr.exe(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe() C:\Program Files (x86)\Integrated Camera\Monitor.exe(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [LenovoOptMouseUpdate] - C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited)HKLM\...\Run: [TpShocks] - C:\WINDOWS\system32\TpShocks.exe [382248 2013-02-12] (Lenovo.)HKLM\...\Run: [LnvMobHotspotClient] - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [2668024 2013-01-28] (Lenovo)HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [594936 2013-02-28] (Lenovo Corporation)HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)HKLM-x32\...\Run: [iMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)HKLM-x32\...\Run: [integrated Camera_Monitor] - C:\Program Files (x86)\Integrated Camera\monitor.exe [1841528 2012-08-10] ()HKLM-x32\...\Run: [intelSBA] - C:\Program Files (x86)\Intel\Intel® Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel® Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [738032 2013-06-23] (Lenovo)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1638550677-2088146564-2875212767-1001\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [457728 2013-09-29] (Microsoft Corporation)HKU\S-1-5-21-1638550677-2088146564-2875212767-1001\...\Run: [Google Update] - C:\Users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-23] (Google Inc.)GroupPolicyUsers\S-1-5-21-1638550677-2088146564-2875212767-1002\User: Group Policy restriction detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-1638550677-2088146564-2875212767-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13-comm.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13-comm.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.comHKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.comSearchScopes: HKLM - DefaultScope {961456DC-A46A-4020-A33A-1685D695D657} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJSSearchScopes: HKLM - {961456DC-A46A-4020-A33A-1685D695D657} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJSSearchScopes: HKLM-x32 - DefaultScope {961456DC-A46A-4020-A33A-1685D695D657} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJSSearchScopes: HKLM-x32 - {961456DC-A46A-4020-A33A-1685D695D657} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJSSearchScopes: HKCU - DefaultScope {961456DC-A46A-4020-A33A-1685D695D657} URL = SearchScopes: HKCU - {961456DC-A46A-4020-A33A-1685D695D657} URL = BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 208.186.46.5 208.186.47.5 8.8.8.8 Chrome: =======CHR Extension: (Google Docs) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-24]CHR Extension: (Google Drive) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-24]CHR Extension: (YouTube) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-24]CHR Extension: (Google Search) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-24]CHR Extension: (Norton Identity Protection) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-11-24]CHR Extension: (Google Wallet) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]CHR Extension: (Gmail) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-24]CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2013-12-16] ==================== Services (Whitelisted) ================= S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [152568 2013-02-28] (Lenovo Corporation)S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [960368 2012-12-14] (Broadcom Corporation.)R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies)R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2013-06-23] (Lenovo)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-19] (Intel Corporation)R2 intelsba; C:\Program Files (x86)\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [47368 2012-07-12] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [1628664 2013-02-06] (Lenovo Group Limited)R2 LENOVO.TABSVC; C:\Program Files (x86)\Lenovo\Tablet Service\LENOVO.TABSVC.exe [992112 2012-08-23] (Lenovo, Japan, Ltd.)S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [677880 2013-02-28] (Lenovo Corporation)R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)R2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [465912 2013-01-28] (Lenovo)R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [462840 2013-02-22] ()S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] ()S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2013-06-23] (Broadcom Corporation)S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies)R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies)S3 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [66288 2013-06-23] (Windows ® Win 7 DDK provider)S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20131220.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-29] (Microsoft Corporation)S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20131222.006\ENG64.SYS [126040 2013-11-21] (Symantec Corporation)S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20131222.006\EX64.SYS [2099288 2013-11-21] (Symantec Corporation)R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.)R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44784 2013-05-09] (Synaptics Incorporated)R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1063288 2012-07-20] (Sunplus)S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-28] (Microsoft Corporation)S3 SWIX64; C:\Program Files (x86)\Lenovo\System Update\tvsuhd64.sys [33856 2012-09-12] (Lenovo Group Limited)R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-11-15] (Symantec Corporation)R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-11-23] (Symantec Corporation)S3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-21 22:54 - 2014-03-21 22:54 - 00286040 _____ () C:\WINDOWS\Minidump\032114-29687-01.dmp2014-03-21 22:51 - 2014-03-21 22:52 - 02157056 _____ (Farbar) C:\Users\Jennifer\Downloads\FRST64 (1).exe2014-03-21 21:24 - 2014-03-21 21:25 - 00038545 _____ () C:\Users\Jennifer\Downloads\Addition.txt2014-03-21 21:23 - 2014-03-21 23:00 - 00018336 _____ () C:\Users\Jennifer\Downloads\FRST.txt2014-03-21 21:23 - 2014-03-21 22:53 - 00000000 ____D () C:\FRST2014-03-21 21:23 - 2014-03-21 22:52 - 02157056 _____ (Farbar) C:\Users\Jennifer\Downloads\FRST64.exe2014-03-21 21:19 - 2014-03-21 22:55 - 00000000 ___RD () C:\Users\Jennifer\SkyDrive2014-03-21 21:12 - 2014-03-21 21:19 - 00000000 ___RD () C:\Users\Jennifer\SkyDrive (5).old2014-03-21 21:11 - 2014-03-21 21:11 - 00262144 _____ () C:\WINDOWS\Minidump\032114-37437-01.dmp2014-03-20 20:18 - 2014-03-21 21:12 - 00000000 __RDO () C:\Users\Jennifer\SkyDrive (4).old2014-03-20 20:14 - 2014-03-20 20:14 - 00000000 _____ () C:\Recovery.txt2014-03-20 20:00 - 2014-03-20 20:00 - 00000000 ____D () C:\$WINDOWS.~BT2014-03-20 19:34 - 2014-03-20 19:34 - 00286040 _____ () C:\WINDOWS\Minidump\032014-27906-01.dmp2014-03-20 18:42 - 2014-03-20 18:42 - 00286040 _____ () C:\WINDOWS\Minidump\032014-27218-01.dmp2014-03-20 18:31 - 2014-03-20 18:32 - 00286040 _____ () C:\WINDOWS\Minidump\032014-29750-01.dmp2014-03-20 18:18 - 2014-03-20 18:19 - 00286040 _____ () C:\WINDOWS\Minidump\032014-29125-01.dmp2014-03-19 22:06 - 2014-03-19 22:06 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security2014-03-19 20:28 - 2014-03-21 22:41 - 00000000 ____D () C:\WINDOWS\pss2014-03-19 19:22 - 2014-03-19 19:22 - 00286040 _____ () C:\WINDOWS\Minidump\031914-28625-01.dmp2014-03-19 19:05 - 2014-03-19 19:05 - 00001136 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-03-19 19:05 - 2014-03-19 19:05 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Malwarebytes2014-03-19 19:05 - 2014-03-19 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-03-19 18:59 - 2014-03-19 19:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jennifer\Downloads\mbam-setup-1.75.0.1300 (1).exe2014-03-19 18:55 - 2014-03-19 19:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-03-19 18:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-03-19 18:50 - 2014-03-19 18:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jennifer\Downloads\mbam-setup-1.75.0.1300.exe2014-03-19 18:34 - 2014-03-20 20:18 - 00000000 __RDO () C:\Users\Jennifer\SkyDrive (3).old2014-03-19 18:33 - 2014-03-19 18:33 - 00002232 ____N () C:\bootsqm.dat2014-03-19 18:18 - 2014-03-19 18:18 - 00000000 ___SH () C:\DkHyperbootSync2014-03-19 16:55 - 2014-03-19 16:55 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Mozilla2014-03-19 16:51 - 2014-03-19 16:52 - 00286040 _____ () C:\WINDOWS\Minidump\031914-29671-01.dmp2014-03-18 20:52 - 2014-03-18 20:52 - 00286040 _____ () C:\WINDOWS\Minidump\031814-25546-01.dmp2014-03-18 20:01 - 2014-03-19 18:34 - 00000000 __RDO () C:\Users\Jennifer\SkyDrive (2).old2014-03-18 20:00 - 2014-03-18 20:00 - 00286040 _____ () C:\WINDOWS\Minidump\031814-25859-01.dmp2014-03-18 19:48 - 2014-03-18 19:48 - 00286040 _____ () C:\WINDOWS\Minidump\031814-32984-01.dmp2014-03-18 19:09 - 2014-03-18 19:09 - 00286040 _____ () C:\WINDOWS\Minidump\031814-18265-01.dmp2014-03-18 18:32 - 2014-03-18 18:32 - 00286040 _____ () C:\WINDOWS\Minidump\031814-19171-01.dmp2014-03-18 18:17 - 2014-03-21 22:54 - 912646764 _____ () C:\WINDOWS\MEMORY.DMP2014-03-18 18:17 - 2014-03-21 22:54 - 00000000 ____D () C:\WINDOWS\Minidump2014-03-18 18:17 - 2014-03-18 18:17 - 00286040 _____ () C:\WINDOWS\Minidump\031814-28468-01.dmp2014-03-16 13:41 - 2014-03-16 13:41 - 00000019 _____ () C:\Users\Jennifer\Downloads\text_0 (1).txt2014-03-13 16:21 - 2013-10-30 17:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys2014-03-13 16:21 - 2013-10-30 17:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys2014-03-13 16:21 - 2013-10-30 17:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys2014-03-12 18:18 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-03-12 18:18 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-03-12 18:18 - 2013-12-20 03:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2014-03-12 18:18 - 2013-12-20 03:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2014-03-12 18:17 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-03-12 18:17 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-03-12 18:17 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-03-12 18:17 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-03-12 18:17 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-03-12 18:17 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-03-12 18:17 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-03-12 18:17 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-03-12 18:17 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-03-12 18:17 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-03-12 18:17 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-03-12 18:17 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-03-12 18:17 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-03-12 18:17 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-03-12 18:17 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-03-12 18:17 - 2014-02-10 20:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2014-03-12 18:17 - 2014-02-10 19:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll2014-03-12 18:17 - 2014-02-10 19:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll2014-03-12 18:17 - 2014-01-31 09:15 - 00311640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys2014-03-12 18:17 - 2014-01-31 09:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll2014-03-12 18:17 - 2014-01-31 09:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll2014-03-12 18:17 - 2014-01-31 06:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll2014-03-12 18:17 - 2014-01-31 02:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll2014-03-12 18:17 - 2014-01-29 02:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll2014-03-12 18:17 - 2014-01-29 01:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe2014-03-12 18:17 - 2014-01-29 01:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll2014-03-12 18:17 - 2014-01-29 01:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll2014-03-12 18:17 - 2014-01-29 01:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys2014-03-12 18:17 - 2014-01-29 00:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll2014-03-12 18:17 - 2014-01-29 00:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe2014-03-12 18:17 - 2014-01-29 00:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll2014-03-12 18:17 - 2014-01-28 23:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll2014-03-12 18:17 - 2014-01-28 17:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll2014-03-12 18:17 - 2014-01-27 12:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll2014-03-12 18:17 - 2014-01-27 12:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll2014-03-12 18:17 - 2014-01-27 12:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE2014-03-12 18:17 - 2014-01-27 11:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll2014-03-12 18:17 - 2014-01-27 11:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll2014-03-12 18:17 - 2014-01-27 11:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll2014-03-12 18:17 - 2014-01-27 11:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE2014-03-12 18:17 - 2014-01-27 11:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll2014-03-12 18:17 - 2014-01-27 10:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll2014-03-12 18:17 - 2014-01-27 10:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll2014-03-12 18:17 - 2014-01-27 10:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll2014-03-12 18:17 - 2014-01-27 08:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll2014-03-12 18:17 - 2014-01-27 08:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll2014-03-12 18:17 - 2014-01-27 04:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml2014-03-12 18:17 - 2014-01-17 16:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll2014-03-12 18:17 - 2014-01-17 14:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll2014-03-12 18:17 - 2013-12-21 07:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe2014-03-12 18:17 - 2013-12-21 01:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll2014-03-11 18:18 - 2014-03-11 18:18 - 00000019 _____ () C:\Users\Jennifer\Downloads\text_0.txt ==================== One Month Modified Files and Folders ======= 2014-03-21 23:01 - 2014-03-21 21:23 - 00018336 _____ () C:\Users\Jennifer\Downloads\FRST.txt2014-03-21 23:00 - 2014-03-21 21:23 - 00000000 ____D () C:\FRST2014-03-21 23:00 - 2013-11-28 23:22 - 02030479 _____ () C:\WINDOWS\WindowsUpdate.log2014-03-21 23:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-03-21 22:59 - 2013-09-29 21:04 - 00005448 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-03-21 22:58 - 2013-11-24 22:13 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\CrashDumps2014-03-21 22:57 - 2013-11-22 19:54 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Nitro PDF2014-03-21 22:55 - 2014-03-21 21:19 - 00000000 ___RD () C:\Users\Jennifer\SkyDrive2014-03-21 22:55 - 2013-11-28 23:22 - 00000000 ____D () C:\Users\Jennifer2014-03-21 22:55 - 2013-11-24 09:06 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-03-21 22:55 - 2013-11-22 20:07 - 00000320 _____ () C:\WINDOWS\Tasks\Start Registry Reviver for jnewbie@Jennifer(logon).job2014-03-21 22:54 - 2014-03-21 22:54 - 00286040 _____ () C:\WINDOWS\Minidump\032114-29687-01.dmp2014-03-21 22:54 - 2014-03-18 18:17 - 912646764 _____ () C:\WINDOWS\MEMORY.DMP2014-03-21 22:54 - 2014-03-18 18:17 - 00000000 ____D () C:\WINDOWS\Minidump2014-03-21 22:54 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-03-21 22:52 - 2014-03-21 22:51 - 02157056 _____ (Farbar) C:\Users\Jennifer\Downloads\FRST64 (1).exe2014-03-21 22:52 - 2014-03-21 21:23 - 02157056 _____ (Farbar) C:\Users\Jennifer\Downloads\FRST64.exe2014-03-21 22:49 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-03-21 22:42 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI2014-03-21 22:41 - 2014-03-19 20:28 - 00000000 ____D () C:\WINDOWS\pss2014-03-21 21:25 - 2014-03-21 21:24 - 00038545 _____ () C:\Users\Jennifer\Downloads\Addition.txt2014-03-21 21:19 - 2014-03-21 21:12 - 00000000 ___RD () C:\Users\Jennifer\SkyDrive (5).old2014-03-21 21:12 - 2014-03-20 20:18 - 00000000 __RDO () C:\Users\Jennifer\SkyDrive (4).old2014-03-21 21:11 - 2014-03-21 21:11 - 00262144 _____ () C:\WINDOWS\Minidump\032114-37437-01.dmp2014-03-21 21:04 - 2013-12-23 19:49 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1638550677-2088146564-2875212767-1001UA.job2014-03-20 20:18 - 2014-03-19 18:34 - 00000000 __RDO () C:\Users\Jennifer\SkyDrive (3).old2014-03-20 20:14 - 2014-03-20 20:14 - 00000000 _____ () C:\Recovery.txt2014-03-20 20:00 - 2014-03-20 20:00 - 00000000 ____D () C:\$WINDOWS.~BT2014-03-20 19:34 - 2014-03-20 19:34 - 00286040 _____ () C:\WINDOWS\Minidump\032014-27906-01.dmp2014-03-20 19:26 - 2013-11-24 09:06 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-03-20 18:42 - 2014-03-20 18:42 - 00286040 _____ () C:\WINDOWS\Minidump\032014-27218-01.dmp2014-03-20 18:32 - 2014-03-20 18:31 - 00286040 _____ () C:\WINDOWS\Minidump\032014-29750-01.dmp2014-03-20 18:19 - 2014-03-20 18:18 - 00286040 _____ () C:\WINDOWS\Minidump\032014-29125-01.dmp2014-03-20 18:08 - 2013-09-29 20:55 - 00032646 _____ () C:\WINDOWS\PFRO.log2014-03-19 22:24 - 2012-07-26 01:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP2014-03-19 22:06 - 2014-03-19 22:06 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security2014-03-19 20:11 - 2013-06-23 18:13 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration2014-03-19 19:22 - 2014-03-19 19:22 - 00286040 _____ () C:\WINDOWS\Minidump\031914-28625-01.dmp2014-03-19 19:11 - 2013-11-22 20:02 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1638550677-2088146564-2875212767-10012014-03-19 19:05 - 2014-03-19 19:05 - 00001136 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-03-19 19:05 - 2014-03-19 19:05 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Malwarebytes2014-03-19 19:05 - 2014-03-19 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-03-19 19:05 - 2014-03-19 18:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-03-19 19:00 - 2014-03-19 18:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jennifer\Downloads\mbam-setup-1.75.0.1300 (1).exe2014-03-19 18:50 - 2014-03-19 18:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jennifer\Downloads\mbam-setup-1.75.0.1300.exe2014-03-19 18:34 - 2014-03-18 20:01 - 00000000 __RDO () C:\Users\Jennifer\SkyDrive (2).old2014-03-19 18:33 - 2014-03-19 18:33 - 00002232 ____N () C:\bootsqm.dat2014-03-19 18:18 - 2014-03-19 18:18 - 00000000 ___SH () C:\DkHyperbootSync2014-03-19 17:51 - 2013-08-22 07:46 - 00338908 _____ () C:\WINDOWS\setupact.log2014-03-19 16:55 - 2014-03-19 16:55 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Mozilla2014-03-19 16:52 - 2014-03-19 16:51 - 00286040 _____ () C:\WINDOWS\Minidump\031914-29671-01.dmp2014-03-18 20:52 - 2014-03-18 20:52 - 00286040 _____ () C:\WINDOWS\Minidump\031814-25546-01.dmp2014-03-18 20:01 - 2013-11-29 08:22 - 00000000 __RDO () C:\Users\Jennifer\SkyDrive.old2014-03-18 20:00 - 2014-03-18 20:00 - 00286040 _____ () C:\WINDOWS\Minidump\031814-25859-01.dmp2014-03-18 19:51 - 2013-11-22 19:54 - 00000466 _____ () C:\Users\Jennifer\AppData\Local\RegisteredPackageInformation.xml2014-03-18 19:48 - 2014-03-18 19:48 - 00286040 _____ () C:\WINDOWS\Minidump\031814-32984-01.dmp2014-03-18 19:09 - 2014-03-18 19:09 - 00286040 _____ () C:\WINDOWS\Minidump\031814-18265-01.dmp2014-03-18 18:32 - 2014-03-18 18:32 - 00286040 _____ () C:\WINDOWS\Minidump\031814-19171-01.dmp2014-03-18 18:25 - 2013-11-28 23:22 - 00000000 ____D () C:\Users\boys2014-03-18 18:22 - 2013-08-22 07:44 - 00474080 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-03-18 18:17 - 2014-03-18 18:17 - 00286040 _____ () C:\WINDOWS\Minidump\031814-28468-01.dmp2014-03-18 18:17 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-03-18 18:17 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-03-18 18:17 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender2014-03-18 18:17 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-03-16 16:01 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2014-03-16 15:58 - 2013-12-26 19:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-03-16 15:58 - 2013-12-26 19:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-03-16 15:57 - 2013-11-28 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-03-16 15:24 - 2013-11-28 18:48 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1638550677-2088146564-2875212767-10022014-03-16 13:41 - 2014-03-16 13:41 - 00000019 _____ () C:\Users\Jennifer\Downloads\text_0 (1).txt2014-03-16 12:04 - 2013-12-23 19:49 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1638550677-2088146564-2875212767-1001Core.job2014-03-12 08:12 - 2013-11-28 18:29 - 00000193 _____ () C:\Users\boys\AppData\Local\RegisteredPackageInformation.xml2014-03-11 18:18 - 2014-03-11 18:18 - 00000019 _____ () C:\Users\Jennifer\Downloads\text_0.txt2014-03-10 22:32 - 2014-01-04 11:53 - 00028966 _____ () C:\Users\Jennifer\Documents\smile chart_paxton.xlsx2014-03-10 22:23 - 2013-11-22 19:53 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\Packages2014-03-10 22:20 - 2013-08-22 08:36 - 00000000 __RSD () C:\WINDOWS\Media2014-03-06 22:33 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2014-03-04 15:53 - 2013-08-22 08:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2014-03-04 15:53 - 2013-08-22 08:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-03-02 16:53 - 2013-11-28 18:31 - 00000000 ___RD () C:\Users\boys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-03-02 16:53 - 2013-11-28 18:31 - 00000000 ___RD () C:\Users\boys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-02-28 23:05 - 2014-03-12 18:18 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-02-28 21:58 - 2014-03-12 18:17 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-02-28 21:30 - 2014-03-12 18:18 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-02-28 21:17 - 2014-03-12 18:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-02-28 20:54 - 2014-03-12 18:17 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-02-28 20:47 - 2014-03-12 18:17 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-02-28 20:42 - 2014-03-12 18:17 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-02-28 20:18 - 2014-03-12 18:17 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-02-28 20:14 - 2014-03-12 18:17 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-02-28 20:10 - 2014-03-12 18:17 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-02-28 20:03 - 2014-03-12 18:17 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-02-28 19:57 - 2014-03-12 18:17 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-02-28 19:38 - 2014-03-12 18:17 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-02-28 19:32 - 2014-03-12 18:17 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-02-28 19:27 - 2014-03-12 18:17 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-02-28 19:25 - 2014-03-12 18:17 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-02-28 19:25 - 2014-03-12 18:17 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-02-23 10:20 - 2013-11-22 20:06 - 00000000 ____D () C:\ldiag2014-02-22 18:23 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache2014-02-22 14:22 - 2013-11-22 19:56 - 00000000 ___RD () C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-02-22 14:22 - 2013-11-22 19:56 - 00000000 ___RD () C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-02-22 14:19 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-02-22 14:19 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\MediaViewer2014-02-22 14:19 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\FileManager2014-02-22 14:19 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Camera2014-02-22 14:19 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism2014-02-22 14:19 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\Dism2014-02-20 19:59 - 2013-06-23 18:07 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo2014-02-20 19:59 - 2013-06-23 17:53 - 00000000 ____D () C:\Program Files\Lenovo Files to move or delete:====================C:\ProgramData\RegistryReviver.exe Some content of TEMP:====================C:\Users\Jennifer\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exeC:\Users\Jennifer\AppData\Local\Temp\nitro_pro8_x64(1).exeC:\Users\Jennifer\AppData\Local\Temp\nitro_pro8_x64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys[2014-03-12 18:17] - [2014-01-31 09:15] - 0311640 ____A (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02 LastRegBack: 2014-03-18 19:28 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
leehaze Posted March 22, 2014 Author ID:806264 Share Posted March 22, 2014 how do i attach the addition.txt ? Link to post Share on other sites More sharing options...
kevinf80 Posted March 22, 2014 ID:806361 Share Posted March 22, 2014 Select the "More Reply Options" tab under the reply box bottom right corner. New options are available in the new window, Use "Browse" to find the file, double click on the file to load, then select "Attach this File" to just that.... Kevin Link to post Share on other sites More sharing options...
leehaze Posted March 22, 2014 Author ID:806373 Share Posted March 22, 2014 Here's the addition.txtAddition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted March 22, 2014 ID:806380 Share Posted March 22, 2014 Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Quick scanMake sure that everything is checked, and click Remove Selected on any found items. Post the produced log.. Post those logs to your next reply, let me know if any remaining issues or concerns.. One other point, there is an error showing in your logs: System errors:=============Error: (03/21/2014 09:24:51 PM) (Source: disk) (User: )Description: The device, \Device\Harddisk0\DR0, has a bad block. That will have to checked when your system is clean.. Kevinfixlist.txt Link to post Share on other sites More sharing options...
leehaze Posted March 22, 2014 Author ID:806440 Share Posted March 22, 2014 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014Ran by Jennifer at 2014-03-22 08:29:42 Run:1Running from C:\Users\Jennifer\DownloadsBoot Mode: Normal============================================== Content of fixlist:*****************StartGroupPolicyUsers\S-1-5-21-1638550677-2088146564-2875212767-1002\User: Group Policy restriction detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-1638550677-2088146564-2875212767-1001\User: Group Policy restriction detected <======= ATTENTIONC:\ProgramData\RegistryReviver.exeC:\Users\Jennifer\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exeC:\Users\Jennifer\AppData\Local\Temp\nitro_pro8_x64(1).exeC:\Users\Jennifer\AppData\Local\Temp\nitro_pro8_x64.exeAlternateDataStreams: C:\Windows:nlsPreferencesAlternateDataStreams: C:\Users\Jennifer\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\Jennifer\SkyDrive (2).old:ms-propertiesAlternateDataStreams: C:\Users\Jennifer\SkyDrive (3).old:ms-propertiesAlternateDataStreams: C:\Users\Jennifer\SkyDrive (4).old:ms-propertiesAlternateDataStreams: C:\Users\Jennifer\SkyDrive (5).old:ms-propertiesAlternateDataStreams: C:\Users\Jennifer\SkyDrive.old:ms-propertiesEnd***************** C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1638550677-2088146564-2875212767-1002\User => Moved successfully.C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1638550677-2088146564-2875212767-1001\User => Moved successfully.C:\ProgramData\RegistryReviver.exe => Moved successfully.C:\Users\Jennifer\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exe => Moved successfully.C:\Users\Jennifer\AppData\Local\Temp\nitro_pro8_x64(1).exe => Moved successfully.C:\Users\Jennifer\AppData\Local\Temp\nitro_pro8_x64.exe => Moved successfully.C:\Windows => ":nlsPreferences" ADS removed successfully."C:\Users\Jennifer\SkyDrive" => ":ms-properties" ADS not found."C:\Users\Jennifer\SkyDrive (2).old" => ":ms-properties" ADS not found."C:\Users\Jennifer\SkyDrive (3).old" => ":ms-properties" ADS not found."C:\Users\Jennifer\SkyDrive (4).old" => ":ms-properties" ADS not found."C:\Users\Jennifer\SkyDrive (5).old" => ":ms-properties" ADS not found."C:\Users\Jennifer\SkyDrive.old" => ":ms-properties" ADS not found. The system needed a reboot. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
leehaze Posted March 22, 2014 Author ID:806443 Share Posted March 22, 2014 Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2014.03.22.07 Windows 8 x64 NTFSInternet Explorer 11.0.9600.16521Jennifer :: JNEWBIE [administrator] Protection: Enabled 3/22/2014 10:21:18 AMmbam-log-2014-03-22 (10-21-18).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 261243Time elapsed: 4 minute(s), 21 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
kevinf80 Posted March 22, 2014 ID:806475 Share Posted March 22, 2014 We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use.Click Start When asked, allow the add/on to be installedClick Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program copy and paste the report in next reply Post ESET log, also let me know if there are any remaining issues or concerns.... Kevin Link to post Share on other sites More sharing options...
leehaze Posted March 23, 2014 Author ID:806652 Share Posted March 23, 2014 I tried to run the ESET online scanner. The computer froze, then this appeared. LegacyFeatures.execonfiguration parser error 0xC00CE505error parsingc:\\windows\microsoft.net\frameworkv4.0.30329\config\machine.config it restarted and while i tried to start ESET again, this happened:Your PC ran into a problem and needs to restart. We just collecting some error info, and then we'll restart you. --it's been doing this since the problem started. Today it had an additional loud buzzing sound restarted, then this before i could get Explorer opened:wermgr.exe--application ErrorThe instruction at 0x676cfa5c referenced memory at 0x676a272c The memory couldn not be written. Click OK to terminate the program.Click ok to terminate the program. restarted and then this:The instruction at 0x73fa29f5 referenced memory at 0x71b8c8ec. The memory couldn't be read.Click ok to termitate the program. Your PC ran into a problem and needs to restart. We just collecting some error info, and then we'll restart you. --it's been doing this since the problem started. Link to post Share on other sites More sharing options...
kevinf80 Posted March 23, 2014 ID:806687 Share Posted March 23, 2014 Run Check Disk utility as described in the following link at "Option One" http://www.eightforums.com/tutorials/6221-chkdsk-check-drive-errors-windows-8-a.html When that completes and repairs are successful see if ESET will now run... Link to post Share on other sites More sharing options...
leehaze Posted March 23, 2014 Author ID:806765 Share Posted March 23, 2014 When i started teh computer this morning, it had a screen open "Automatic Repair Windows coudln't load correctly System Restore can try to restore your PC to an earlier point in the time when it worked correctly. This rpair will not change personal data, but it might remove some apps that were installed recently. You cannot undo this process. Should I System Restore? Link to post Share on other sites More sharing options...
kevinf80 Posted March 23, 2014 ID:806914 Share Posted March 23, 2014 Yes run system restore. let me know how you progress.... Link to post Share on other sites More sharing options...
leehaze Posted March 24, 2014 Author ID:807001 Share Posted March 24, 2014 system restore did not successfully complete. c:\ might be corrupt. startup repair couldn't repair PC Error Checking after doing CHKDSK windows found error on this drive that need to be repaired. Close this dialog box and then repair the drive. There was no option to fix the c:\ I was trying to do a complete restore -- the other repairs and keeping my documents wasn't working. and it deleted my profile. it's in Safe Mode. The other profile is for my kids... the computer won't let me open their profile since it's in Safe Mode. Link to post Share on other sites More sharing options...
leehaze Posted March 24, 2014 Author ID:807003 Share Posted March 24, 2014 Is there I can do to get administrator status again? Link to post Share on other sites More sharing options...
kevinf80 Posted March 24, 2014 ID:807094 Share Posted March 24, 2014 System errors:=============Error: (03/21/2014 09:24:51 PM) (Source: disk) (User: )Description: The device, \Device\Harddisk0\DR0, has a bad block. It is a strong possibility the HD is corrupt, if that proves to be the case maybe we can use a Live CD such as Ubuntu to save any important data from the corrupt HD. The best way forward is to try "Refresh" see if that helps. As you are running Windows 8.1 go to the following link, expand and use "Refreshing your PC without affecting your files" http://windows.microsoft.com/en-gb/windows-8/restore-refresh-reset-pc Let me know if that helps, Link to post Share on other sites More sharing options...
leehaze Posted March 24, 2014 Author ID:807157 Share Posted March 24, 2014 The computer didn't come with a CD or USB stick. It's a laptop with no DVD drive. It came with Windows 8 preloaded. Then I updated online. I do have an external drive...There isn't a way to get it online and download to a CD, is there? Link to post Share on other sites More sharing options...
kevinf80 Posted March 24, 2014 ID:807291 Share Posted March 24, 2014 How old is your Laptop, is it still under warranty? Link to post Share on other sites More sharing options...
leehaze Posted March 25, 2014 Author ID:807603 Share Posted March 25, 2014 it's 4 months old. I'm working on contacting the company. Link to post Share on other sites More sharing options...
kevinf80 Posted March 25, 2014 ID:807734 Share Posted March 25, 2014 It must still be under warranty, if so i`d take the laptop back and tell the dealer that the HD is duff. They should either replace the HD or replace the laptop... Let me know the outcome.. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 31, 2014 Root Admin ID:811357 Share Posted March 31, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts