Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems after running AntiMalware scan


  • Please log in to reply
19 replies to this topic

#1 Vecc1982

Vecc1982

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:45 AM

Posted 03 February 2014 - 02:16 PM

Hi,my name is Autumn. I attempted to remove the "24x7help" malware infecting my laptop. I used the following steps from bleepingcomputer.com:

http://www.bleepingcomputer.com/virus-removal/remove-24x7-help

 

Everything went fine till I ran the AntiMalware full scan...I left it scanning overnight and woke up to find a black screen with cursor after turning it on. I was able to run Windows 7 in safe mode with networking which is how I'm on here now. I'm not sure how the computer was turned off during or after the scan unless the scan automatically shuts it down after scan. Fast forward to today, I wasn't able to mess with it for a few days. I turned on laptop this morning, waited patiently when starting up Windows 7 normally, it did load my home screen however it had the please wait icon  (blue circle spinning) and I was unable to open anything. So I turned laptop off and restarted in safe mode with networking again. Please help! I'm not that knowledgeable with computers but able to follow directions well. Here are the logs from the scans used in link above.

This is the logs form Malwarebites Anti-Malware:

2014/01/28 20:55:01 -0500 BBY488-PC Autumn MESSAGE Executing scheduled update:  Daily
2014/01/28 20:55:11 -0500 BBY488-PC Autumn MESSAGE Starting protection
2014/01/28 20:55:11 -0500 BBY488-PC Autumn MESSAGE Protection started successfully
2014/01/28 20:55:11 -0500 BBY488-PC Autumn MESSAGE Starting IP protection
2014/01/28 20:56:09 -0500 BBY488-PC Autumn MESSAGE IP Protection started successfully
2014/01/28 20:56:53 -0500 BBY488-PC Autumn MESSAGE Starting database refresh
2014/01/28 20:56:53 -0500 BBY488-PC Autumn MESSAGE Stopping IP protection
2014/01/28 20:57:10 -0500 BBY488-PC Autumn MESSAGE IP Protection stopped successfully
2014/01/28 20:57:11 -0500 BBY488-PC Autumn MESSAGE Database already up-to-date
2014/01/28 20:57:18 -0500 BBY488-PC Autumn MESSAGE Database refreshed successfully
2014/01/28 20:57:18 -0500 BBY488-PC Autumn MESSAGE Starting IP protection
2014/01/28 20:57:27 -0500 BBY488-PC Autumn MESSAGE IP Protection started successfully
 
2014/01/29 06:30:53 -0500 BBY488-PC Autumn MESSAGE Starting protection
2014/01/29 06:30:53 -0500 BBY488-PC Autumn MESSAGE Protection started successfully
2014/01/29 06:30:53 -0500 BBY488-PC Autumn MESSAGE Starting IP protection
2014/01/29 07:44:48 -0500 BBY488-PC (null) MESSAGE Starting protection
2014/01/29 07:44:49 -0500 BBY488-PC (null) MESSAGE Protection started successfully
2014/01/29 07:44:49 -0500 BBY488-PC (null) MESSAGE Starting IP protection
2014/01/29 07:45:10 -0500 BBY488-PC (null) MESSAGE IP Protection started successfully
 
2014/02/03 12:00:04 -0500 BBY488-PC Autumn MESSAGE Executing scheduled update:  Daily
2014/02/03 12:00:11 -0500 BBY488-PC Autumn MESSAGE Starting protection
2014/02/03 12:00:11 -0500 BBY488-PC Autumn MESSAGE Protection started successfully
2014/02/03 12:00:12 -0500 BBY488-PC Autumn MESSAGE Starting IP protection
2014/02/03 12:00:23 -0500 BBY488-PC Autumn MESSAGE IP Protection started successfully
2014/02/03 12:00:31 -0500 BBY488-PC Autumn MESSAGE Starting database refresh
2014/02/03 12:00:31 -0500 BBY488-PC Autumn MESSAGE Scheduled update executed successfully:  database updated from version v2014.01.28.10 to version v2014.02.03.04
2014/02/03 12:00:31 -0500 BBY488-PC Autumn MESSAGE Stopping IP protection
2014/02/03 12:00:33 -0500 BBY488-PC Autumn MESSAGE IP Protection stopped successfully
2014/02/03 12:00:41 -0500 BBY488-PC Autumn MESSAGE Database refreshed successfully
2014/02/03 12:00:41 -0500 BBY488-PC Autumn MESSAGE Starting IP protection
2014/02/03 12:01:06 -0500 BBY488-PC Autumn MESSAGE IP Protection started successfully
2014/02/03 12:08:52 -0500 BBY488-PC BBY488 MESSAGE Starting protection
2014/02/03 12:08:53 -0500 BBY488-PC BBY488 MESSAGE Protection started successfully
2014/02/03 12:08:53 -0500 BBY488-PC BBY488 MESSAGE Starting IP protection
2014/02/03 12:30:19 -0500 BBY488-PC Autumn MESSAGE Starting protection
2014/02/03 12:30:19 -0500 BBY488-PC Autumn MESSAGE Protection started successfully
2014/02/03 12:30:19 -0500 BBY488-PC Autumn MESSAGE Starting IP protection
 

 

Attached Files


Edited by Vecc1982, 03 February 2014 - 02:31 PM.


BC AdBot (Login to Remove)

 


m

#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:45 AM

Posted 03 February 2014 - 10:26 PM

:welcome:

 

Lets give it a try.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 


Under Hurricane Emergency, expect delays on my responses

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Vecc1982

Vecc1982
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:45 AM

Posted 03 February 2014 - 10:49 PM

Thank you! Ok, here are the logs.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Autumn (administrator) on BBY488-PC on 03-02-2014 22:43:22
Running from C:\Users\Autumn\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-15] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-06-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-06-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2011-06-18] (Lenovo)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-06-18] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Runonce: [GrpConv] - grpconv -o
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKU\S-1-5-21-3817446971-4238635741-1619600606-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3817446971-4238635741-1619600606-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = 
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3282812&SearchSource=48&CUI=UN40990305443260231&UM=2&sspv=CHNTR1
CHR RestoreOnStartup: "spdy": {
      "servers": [ "chatenabled.mail.google.com:443", "ssl.gstatic.com:443", "accounts.youtube.com:443", "gmail.com:443", "profiles.google.com:443", "s.youtube.com:443", "www.youtube-nocookie.com:443", "www.youtube.com:443", "accounts.google.com:443", "mail-attachment.googleusercontent.com:443", "plusone.google.com:443", "googleads.g.doubleclick.net:443", "pagead2.googleadservices.com:443", "ssl.google-analytics.com:443", "toolbarqueries.google.com:443", "clients2.google.com:443", "clients6.google.com:443", "lh4.googleusercontent.com:443", "lh6.googleusercontent.com:443", "mail.google.com:443", "s.ytimg.com:443", "www.google.com:443", "apis.google.com:443", "www.googleadservices.com:443", "maps-api-ssl.google.com:443", "s2.googleusercontent.com:443"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\gcswf32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-27]
CHR Extension: (Google Search) - C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-27]
CHR Extension: (Google Wallet) - C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-28]
CHR Extension: (Gmail) - C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-27]
CHR HKCU\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\Autumn\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx [2011-12-27]
CHR HKCU\...\Chrome\Extension: [edfllcfghbogdahicgpcmnmkgpcmdjeo] - C:\Users\Autumn\AppData\Local\CRE\edfllcfghbogdahicgpcmnmkgpcmdjeo.crx [2011-12-27]
CHR HKCU\...\Chrome\Extension: [jfjbflachhjbdbhfgknpgcgpchaikkok] - C:\Users\Autumn\AppData\Local\CRE\jfjbflachhjbdbhfgknpgcgpchaikkok.crx [2011-12-27]
CHR HKCU\...\Chrome\Extension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:\Users\Autumn\AppData\Local\CRE\lonndllmbldmmoefheenkmgkencnkdkh.crx [2011-12-27]
CHR HKCU\...\Chrome\Extension: [oelbclnhkbhlhikfmpmbakbgeonbjjnp] - C:\Users\Autumn\AppData\Local\CRE\oelbclnhkbhlhikfmpmbakbgeonbjjnp.crx [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\Autumn\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [edfllcfghbogdahicgpcmnmkgpcmdjeo] - C:\Users\Autumn\AppData\Local\CRE\edfllcfghbogdahicgpcmnmkgpcmdjeo.crx [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [jfjbflachhjbdbhfgknpgcgpchaikkok] - C:\Users\Autumn\AppData\Local\CRE\jfjbflachhjbdbhfgknpgcgpchaikkok.crx [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:\Users\Autumn\AppData\Local\CRE\lonndllmbldmmoefheenkmgkencnkdkh.crx [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [oelbclnhkbhlhikfmpmbakbgeonbjjnp] - C:\Users\Autumn\AppData\Local\CRE\oelbclnhkbhlhikfmpmbakbgeonbjjnp.crx [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [peaihlgfkkhnflpijnnbhkmkcpjhnpel] - C:\Program Files (x86)\BuzzSocialPoints_DNS\chrome.crx [2011-12-27]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
S2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
S1 avgtp; \??\C:\windows\system32\drivers\avgtpx64.sys [x]
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 IAStorDataMgrSvc; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-03 22:43 - 2014-02-03 22:44 - 00016305 _____ () C:\Users\Autumn\Downloads\FRST.txt
2014-02-03 22:43 - 2014-02-03 22:43 - 00000000 ____D () C:\FRST
2014-02-03 22:42 - 2014-02-03 22:42 - 02080256 _____ (Farbar) C:\Users\Autumn\Downloads\FRST64.exe
2014-02-03 14:42 - 2014-02-03 14:42 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumns Updated Resume (1).wps
2014-02-03 14:41 - 2014-02-03 14:41 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumn resume final (2).wps
2014-02-03 14:40 - 2014-02-03 14:40 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumn resume final (1).wps
2014-02-03 14:39 - 2014-02-03 14:39 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumn resume final.wps
2014-02-03 14:35 - 2014-02-03 14:35 - 00000000 ____D () C:\Users\Autumn\AppData\Local\Lenovo Security Suite
2014-02-03 14:26 - 2014-02-03 14:26 - 00002040 _____ () C:\Users\Autumn\Downloads\Rkill.txt
2014-02-03 14:13 - 2014-02-03 14:13 - 00275730 _____ () C:\Users\Autumn\Downloads\Autumn Vecchione - Google+.htm
2014-02-03 14:13 - 2014-02-03 14:13 - 00000000 ____D () C:\Users\Autumn\Downloads\Autumn Vecchione - Google+_files
2014-01-28 20:54 - 2014-01-28 20:54 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-28 20:54 - 2014-01-28 20:54 - 00000000 ____D () C:\Users\Autumn\AppData\Roaming\Malwarebytes
2014-01-28 20:54 - 2014-01-28 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-28 20:54 - 2014-01-28 20:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-28 20:54 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-28 20:52 - 2014-01-28 20:52 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Autumn\Downloads\mbam-setup.exe
2014-01-28 20:49 - 2014-01-28 20:49 - 01037068 _____ (Thisisu) C:\Users\Autumn\Downloads\JRT (1).exe
2014-01-28 20:44 - 2014-01-28 20:44 - 00020213 _____ () C:\Users\Autumn\Desktop\JRT.txt
2014-01-28 20:25 - 2014-01-28 20:25 - 00000000 ____D () C:\windows\ERUNT
2014-01-28 20:24 - 2014-01-28 20:24 - 01037068 _____ (Thisisu) C:\Users\Autumn\Downloads\JRT.exe
2014-01-28 20:20 - 2014-01-28 20:22 - 00002040 _____ () C:\Users\Autumn\Desktop\Rkill.txt
2014-01-28 20:20 - 2014-01-28 20:20 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Autumn\Downloads\rkill.com
2014-01-28 16:36 - 2014-01-28 16:36 - 00000143 _____ () C:\Users\BBY488\AppData\Roaming\WB.CFG
2014-01-28 16:36 - 2014-01-28 16:36 - 00000005 _____ () C:\Users\BBY488\AppData\Roaming\WBPU-TTL.DAT
2014-01-28 07:44 - 2014-01-29 06:30 - 00007704 _____ () C:\windows\PFRO.log
2014-01-26 19:47 - 2014-01-26 19:47 - 00003322 _____ () C:\windows\System32\Tasks\{9717955D-FC1A-4303-AC8B-ECA9D06B5709}
 
==================== One Month Modified Files and Folders =======
 
2014-02-03 22:44 - 2014-02-03 22:43 - 00016305 _____ () C:\Users\Autumn\Downloads\FRST.txt
2014-02-03 22:43 - 2014-02-03 22:43 - 00000000 ____D () C:\FRST
2014-02-03 22:42 - 2014-02-03 22:42 - 02080256 _____ (Farbar) C:\Users\Autumn\Downloads\FRST64.exe
2014-02-03 22:40 - 2011-06-18 13:44 - 02081768 _____ () C:\windows\WindowsUpdate.log
2014-02-03 22:39 - 2009-07-14 00:13 - 00005376 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-03 22:35 - 2011-06-18 15:00 - 00119298 _____ () C:\windows\system32\fastboot.set
2014-02-03 22:33 - 2013-09-30 19:06 - 00002576 _____ () C:\windows\setupact.log
2014-02-03 22:33 - 2011-06-18 14:30 - 03628004 _____ () C:\FaceProv.log
2014-02-03 22:33 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-03 14:42 - 2014-02-03 14:42 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumns Updated Resume (1).wps
2014-02-03 14:41 - 2014-02-03 14:41 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumn resume final (2).wps
2014-02-03 14:40 - 2014-02-03 14:40 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumn resume final (1).wps
2014-02-03 14:39 - 2014-02-03 14:39 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumn resume final.wps
2014-02-03 14:35 - 2014-02-03 14:35 - 00000000 ____D () C:\Users\Autumn\AppData\Local\Lenovo Security Suite
2014-02-03 14:26 - 2014-02-03 14:26 - 00002040 _____ () C:\Users\Autumn\Downloads\Rkill.txt
2014-02-03 14:13 - 2014-02-03 14:13 - 00275730 _____ () C:\Users\Autumn\Downloads\Autumn Vecchione - Google+.htm
2014-02-03 14:13 - 2014-02-03 14:13 - 00000000 ____D () C:\Users\Autumn\Downloads\Autumn Vecchione - Google+_files
2014-02-03 12:30 - 2011-06-18 14:30 - 00000000 ____D () C:\ProgramData\VeriFace
2014-02-03 12:29 - 2011-06-18 14:53 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-03 12:08 - 2011-06-18 14:53 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-29 06:50 - 2011-10-06 05:51 - 00002243 _____ () C:\Users\Autumn\Desktop\OneKey Recovery.lnk
2014-01-29 06:30 - 2014-01-28 07:44 - 00007704 _____ () C:\windows\PFRO.log
2014-01-29 06:30 - 2011-06-18 14:54 - 00000000 ____D () C:\Program Files\Google
2014-01-29 06:30 - 2011-06-18 14:53 - 00000000 ____D () C:\Program Files (x86)\Google
2014-01-29 02:12 - 2013-03-01 16:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-29 01:10 - 2012-12-26 13:05 - 00000932 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1000UA.job
2014-01-29 00:24 - 2013-03-10 00:19 - 00000924 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1004UA.job
2014-01-29 00:24 - 2013-03-10 00:19 - 00000902 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1004Core.job
2014-01-28 20:54 - 2014-01-28 20:54 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-28 20:54 - 2014-01-28 20:54 - 00000000 ____D () C:\Users\Autumn\AppData\Roaming\Malwarebytes
2014-01-28 20:54 - 2014-01-28 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-28 20:54 - 2014-01-28 20:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-28 20:52 - 2014-01-28 20:52 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Autumn\Downloads\mbam-setup.exe
2014-01-28 20:49 - 2014-01-28 20:49 - 01037068 _____ (Thisisu) C:\Users\Autumn\Downloads\JRT (1).exe
2014-01-28 20:44 - 2014-01-28 20:44 - 00020213 _____ () C:\Users\Autumn\Desktop\JRT.txt
2014-01-28 20:32 - 2011-06-18 14:32 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-28 20:32 - 2011-06-18 14:32 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-28 20:25 - 2014-01-28 20:25 - 00000000 ____D () C:\windows\ERUNT
2014-01-28 20:24 - 2014-01-28 20:24 - 01037068 _____ (Thisisu) C:\Users\Autumn\Downloads\JRT.exe
2014-01-28 20:22 - 2014-01-28 20:20 - 00002040 _____ () C:\Users\Autumn\Desktop\Rkill.txt
2014-01-28 20:20 - 2014-01-28 20:20 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Autumn\Downloads\rkill.com
2014-01-28 20:05 - 2011-10-06 05:57 - 00000000 ____D () C:\Users\Autumn\AppData\Local\Google
2014-01-28 20:05 - 2011-06-18 14:54 - 00000000 ____D () C:\ProgramData\Google
2014-01-28 19:37 - 2009-07-13 23:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-28 19:37 - 2009-07-13 23:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-28 16:36 - 2014-01-28 16:36 - 00000143 _____ () C:\Users\BBY488\AppData\Roaming\WB.CFG
2014-01-28 16:36 - 2014-01-28 16:36 - 00000005 _____ () C:\Users\BBY488\AppData\Roaming\WBPU-TTL.DAT
2014-01-28 15:52 - 2013-03-05 06:04 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-28 15:47 - 2013-03-01 16:00 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-01-28 15:46 - 2013-03-01 16:00 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-28 15:46 - 2013-03-01 16:00 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-28 15:46 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-01-28 15:44 - 2012-12-26 13:05 - 00000910 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1000Core.job
2014-01-28 09:55 - 2011-06-18 14:53 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-28 09:55 - 2011-06-18 14:53 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-28 09:40 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-01-26 19:55 - 2013-01-06 14:00 - 00000000 ____D () C:\Users\Autumn\AppData\Local\Adobe
2014-01-26 19:55 - 2011-10-06 06:30 - 00000000 ____D () C:\Users\Autumn\AppData\Roaming\Adobe
2014-01-26 19:47 - 2014-01-26 19:47 - 00003322 _____ () C:\windows\System32\Tasks\{9717955D-FC1A-4303-AC8B-ECA9D06B5709}
2014-01-19 02:33 - 2010-11-20 22:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-01-10 17:56 - 2013-02-09 12:14 - 00000000 ____D () C:\Users\BBY488\AppData\Roaming\PCFixSpeed
 
Files to move or delete:
====================
C:\Users\BBY488\jagex_cl_runescape_LIVE.dat
C:\Users\BBY488\random.dat
C:\Users\Joey\jagex_cl_runescape_LIVE.dat
C:\Users\Joey\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Autumn\AppData\Local\Temp\.exe
C:\Users\Autumn\AppData\Local\Temp\7z920.exe
C:\Users\Autumn\AppData\Local\Temp\AskSLib.exe
C:\Users\Autumn\AppData\Local\Temp\avguidx.dll
C:\Users\Autumn\AppData\Local\Temp\bargainmatchcraigslist.exe
C:\Users\Autumn\AppData\Local\Temp\BFC_PreInstallChecker.exe
C:\Users\Autumn\AppData\Local\Temp\bi_cleaner.exe
C:\Users\Autumn\AppData\Local\Temp\bundlesweetimsetup.exe
C:\Users\Autumn\AppData\Local\Temp\checktbexist.exe
C:\Users\Autumn\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Autumn\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Autumn\AppData\Local\Temp\Coupon-Caddy-ppi-US.exe
C:\Users\Autumn\AppData\Local\Temp\DeltaTB.exe
C:\Users\Autumn\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Autumn\AppData\Local\Temp\GenericWndApi.dll
C:\Users\Autumn\AppData\Local\Temp\HotShot_installerNewNoStartUp.exe
C:\Users\Autumn\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Autumn\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Autumn\AppData\Local\Temp\lowproc.exe
C:\Users\Autumn\AppData\Local\Temp\LyricsPal.exe
C:\Users\Autumn\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Autumn\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Autumn\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Autumn\AppData\Local\Temp\mssinstaller.exe
C:\Users\Autumn\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Autumn\AppData\Local\Temp\nsa4E13.exe
C:\Users\Autumn\AppData\Local\Temp\nsaA8C7.exe
C:\Users\Autumn\AppData\Local\Temp\nscCC8D.exe
C:\Users\Autumn\AppData\Local\Temp\nsf67AD.exe
C:\Users\Autumn\AppData\Local\Temp\nsfF00C.exe
C:\Users\Autumn\AppData\Local\Temp\nsgD8FC.exe
C:\Users\Autumn\AppData\Local\Temp\nsgF09.exe
C:\Users\Autumn\AppData\Local\Temp\nsiD1FF.exe
C:\Users\Autumn\AppData\Local\Temp\nsj5036.exe
C:\Users\Autumn\AppData\Local\Temp\nslCB16.exe
C:\Users\Autumn\AppData\Local\Temp\nspDCE9.exe
C:\Users\Autumn\AppData\Local\Temp\nst8966.exe
C:\Users\Autumn\AppData\Local\Temp\nstD23B.exe
C:\Users\Autumn\AppData\Local\Temp\nsuCEA9.exe
C:\Users\Autumn\AppData\Local\Temp\nsuEE29.exe
C:\Users\Autumn\AppData\Local\Temp\nsuEF4F.exe
C:\Users\Autumn\AppData\Local\Temp\nsx7991.exe
C:\Users\Autumn\AppData\Local\Temp\nsy59F4.exe
C:\Users\Autumn\AppData\Local\Temp\oi_{B9F14784-F138-4279-9CD0-4CFFF63DBBD4}.exe
C:\Users\Autumn\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Autumn\AppData\Local\Temp\PDFCreator-1_3_2_setup.exe
C:\Users\Autumn\AppData\Local\Temp\PreCheckAOL_092712125042.exe
C:\Users\Autumn\AppData\Local\Temp\QuickShare1.exe
C:\Users\Autumn\AppData\Local\Temp\Runner.exe
C:\Users\Autumn\AppData\Local\Temp\Setup.exe
C:\Users\Autumn\AppData\Local\Temp\setupthp.exe
C:\Users\Autumn\AppData\Local\Temp\SimboApp.exe
C:\Users\Autumn\AppData\Local\Temp\SmartbarExeInstaller.exe
C:\Users\Autumn\AppData\Local\Temp\SPStub.exe
C:\Users\Autumn\AppData\Local\Temp\stubhelper.dll
C:\Users\Autumn\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Autumn\AppData\Local\Temp\tbKeyB.dll
C:\Users\Autumn\AppData\Local\Temp\tbMixi.dll
C:\Users\Autumn\AppData\Local\Temp\tbSomo.dll
C:\Users\Autumn\AppData\Local\Temp\tbVgra.dll
C:\Users\Autumn\AppData\Local\Temp\tbWhit.dll
C:\Users\Autumn\AppData\Local\Temp\ToolbarHelper.exe
C:\Users\Autumn\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Autumn\AppData\Local\Temp\uninst1.exe
C:\Users\Autumn\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Autumn\AppData\Local\Temp\uninstaller.exe
C:\Users\Autumn\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Autumn\AppData\Local\Temp\Updater.exe
C:\Users\Autumn\AppData\Local\Temp\UpdUninstall.exe
C:\Users\Autumn\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_6974.exe
C:\Users\Autumn\AppData\Local\Temp\{96E06C5C-3C64-4A61-9031-7C1B1B13AD1B}-chrome_updater.exe
C:\Users\BBY488\AppData\Local\Temp\cltmng.exe
C:\Users\BBY488\AppData\Local\Temp\ICReinstall_Minecraft.exe
C:\Users\BBY488\AppData\Local\Temp\msvcp100.dll
C:\Users\BBY488\AppData\Local\Temp\msvcr100.dll
C:\Users\Joey\AppData\Local\Temp\cltmng.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-29 00:12
 
==================== End Of Log ============
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by Autumn at 2014-02-03 22:45:18
Running from C:\Users\Autumn\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}
 
==================== Installed Programs ======================
 
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (x32 Version: 9.5.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.4.634 - Adobe Systems, Inc.)
Apple Application Support (x32 Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (x32 Version: 7.0 - Atheros)
ATI AVIVO64 Codecs (Version: 11.6.0.10518 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (Version: 3.0.812.0 - ATI Technologies, Inc.)
AVG 2013 (Version: 13.0.2638 - AVG Technologies) Hidden
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Big Fish Games: Game Manager (x32 Version: 3.0.1.60 - )
BioExcess (Version: 7.0.67.0 - Egis Technology Inc.) Hidden
BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.)
BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0525.1041.17280 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0525.1041.17280 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0525.1041.17280 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0525.1041.17280 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help English (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help French (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help German (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0525.1041.17280 - ATI) Hidden
ccc-utility64 (Version: 2011.0525.1041.17280 - ATI) Hidden
Conexant HD Audio (Version: 8.54.4.50 - Conexant)
CyberLink YouCam (x32 Version: 3.1.3728 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EgisTec ES603 WDM Driver (x32 Version: 3.0.20.0 - Egis Technology Inc.)
Energy Management (x32 Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
ES603 WDM Driver (x32 Version: 3.0.20.0 - Egis Technology Inc.) Hidden
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287 - Skype Limited)
Facebook Video Calling 2.0.0.447 (x32 Version: 2.0.447 - Skype Limited)
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
iTunes (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 13 (x32 Version: 7.0.130 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Lenovo EasyCamera (x32 Version: 13.10.1201.1 - Vimicro)
Lenovo EE Boot Optimizer (Version: 0.0.1.7 - Lenovo)
Lenovo OneKey Recovery (Version: 7.0.0.2525 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (x32 Version: 7.0.0.2525 - CyberLink Corp.)
Lenovo Security Suite (x32 Version: 2.0.13.0 - Lenovo)
Lenovo Security Suite (x32 Version: 2.0.13.0 - Lenovo) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (x32 Version: 3.0.318.3 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.2.0223.1 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Pirate101 (x32 Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Port Locker (Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.)
Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Power2Go (x32 Version: 5.6.0.7303 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
QuickTime (x32 Version: 7.72.80.56 - Apple Inc.)
Realtek Ethernet Controller Driver (x32 Version: 7.42.304.2011 - Realtek)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
ROBLOX Player for Autumn (HKCU Version:  - ROBLOX Corporation)
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 15.2.5.2 - Synaptics Incorporated)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
UserGuide (x32 Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (x32 Version: 4.0.0.1224 - Lenovo)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Wizard101 (x32 Version: 1.0.0 - KingsIsle Entertainment, Inc.)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
World of Warcraft (x32 Version: 4.0.0.12911 - Blizzard Entertainment)
 
==================== Restore Points  =========================
 
28-04-2013 01:36:44 Windows Update
29-04-2013 22:53:49 Windows Update
03-05-2013 21:02:51 Windows Update
07-05-2013 23:05:26 Windows Update
15-05-2013 20:47:58 Windows Update
19-05-2013 03:31:00 Windows Update
22-05-2013 20:49:30 Windows Update
30-09-2013 17:12:00 Windows Update
28-01-2014 16:01:32 Scheduled Checkpoint
28-01-2014 21:12:21 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0188B75F-5354-4149-ADC1-AD06FC2BA453} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink)
Task: {0A9FC5C2-9D16-4470-9033-942428C2E15D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18] (Google Inc.)
Task: {129C8023-F3B8-44EC-A35A-777B27504E50} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1004Core => C:\Users\Joey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-10] (Facebook Inc.)
Task: {15B6EC64-527C-45D4-9243-DCCD6C0D5B95} - System32\Tasks\Funmoods => C:\Users\BBY488\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe [2013-01-25] () <==== ATTENTION
Task: {2A731CBF-C485-4C89-925A-A30D199307A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {472DA648-B711-4D7E-8A8D-6B549BAFED21} - System32\Tasks\Hoolapp For Android => C:\Users\BBY488\AppData\Roaming\HoolappForAndroid\UpdateProc\UpdateTask.exe [2013-01-18] () <==== ATTENTION
Task: {5E2556C0-07B0-4695-8917-0F589462F090} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1004UA => C:\Users\Joey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-10] (Facebook Inc.)
Task: {7CF38705-346D-4921-BF76-F1C4E421CD9F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-28] (Adobe Systems Incorporated)
Task: {803E6E92-04B1-46F7-A697-A9A3DF0C185E} - System32\Tasks\BuzzSocialPoints_DNS_Checker => C:\Windows\BuzzSocialPointsChecker\BSP_li.exe
Task: {9F1B68DE-C1D8-4857-BBEA-1FFC7C74FF14} - System32\Tasks\Test TimeTrigger => C:\Users\Autumn\AppData\Local\Temp\Runner.exe [2012-11-02] () <==== ATTENTION
Task: {B1D8EBE2-5357-445C-B9D2-2D27C048F868} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1000Core => C:\Users\BBY488\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-26] (Facebook Inc.)
Task: {C0456B0A-B331-4796-9A10-1BF03A040348} - System32\Tasks\AmiUpdXp => C:\Users\Autumn\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: {C8DA581C-82F9-4F5A-87AC-F8619A2A8999} - System32\Tasks\RunAsStdUser Task => C:\Users\Autumn\AppData\Local\teeveewatchSA\bin\1.0.9.0\TeeveeWatchSA.exe
Task: {D100CADE-FB09-4B74-9975-9E282B92AE52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18] (Google Inc.)
Task: {E48A16E7-7EF7-4C3B-B98E-03465649DECD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1000UA => C:\Users\BBY488\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-26] (Facebook Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1000Core.job => C:\Users\BBY488\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1000UA.job => C:\Users\BBY488\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1004Core.job => C:\Users\Joey\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1004UA.job => C:\Users\Joey\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-06-18 14:30 - 2011-06-18 14:30 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2011-06-18 14:30 - 2011-06-18 14:30 - 00628064 _____ () C:\windows\system32\SimpleExt.dll
2009-01-21 11:45 - 2009-01-21 11:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec BioExcess\x64\LIBEAY32.dll
2014-01-28 11:04 - 2014-01-23 00:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-28 11:05 - 2014-01-23 00:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-28 11:04 - 2014-01-23 00:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
2014-02-03 13:50 - 2014-02-03 13:50 - 04591616 _____ () C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll
2014-02-03 13:50 - 2014-02-03 13:50 - 00112128 _____ () C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: avgtp
Description: avgtp
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: avgtp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/03/2014 10:39:53 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (02/03/2014 10:39:53 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (02/03/2014 10:36:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/03/2014 01:31:51 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (02/03/2014 01:31:51 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (02/03/2014 01:28:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/31/2014 10:45:41 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (01/31/2014 10:45:41 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (01/31/2014 10:42:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/29/2014 06:47:16 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
 
System errors:
=============
Error: (02/03/2014 10:40:54 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (02/03/2014 10:36:10 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (02/03/2014 10:36:09 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (02/03/2014 10:35:51 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (02/03/2014 10:35:40 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (02/03/2014 10:35:27 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AVGIDSDriver
Avgldx64
avgtp
BPntDrv
cdrom
discache
EgisTecFF
MpFilter
mwlPSDFilter
mwlPSDNServ
mwlPSDVDisk
spldr
Wanarpv6
 
Error: (02/03/2014 10:35:26 PM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: 
%%1068
 
Error: (02/03/2014 10:35:25 PM) (Source: Service Control Manager) (User: )
Description: The Conexant Audio Message Service service depends on the Windows Audio service which failed to start because of the following error: 
%%1068
 
Error: (02/03/2014 10:33:46 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater15.2.0 service failed to start due to the following error: 
%%2
 
Error: (02/03/2014 02:37:11 PM) (Source: DCOM) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
 
 
Microsoft Office Sessions:
=========================
Error: (02/03/2014 10:39:53 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (02/03/2014 10:39:53 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (02/03/2014 10:36:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/03/2014 01:31:51 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (02/03/2014 01:31:51 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (02/03/2014 01:28:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/31/2014 10:45:41 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (01/31/2014 10:45:41 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (01/31/2014 10:42:56 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/29/2014 06:47:16 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 22%
Total physical RAM: 3686.11 MB
Available physical RAM: 2862.18 MB
Total Pagefile: 7370.4 MB
Available Pagefile: 6598.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:254.14 GB) (Free:187.07 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.2 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 1AB91EF8)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)
 
==================== End Of Log ============================


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:45 AM

Posted 04 February 2014 - 11:37 AM

Download the enclosed file.

 

Save it in the location FRST64 is.

 

Run FRST64 and click on the Fix button, and wait.

 

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

 

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

Re-scan with FRST64, this time around, put a checkmark on addition.txt and click on Scan. Post the new FRST.txt log and Additional.txt log.
 


Under Hurricane Emergency, expect delays on my responses

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Vecc1982

Vecc1982
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:45 AM

Posted 04 February 2014 - 11:44 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 04
Ran by Autumn at 2014-02-04 23:41:43 Run:1
Running from C:\Users\Autumn\Downloads
Boot Mode: Safe Mode (with Networking)
==============================================
 
Content of fixlist:
*****************
Start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\BBY488\jagex_cl_runescape_LIVE.dat
C:\Users\BBY488\random.dat
C:\Users\Joey\jagex_cl_runescape_LIVE.dat
C:\Users\Joey\random.dat
C:\Users\Autumn\AppData\Local\Temp\.exe
C:\Users\Autumn\AppData\Local\Temp\7z920.exe
C:\Users\Autumn\AppData\Local\Temp\AskSLib.exe
C:\Users\Autumn\AppData\Local\Temp\avguidx.dll
C:\Users\Autumn\AppData\Local\Temp\bargainmatchcraigslist.exe
C:\Users\Autumn\AppData\Local\Temp\BFC_PreInstallChecker.exe
C:\Users\Autumn\AppData\Local\Temp\bi_cleaner.exe
C:\Users\Autumn\AppData\Local\Temp\bundlesweetimsetup.exe
C:\Users\Autumn\AppData\Local\Temp\checktbexist.exe
C:\Users\Autumn\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Autumn\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Autumn\AppData\Local\Temp\Coupon-Caddy-ppi-US.exe
C:\Users\Autumn\AppData\Local\Temp\DeltaTB.exe
C:\Users\Autumn\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Autumn\AppData\Local\Temp\GenericWndApi.dll
C:\Users\Autumn\AppData\Local\Temp\HotShot_installerNewNoStartUp.exe
C:\Users\Autumn\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Autumn\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Autumn\AppData\Local\Temp\lowproc.exe
C:\Users\Autumn\AppData\Local\Temp\LyricsPal.exe
C:\Users\Autumn\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Autumn\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Autumn\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Autumn\AppData\Local\Temp\mssinstaller.exe
C:\Users\Autumn\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Autumn\AppData\Local\Temp\nsa4E13.exe
C:\Users\Autumn\AppData\Local\Temp\nsaA8C7.exe
C:\Users\Autumn\AppData\Local\Temp\nscCC8D.exe
C:\Users\Autumn\AppData\Local\Temp\nsf67AD.exe
C:\Users\Autumn\AppData\Local\Temp\nsfF00C.exe
C:\Users\Autumn\AppData\Local\Temp\nsgD8FC.exe
C:\Users\Autumn\AppData\Local\Temp\nsgF09.exe
C:\Users\Autumn\AppData\Local\Temp\nsiD1FF.exe
C:\Users\Autumn\AppData\Local\Temp\nsj5036.exe
C:\Users\Autumn\AppData\Local\Temp\nslCB16.exe
C:\Users\Autumn\AppData\Local\Temp\nspDCE9.exe
C:\Users\Autumn\AppData\Local\Temp\nst8966.exe
C:\Users\Autumn\AppData\Local\Temp\nstD23B.exe
C:\Users\Autumn\AppData\Local\Temp\nsuCEA9.exe
C:\Users\Autumn\AppData\Local\Temp\nsuEE29.exe
C:\Users\Autumn\AppData\Local\Temp\nsuEF4F.exe
C:\Users\Autumn\AppData\Local\Temp\nsx7991.exe
C:\Users\Autumn\AppData\Local\Temp\nsy59F4.exe
C:\Users\Autumn\AppData\Local\Temp\oi_{B9F14784-F138-4279-9CD0-4CFFF63DBBD4}.exe
C:\Users\Autumn\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Autumn\AppData\Local\Temp\PDFCreator-1_3_2_setup.exe
C:\Users\Autumn\AppData\Local\Temp\PreCheckAOL_092712125042.exe
C:\Users\Autumn\AppData\Local\Temp\QuickShare1.exe
C:\Users\Autumn\AppData\Local\Temp\Runner.exe
C:\Users\Autumn\AppData\Local\Temp\Setup.exe
C:\Users\Autumn\AppData\Local\Temp\setupthp.exe
C:\Users\Autumn\AppData\Local\Temp\SimboApp.exe
C:\Users\Autumn\AppData\Local\Temp\SmartbarExeInstaller.exe
C:\Users\Autumn\AppData\Local\Temp\SPStub.exe
C:\Users\Autumn\AppData\Local\Temp\stubhelper.dll
C:\Users\Autumn\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Autumn\AppData\Local\Temp\tbKeyB.dll
C:\Users\Autumn\AppData\Local\Temp\tbMixi.dll
C:\Users\Autumn\AppData\Local\Temp\tbSomo.dll
C:\Users\Autumn\AppData\Local\Temp\tbVgra.dll
C:\Users\Autumn\AppData\Local\Temp\tbWhit.dll
C:\Users\Autumn\AppData\Local\Temp\ToolbarHelper.exe
C:\Users\Autumn\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Autumn\AppData\Local\Temp\uninst1.exe
C:\Users\Autumn\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Autumn\AppData\Local\Temp\uninstaller.exe
C:\Users\Autumn\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Autumn\AppData\Local\Temp\Updater.exe
C:\Users\Autumn\AppData\Local\Temp\UpdUninstall.exe
C:\Users\Autumn\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_6974.exe
C:\Users\Autumn\AppData\Local\Temp\{96E06C5C-3C64-4A61-9031-7C1B1B13AD1B}-chrome_updater.exe
C:\Users\BBY488\AppData\Local\Temp\cltmng.exe
C:\Users\BBY488\AppData\Local\Temp\ICReinstall_Minecraft.exe
C:\Users\BBY488\AppData\Local\Temp\msvcp100.dll
C:\Users\BBY488\AppData\Local\Temp\msvcr100.dll
C:\Users\Joey\AppData\Local\Temp\cltmng.exe
Task: {15B6EC64-527C-45D4-9243-DCCD6C0D5B95} - System32\Tasks\Funmoods => C:\Users\BBY488\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe [2013-01-25] () <==== ATTENTION
Task: {472DA648-B711-4D7E-8A8D-6B549BAFED21} - System32\Tasks\Hoolapp For Android => C:\Users\BBY488\AppData\Roaming\HoolappForAndroid\UpdateProc\UpdateTask.exe [2013-01-18] () <==== ATTENTION
HKLM\...\Runonce: [GrpConv] - grpconv -o
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
End 
*****************
 
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Users\BBY488\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\BBY488\random.dat => Moved successfully.
C:\Users\Joey\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Joey\random.dat => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\7z920.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\AskSLib.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\avguidx.dll => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\bargainmatchcraigslist.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\BFC_PreInstallChecker.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\bi_cleaner.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\bundlesweetimsetup.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\checktbexist.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\CommonInstaller.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\conduitinstaller.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\Coupon-Caddy-ppi-US.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\DeltaTB.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\GenericUninstall.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\GenericWndApi.dll => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\HotShot_installerNewNoStartUp.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\iGearedHelper.dll => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\LyricsPal.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\MachineIdCreator.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\mconduitinstaller.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\mgsqlite3.dll => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\mssinstaller.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\MyBabylonTB.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\nsa4E13.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\nsaA8C7.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\nscCC8D.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\nsf67AD.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\nsfF00C.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\nsgD8FC.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\nsgF09.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\nsiD1FF.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\nsj5036.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\nslCB16.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\nspDCE9.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\nst8966.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\nstD23B.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\nsuCEA9.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\nsuEE29.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\nsuEF4F.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\nsx7991.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\nsy59F4.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\oi_{B9F14784-F138-4279-9CD0-4CFFF63DBBD4}.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\OptimizerPro.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\PDFCreator-1_3_2_setup.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\PreCheckAOL_092712125042.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\QuickShare1.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\Runner.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\Setup.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\setupthp.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\SimboApp.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\SmartbarExeInstaller.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\SPStub.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\tbKeyB.dll => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\tbMixi.dll => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\tbSomo.dll => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\tbVgra.dll => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\tbWhit.dll => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\ToolbarHelper.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\ToolbarInstaller.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\UNINSTALL.EXE => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\uninstaller.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\UpdateCheckerSetup.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\Updater.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\UpdUninstall.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_6974.exe => Moved successfully.
C:\Users\Autumn\AppData\Local\Temp\{96E06C5C-3C64-4A61-9031-7C1B1B13AD1B}-chrome_updater.exe => Moved successfully.
C:\Users\BBY488\AppData\Local\Temp\cltmng.exe => Moved successfully.
C:\Users\BBY488\AppData\Local\Temp\ICReinstall_Minecraft.exe => Moved successfully.
C:\Users\BBY488\AppData\Local\Temp\msvcp100.dll => Moved successfully.
C:\Users\BBY488\AppData\Local\Temp\msvcr100.dll => Moved successfully.
C:\Users\Joey\AppData\Local\Temp\cltmng.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15B6EC64-527C-45D4-9243-DCCD6C0D5B95} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15B6EC64-527C-45D4-9243-DCCD6C0D5B95} => Key deleted successfully.
C:\Windows\System32\Tasks\Funmoods => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{472DA648-B711-4D7E-8A8D-6B549BAFED21} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{472DA648-B711-4D7E-8A8D-6B549BAFED21} => Key deleted successfully.
C:\Windows\System32\Tasks\Hoolapp For Android => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hoolapp For Android => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\GrpConv => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware => Value deleted successfully.


#6 Vecc1982

Vecc1982
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:45 AM

Posted 05 February 2014 - 12:22 AM

Here is the log for ADWcleaner...When it first rebooted it tried to run Windows normally and again the same spinning circle please wait icon when I tried to open browser. Turned off and restarted in safe mode...

 

# AdwCleaner v3.018 - Report created 04/02/2014 at 23:50:54
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Autumn - BBY488-PC
# Running from : C:\Users\Autumn\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : vToolbarUpdater15.2.0
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Deleted : C:\Users\BBY488\Funmoods
Folder Deleted : C:\Users\BBY488\AppData\Local\Temp\TempDir
Folder Deleted : C:\Users\BBY488\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\BBY488\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\BBY488\AppData\LocalLow\somoto_v.1
Folder Deleted : C:\Users\BBY488\AppData\Roaming\DSite
Folder Deleted : C:\Users\BBY488\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\BBY488\AppData\Roaming\PCFixSpeed
Folder Deleted : C:\Users\Autumn\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Autumn\AppData\Local\Deal Boat
Folder Deleted : C:\Users\Autumn\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Joey\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Joey\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Joey\AppData\Roaming\PCFixSpeed
Folder Deleted : C:\Users\Joey\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\BBY488\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Folder Deleted : C:\Users\BBY488\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\BBY488\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Folder Deleted : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Folder Deleted : C:\Users\BBY488\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\alotserviceruntime.log
File Deleted : C:\Users\BBY488\AppData\Local\funmoods-speeddial_sf.crx
File Deleted : C:\Users\BBY488\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\BBY488\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\BBY488\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
File Deleted : C:\Users\BBY488\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
File Deleted : C:\Users\BBY488\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\windows\System32\Tasks\AmiUpdXp
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Key Deleted : HKCU\Software\955d6dde134be44
Key Deleted : HKLM\SOFTWARE\955d6dde134be44
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16576
 
 
-\\ Google Chrome v32.0.1700.102
 
[ File : C:\Users\BBY488\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : homepage
 
[ File : C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
 
[ File : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : homepage
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [7279 octets] - [04/02/2014 23:48:23]
AdwCleaner[S0].txt - [7045 octets] - [04/02/2014 23:50:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7105 octets] ##########
 
 
 
 
Here are last 2 logs...
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by Autumn at 2014-02-05 00:17:53
Running from C:\Users\Autumn\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}
 
==================== Installed Programs ======================
 
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (x32 Version: 9.5.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.4.634 - Adobe Systems, Inc.)
Apple Application Support (x32 Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (x32 Version: 7.0 - Atheros)
ATI AVIVO64 Codecs (Version: 11.6.0.10518 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (Version: 3.0.812.0 - ATI Technologies, Inc.)
AVG 2013 (Version: 13.0.2638 - AVG Technologies) Hidden
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Big Fish Games: Game Manager (x32 Version: 3.0.1.60 - )
BioExcess (Version: 7.0.67.0 - Egis Technology Inc.) Hidden
BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.)
BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0525.1041.17280 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0525.1041.17280 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0525.1041.17280 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0525.1041.17280 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help English (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help French (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help German (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0525.1041.17280 - ATI) Hidden
ccc-utility64 (Version: 2011.0525.1041.17280 - ATI) Hidden
Conexant HD Audio (Version: 8.54.4.50 - Conexant)
CyberLink YouCam (x32 Version: 3.1.3728 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EgisTec ES603 WDM Driver (x32 Version: 3.0.20.0 - Egis Technology Inc.)
Energy Management (x32 Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
ES603 WDM Driver (x32 Version: 3.0.20.0 - Egis Technology Inc.) Hidden
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287 - Skype Limited)
Facebook Video Calling 2.0.0.447 (x32 Version: 2.0.447 - Skype Limited)
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
iTunes (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 13 (x32 Version: 7.0.130 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Lenovo EasyCamera (x32 Version: 13.10.1201.1 - Vimicro)
Lenovo EE Boot Optimizer (Version: 0.0.1.7 - Lenovo)
Lenovo OneKey Recovery (Version: 7.0.0.2525 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (x32 Version: 7.0.0.2525 - CyberLink Corp.)
Lenovo Security Suite (x32 Version: 2.0.13.0 - Lenovo)
Lenovo Security Suite (x32 Version: 2.0.13.0 - Lenovo) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (x32 Version: 3.0.318.3 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.2.0223.1 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Pirate101 (x32 Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Port Locker (Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.)
Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Power2Go (x32 Version: 5.6.0.7303 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
QuickTime (x32 Version: 7.72.80.56 - Apple Inc.)
Realtek Ethernet Controller Driver (x32 Version: 7.42.304.2011 - Realtek)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
ROBLOX Player for Autumn (HKCU Version:  - ROBLOX Corporation)
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 15.2.5.2 - Synaptics Incorporated)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
UserGuide (x32 Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (x32 Version: 4.0.0.1224 - Lenovo)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Wizard101 (x32 Version: 1.0.0 - KingsIsle Entertainment, Inc.)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
World of Warcraft (x32 Version: 4.0.0.12911 - Blizzard Entertainment)
 
==================== Restore Points  =========================
 
28-04-2013 01:36:44 Windows Update
29-04-2013 22:53:49 Windows Update
03-05-2013 21:02:51 Windows Update
07-05-2013 23:05:26 Windows Update
15-05-2013 20:47:58 Windows Update
19-05-2013 03:31:00 Windows Update
22-05-2013 20:49:30 Windows Update
30-09-2013 17:12:00 Windows Update
28-01-2014 16:01:32 Scheduled Checkpoint
28-01-2014 21:12:21 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0188B75F-5354-4149-ADC1-AD06FC2BA453} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink)
Task: {0A9FC5C2-9D16-4470-9033-942428C2E15D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18] (Google Inc.)
Task: {129C8023-F3B8-44EC-A35A-777B27504E50} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1004Core => C:\Users\Joey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-10] (Facebook Inc.)
Task: {2A731CBF-C485-4C89-925A-A30D199307A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5E2556C0-07B0-4695-8917-0F589462F090} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1004UA => C:\Users\Joey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-10] (Facebook Inc.)
Task: {7CF38705-346D-4921-BF76-F1C4E421CD9F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-28] (Adobe Systems Incorporated)
Task: {803E6E92-04B1-46F7-A697-A9A3DF0C185E} - System32\Tasks\BuzzSocialPoints_DNS_Checker => C:\Windows\BuzzSocialPointsChecker\BSP_li.exe
Task: {9F1B68DE-C1D8-4857-BBEA-1FFC7C74FF14} - System32\Tasks\Test TimeTrigger => C:\Users\Autumn\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {B1D8EBE2-5357-445C-B9D2-2D27C048F868} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1000Core => C:\Users\BBY488\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-26] (Facebook Inc.)
Task: {C0456B0A-B331-4796-9A10-1BF03A040348} - \AmiUpdXp No Task File
Task: {C8DA581C-82F9-4F5A-87AC-F8619A2A8999} - System32\Tasks\RunAsStdUser Task => C:\Users\Autumn\AppData\Local\teeveewatchSA\bin\1.0.9.0\TeeveeWatchSA.exe
Task: {D100CADE-FB09-4B74-9975-9E282B92AE52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18] (Google Inc.)
Task: {E48A16E7-7EF7-4C3B-B98E-03465649DECD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1000UA => C:\Users\BBY488\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-26] (Facebook Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1000Core.job => C:\Users\BBY488\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1000UA.job => C:\Users\BBY488\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1004Core.job => C:\Users\Joey\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1004UA.job => C:\Users\Joey\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-06-18 14:30 - 2011-06-18 14:30 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2011-06-18 14:30 - 2011-06-18 14:30 - 00628064 _____ () C:\windows\system32\SimpleExt.dll
2009-01-21 11:45 - 2009-01-21 11:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec BioExcess\x64\LIBEAY32.dll
2014-01-28 11:04 - 2014-01-23 00:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-28 11:05 - 2014-01-23 00:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-28 11:04 - 2014-01-23 00:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: avgtp
Description: avgtp
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: avgtp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/05/2014 00:01:50 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (02/05/2014 00:01:50 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (02/04/2014 11:58:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/04/2014 11:37:16 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (02/04/2014 11:37:16 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (02/04/2014 11:33:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/03/2014 10:39:53 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (02/03/2014 10:39:53 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (02/03/2014 10:36:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/03/2014 01:31:51 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
 
System errors:
=============
Error: (02/05/2014 00:07:43 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.165.3250.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.2.0223.00
 
Source Path: 4.2.0223.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (02/05/2014 00:07:43 AM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (02/04/2014 11:58:06 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (02/04/2014 11:58:05 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (02/04/2014 11:57:50 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (02/04/2014 11:57:38 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (02/04/2014 11:57:32 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AVGIDSDriver
Avgldx64
avgtp
BPntDrv
cdrom
discache
EgisTecFF
MpFilter
mwlPSDFilter
mwlPSDNServ
mwlPSDVDisk
spldr
Wanarpv6
 
Error: (02/04/2014 11:57:30 PM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: 
%%1068
 
Error: (02/04/2014 11:57:29 PM) (Source: Service Control Manager) (User: )
Description: The Conexant Audio Message Service service depends on the Windows Audio service which failed to start because of the following error: 
%%1068
 
Error: (02/04/2014 11:55:51 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
 
Microsoft Office Sessions:
=========================
Error: (02/05/2014 00:01:50 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (02/05/2014 00:01:50 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (02/04/2014 11:58:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/04/2014 11:37:16 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (02/04/2014 11:37:16 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (02/04/2014 11:33:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/03/2014 10:39:53 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (02/03/2014 10:39:53 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (02/03/2014 10:36:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/03/2014 01:31:51 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 21%
Total physical RAM: 3686.11 MB
Available physical RAM: 2902.06 MB
Total Pagefile: 7370.4 MB
Available Pagefile: 6642.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:254.14 GB) (Free:187.41 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.2 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 1AB91EF8)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)
 
==================== End Of Log ============================
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Autumn (administrator) on BBY488-PC on 05-02-2014 00:15:59
Running from C:\Users\Autumn\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-15] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-06-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-06-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2011-06-18] (Lenovo)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-06-18] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\S-1-5-21-3817446971-4238635741-1619600606-1003\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[S0].txt [7269 2014-02-04] ()
HKU\S-1-5-21-3817446971-4238635741-1619600606-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3817446971-4238635741-1619600606-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "spdy": {
      "servers": [ "chatenabled.mail.google.com:443", "ssl.gstatic.com:443", "accounts.youtube.com:443", "gmail.com:443", "profiles.google.com:443", "s.youtube.com:443", "www.youtube-nocookie.com:443", "www.youtube.com:443", "accounts.google.com:443", "mail-attachment.googleusercontent.com:443", "plusone.google.com:443", "googleads.g.doubleclick.net:443", "pagead2.googleadservices.com:443", "ssl.google-analytics.com:443", "toolbarqueries.google.com:443", "clients2.google.com:443", "clients6.google.com:443", "lh4.googleusercontent.com:443", "lh6.googleusercontent.com:443", "mail.google.com:443", "s.ytimg.com:443", "www.google.com:443", "apis.google.com:443", "www.googleadservices.com:443", "maps-api-ssl.google.com:443", "s2.googleusercontent.com:443"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\gcswf32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-27]
CHR Extension: (Google Search) - C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-27]
CHR Extension: (Google Wallet) - C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-28]
CHR Extension: (Gmail) - C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-27]
CHR HKCU\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\Autumn\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx [2011-12-27]
CHR HKCU\...\Chrome\Extension: [edfllcfghbogdahicgpcmnmkgpcmdjeo] - C:\Users\Autumn\AppData\Local\CRE\edfllcfghbogdahicgpcmnmkgpcmdjeo.crx [2011-12-27]
CHR HKCU\...\Chrome\Extension: [jfjbflachhjbdbhfgknpgcgpchaikkok] - C:\Users\Autumn\AppData\Local\CRE\jfjbflachhjbdbhfgknpgcgpchaikkok.crx [2011-12-27]
CHR HKCU\...\Chrome\Extension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:\Users\Autumn\AppData\Local\CRE\lonndllmbldmmoefheenkmgkencnkdkh.crx [2011-12-27]
CHR HKCU\...\Chrome\Extension: [oelbclnhkbhlhikfmpmbakbgeonbjjnp] - C:\Users\Autumn\AppData\Local\CRE\oelbclnhkbhlhikfmpmbakbgeonbjjnp.crx [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\Autumn\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [edfllcfghbogdahicgpcmnmkgpcmdjeo] - C:\Users\Autumn\AppData\Local\CRE\edfllcfghbogdahicgpcmnmkgpcmdjeo.crx [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [jfjbflachhjbdbhfgknpgcgpchaikkok] - C:\Users\Autumn\AppData\Local\CRE\jfjbflachhjbdbhfgknpgcgpchaikkok.crx [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:\Users\Autumn\AppData\Local\CRE\lonndllmbldmmoefheenkmgkencnkdkh.crx [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [oelbclnhkbhlhikfmpmbakbgeonbjjnp] - C:\Users\Autumn\AppData\Local\CRE\oelbclnhkbhlhikfmpmbakbgeonbjjnp.crx [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [peaihlgfkkhnflpijnnbhkmkcpjhnpel] - C:\Program Files (x86)\BuzzSocialPoints_DNS\chrome.crx [2011-12-27]
 
==================== Services (Whitelisted) =================
 
S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
 
==================== Drivers (Whitelisted) ====================
 
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
S1 avgtp; \??\C:\windows\system32\drivers\avgtpx64.sys [x]
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 IAStorDataMgrSvc; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-04 23:48 - 2014-02-04 23:51 - 00000000 ____D () C:\AdwCleaner
2014-02-04 23:46 - 2014-02-04 23:46 - 01166132 _____ () C:\Users\Autumn\Downloads\AdwCleaner.exe
2014-02-04 23:38 - 2014-02-04 23:38 - 00004851 _____ () C:\Users\Autumn\Downloads\fixlist (1).txt
2014-02-03 22:45 - 2014-02-03 22:45 - 00025879 _____ () C:\Users\Autumn\Downloads\Addition.txt
2014-02-03 22:43 - 2014-02-05 00:16 - 00015444 _____ () C:\Users\Autumn\Downloads\FRST.txt
2014-02-03 22:43 - 2014-02-05 00:15 - 00000000 ____D () C:\FRST
2014-02-03 22:42 - 2014-02-03 22:42 - 02080256 _____ (Farbar) C:\Users\Autumn\Downloads\FRST64.exe
2014-02-03 14:42 - 2014-02-03 14:42 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumns Updated Resume (1).wps
2014-02-03 14:41 - 2014-02-03 14:41 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumn resume final (2).wps
2014-02-03 14:40 - 2014-02-03 14:40 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumn resume final (1).wps
2014-02-03 14:39 - 2014-02-03 14:39 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumn resume final.wps
2014-02-03 14:35 - 2014-02-03 14:35 - 00000000 ____D () C:\Users\Autumn\AppData\Local\Lenovo Security Suite
2014-02-03 14:26 - 2014-02-03 14:26 - 00002040 _____ () C:\Users\Autumn\Downloads\Rkill.txt
2014-02-03 14:13 - 2014-02-03 14:13 - 00275730 _____ () C:\Users\Autumn\Downloads\Autumn Vecchione - Google+.htm
2014-02-03 14:13 - 2014-02-03 14:13 - 00000000 ____D () C:\Users\Autumn\Downloads\Autumn Vecchione - Google+_files
2014-01-28 20:54 - 2014-01-28 20:54 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-28 20:54 - 2014-01-28 20:54 - 00000000 ____D () C:\Users\Autumn\AppData\Roaming\Malwarebytes
2014-01-28 20:54 - 2014-01-28 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-28 20:54 - 2014-01-28 20:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-28 20:54 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-28 20:52 - 2014-01-28 20:52 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Autumn\Downloads\mbam-setup.exe
2014-01-28 20:49 - 2014-01-28 20:49 - 01037068 _____ (Thisisu) C:\Users\Autumn\Downloads\JRT (1).exe
2014-01-28 20:44 - 2014-01-28 20:44 - 00020213 _____ () C:\Users\Autumn\Desktop\JRT.txt
2014-01-28 20:25 - 2014-01-28 20:25 - 00000000 ____D () C:\windows\ERUNT
2014-01-28 20:24 - 2014-01-28 20:24 - 01037068 _____ (Thisisu) C:\Users\Autumn\Downloads\JRT.exe
2014-01-28 20:20 - 2014-01-28 20:22 - 00002040 _____ () C:\Users\Autumn\Desktop\Rkill.txt
2014-01-28 20:20 - 2014-01-28 20:20 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Autumn\Downloads\rkill.com
2014-01-28 16:36 - 2014-01-28 16:36 - 00000143 _____ () C:\Users\BBY488\AppData\Roaming\WB.CFG
2014-01-28 16:36 - 2014-01-28 16:36 - 00000005 _____ () C:\Users\BBY488\AppData\Roaming\WBPU-TTL.DAT
2014-01-28 07:44 - 2014-01-29 06:30 - 00007704 _____ () C:\windows\PFRO.log
2014-01-26 19:47 - 2014-01-26 19:47 - 00003322 _____ () C:\windows\System32\Tasks\{9717955D-FC1A-4303-AC8B-ECA9D06B5709}
 
==================== One Month Modified Files and Folders =======
 
2014-02-05 00:16 - 2014-02-03 22:43 - 00015444 _____ () C:\Users\Autumn\Downloads\FRST.txt
2014-02-05 00:15 - 2014-02-03 22:43 - 00000000 ____D () C:\FRST
2014-02-05 00:07 - 2011-06-18 13:44 - 02085812 _____ () C:\windows\WindowsUpdate.log
2014-02-05 00:01 - 2009-07-14 00:13 - 00005376 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-04 23:57 - 2011-06-18 15:00 - 00092362 _____ () C:\windows\system32\fastboot.set
2014-02-04 23:54 - 2011-06-18 14:53 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 23:54 - 2011-06-18 14:30 - 03631925 _____ () C:\FaceProv.log
2014-02-04 23:54 - 2011-06-18 14:30 - 00000000 ____D () C:\ProgramData\VeriFace
2014-02-04 23:53 - 2013-09-30 19:06 - 00002688 _____ () C:\windows\setupact.log
2014-02-04 23:53 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-04 23:51 - 2014-02-04 23:48 - 00000000 ____D () C:\AdwCleaner
2014-02-04 23:50 - 2011-08-16 03:57 - 00000000 ____D () C:\Users\BBY488
2014-02-04 23:46 - 2014-02-04 23:46 - 01166132 _____ () C:\Users\Autumn\Downloads\AdwCleaner.exe
2014-02-04 23:41 - 2013-01-16 17:16 - 00000000 ____D () C:\Users\Joey
2014-02-04 23:38 - 2014-02-04 23:38 - 00004851 _____ () C:\Users\Autumn\Downloads\fixlist (1).txt
2014-02-03 22:45 - 2014-02-03 22:45 - 00025879 _____ () C:\Users\Autumn\Downloads\Addition.txt
2014-02-03 22:42 - 2014-02-03 22:42 - 02080256 _____ (Farbar) C:\Users\Autumn\Downloads\FRST64.exe
2014-02-03 14:42 - 2014-02-03 14:42 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumns Updated Resume (1).wps
2014-02-03 14:41 - 2014-02-03 14:41 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumn resume final (2).wps
2014-02-03 14:40 - 2014-02-03 14:40 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumn resume final (1).wps
2014-02-03 14:39 - 2014-02-03 14:39 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumn resume final.wps
2014-02-03 14:35 - 2014-02-03 14:35 - 00000000 ____D () C:\Users\Autumn\AppData\Local\Lenovo Security Suite
2014-02-03 14:26 - 2014-02-03 14:26 - 00002040 _____ () C:\Users\Autumn\Downloads\Rkill.txt
2014-02-03 14:13 - 2014-02-03 14:13 - 00275730 _____ () C:\Users\Autumn\Downloads\Autumn Vecchione - Google+.htm
2014-02-03 14:13 - 2014-02-03 14:13 - 00000000 ____D () C:\Users\Autumn\Downloads\Autumn Vecchione - Google+_files
2014-02-03 12:08 - 2011-06-18 14:53 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-29 06:50 - 2011-10-06 05:51 - 00002243 _____ () C:\Users\Autumn\Desktop\OneKey Recovery.lnk
2014-01-29 06:30 - 2014-01-28 07:44 - 00007704 _____ () C:\windows\PFRO.log
2014-01-29 06:30 - 2011-06-18 14:54 - 00000000 ____D () C:\Program Files\Google
2014-01-29 06:30 - 2011-06-18 14:53 - 00000000 ____D () C:\Program Files (x86)\Google
2014-01-29 02:12 - 2013-03-01 16:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-29 01:10 - 2012-12-26 13:05 - 00000932 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1000UA.job
2014-01-29 00:24 - 2013-03-10 00:19 - 00000924 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1004UA.job
2014-01-29 00:24 - 2013-03-10 00:19 - 00000902 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1004Core.job
2014-01-28 20:54 - 2014-01-28 20:54 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-28 20:54 - 2014-01-28 20:54 - 00000000 ____D () C:\Users\Autumn\AppData\Roaming\Malwarebytes
2014-01-28 20:54 - 2014-01-28 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-28 20:54 - 2014-01-28 20:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-28 20:52 - 2014-01-28 20:52 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Autumn\Downloads\mbam-setup.exe
2014-01-28 20:49 - 2014-01-28 20:49 - 01037068 _____ (Thisisu) C:\Users\Autumn\Downloads\JRT (1).exe
2014-01-28 20:44 - 2014-01-28 20:44 - 00020213 _____ () C:\Users\Autumn\Desktop\JRT.txt
2014-01-28 20:32 - 2011-06-18 14:32 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-28 20:32 - 2011-06-18 14:32 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-28 20:25 - 2014-01-28 20:25 - 00000000 ____D () C:\windows\ERUNT
2014-01-28 20:24 - 2014-01-28 20:24 - 01037068 _____ (Thisisu) C:\Users\Autumn\Downloads\JRT.exe
2014-01-28 20:22 - 2014-01-28 20:20 - 00002040 _____ () C:\Users\Autumn\Desktop\Rkill.txt
2014-01-28 20:20 - 2014-01-28 20:20 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Autumn\Downloads\rkill.com
2014-01-28 20:05 - 2011-10-06 05:57 - 00000000 ____D () C:\Users\Autumn\AppData\Local\Google
2014-01-28 20:05 - 2011-06-18 14:54 - 00000000 ____D () C:\ProgramData\Google
2014-01-28 19:37 - 2009-07-13 23:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-28 19:37 - 2009-07-13 23:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-28 16:36 - 2014-01-28 16:36 - 00000143 _____ () C:\Users\BBY488\AppData\Roaming\WB.CFG
2014-01-28 16:36 - 2014-01-28 16:36 - 00000005 _____ () C:\Users\BBY488\AppData\Roaming\WBPU-TTL.DAT
2014-01-28 15:52 - 2013-03-05 06:04 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-28 15:47 - 2013-03-01 16:00 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-01-28 15:46 - 2013-03-01 16:00 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-28 15:46 - 2013-03-01 16:00 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-28 15:46 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-01-28 15:44 - 2012-12-26 13:05 - 00000910 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1000Core.job
2014-01-28 09:55 - 2011-06-18 14:53 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-28 09:55 - 2011-06-18 14:53 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-28 09:40 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-01-26 19:55 - 2013-01-06 14:00 - 00000000 ____D () C:\Users\Autumn\AppData\Local\Adobe
2014-01-26 19:55 - 2011-10-06 06:30 - 00000000 ____D () C:\Users\Autumn\AppData\Roaming\Adobe
2014-01-26 19:47 - 2014-01-26 19:47 - 00003322 _____ () C:\windows\System32\Tasks\{9717955D-FC1A-4303-AC8B-ECA9D06B5709}
2014-01-19 02:33 - 2010-11-20 22:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\Autumn\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-29 00:12
 
==================== End Of Log ============================
 


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:45 AM

Posted 05 February 2014 - 05:33 AM

Perform a Clean Boot, and if able to boot in Normal Mode, troubleshoot which driver or startup program is responsible.

 

Here are the Instructions.

 

Keep me posted.


Under Hurricane Emergency, expect delays on my responses

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 Vecc1982

Vecc1982
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:45 AM

Posted 05 February 2014 - 11:33 PM

Okay, Windows started up normally, went through multiple steps to figure out what was causing problem. If I leave the boxes unchecked in the systems configuration under "systems" for MBAMScheduler, MBAMService, and McAfee Security Scan Components, then the Windows 7 starts normally without the blue spinning circle. Also, under the general tab, it's still under selective startup. So do I leave it as it is with those unchecked permanently? Should I just uninstall them? I can't seem to find another way to fix them if needed. Thank you so much for all your help!



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:45 AM

Posted 06 February 2014 - 11:21 AM

Remove those programs. They may have corrupted components.

 

Then in Normal Mode run FRST64.

 

 

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 


Under Hurricane Emergency, expect delays on my responses

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 Vecc1982

Vecc1982
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:45 AM

Posted 06 February 2014 - 12:50 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2014
Ran by Autumn (administrator) on BBY488-PC on 06-02-2014 12:45:48
Running from C:\Users\Autumn\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKU\S-1-5-21-3817446971-4238635741-1619600606-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3817446971-4238635741-1619600606-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "spdy": {
      "servers": [ "chatenabled.mail.google.com:443", "ssl.gstatic.com:443", "accounts.youtube.com:443", "gmail.com:443", "profiles.google.com:443", "s.youtube.com:443", "www.youtube-nocookie.com:443", "www.youtube.com:443", "accounts.google.com:443", "mail-attachment.googleusercontent.com:443", "plusone.google.com:443", "googleads.g.doubleclick.net:443", "pagead2.googleadservices.com:443", "ssl.google-analytics.com:443", "toolbarqueries.google.com:443", "clients2.google.com:443", "clients6.google.com:443", "lh4.googleusercontent.com:443", "lh6.googleusercontent.com:443", "mail.google.com:443", "s.ytimg.com:443", "www.google.com:443", "apis.google.com:443", "www.googleadservices.com:443", "maps-api-ssl.google.com:443", "s2.googleusercontent.com:443"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\gcswf32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-27]
CHR Extension: (Google Search) - C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-27]
CHR Extension: (Google Wallet) - C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-28]
CHR Extension: (Gmail) - C:\Users\Autumn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-27]
CHR HKCU\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\Autumn\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx [2011-12-27]
CHR HKCU\...\Chrome\Extension: [edfllcfghbogdahicgpcmnmkgpcmdjeo] - C:\Users\Autumn\AppData\Local\CRE\edfllcfghbogdahicgpcmnmkgpcmdjeo.crx [2011-12-27]
CHR HKCU\...\Chrome\Extension: [jfjbflachhjbdbhfgknpgcgpchaikkok] - C:\Users\Autumn\AppData\Local\CRE\jfjbflachhjbdbhfgknpgcgpchaikkok.crx [2011-12-27]
CHR HKCU\...\Chrome\Extension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:\Users\Autumn\AppData\Local\CRE\lonndllmbldmmoefheenkmgkencnkdkh.crx [2011-12-27]
CHR HKCU\...\Chrome\Extension: [oelbclnhkbhlhikfmpmbakbgeonbjjnp] - C:\Users\Autumn\AppData\Local\CRE\oelbclnhkbhlhikfmpmbakbgeonbjjnp.crx [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\Autumn\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [edfllcfghbogdahicgpcmnmkgpcmdjeo] - C:\Users\Autumn\AppData\Local\CRE\edfllcfghbogdahicgpcmnmkgpcmdjeo.crx [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [jfjbflachhjbdbhfgknpgcgpchaikkok] - C:\Users\Autumn\AppData\Local\CRE\jfjbflachhjbdbhfgknpgcgpchaikkok.crx [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:\Users\Autumn\AppData\Local\CRE\lonndllmbldmmoefheenkmgkencnkdkh.crx [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [oelbclnhkbhlhikfmpmbakbgeonbjjnp] - C:\Users\Autumn\AppData\Local\CRE\oelbclnhkbhlhikfmpmbakbgeonbjjnp.crx [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [peaihlgfkkhnflpijnnbhkmkcpjhnpel] - C:\Program Files (x86)\BuzzSocialPoints_DNS\chrome.crx [2011-12-27]
 
==================== Services (Whitelisted) =================
 
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
S1 avgtp; \??\C:\windows\system32\drivers\avgtpx64.sys [X]
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 IAStorDataMgrSvc; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-06 12:45 - 2014-02-06 12:45 - 00000000 ____D () C:\Users\Autumn\Downloads\FRST-OlderVersion
2014-02-05 22:48 - 2014-02-05 22:48 - 00000000 ____D () C:\cb6a251129f55ecf6ceda270
2014-02-05 22:46 - 2014-02-05 22:47 - 00657688 _____ (Conduit) C:\Users\Autumn\Downloads\Video_Converter_TSV33LKOD.exe
2014-02-05 22:29 - 2014-02-05 22:35 - 00000000 ____D () C:\windows\system32\MRT
2014-02-04 23:48 - 2014-02-04 23:51 - 00000000 ____D () C:\AdwCleaner
2014-02-04 23:46 - 2014-02-04 23:46 - 01166132 _____ () C:\Users\Autumn\Downloads\AdwCleaner.exe
2014-02-04 23:38 - 2014-02-04 23:38 - 00004851 _____ () C:\Users\Autumn\Downloads\fixlist (1).txt
2014-02-03 22:45 - 2014-02-05 00:18 - 00025647 _____ () C:\Users\Autumn\Downloads\Addition.txt
2014-02-03 22:43 - 2014-02-06 12:46 - 00013229 _____ () C:\Users\Autumn\Downloads\FRST.txt
2014-02-03 22:43 - 2014-02-06 12:45 - 00000000 ____D () C:\FRST
2014-02-03 22:42 - 2014-02-06 12:45 - 02082304 _____ (Farbar) C:\Users\Autumn\Downloads\FRST64.exe
2014-02-03 14:42 - 2014-02-03 14:42 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumns Updated Resume (1).wps
2014-02-03 14:41 - 2014-02-03 14:41 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumn resume final (2).wps
2014-02-03 14:40 - 2014-02-03 14:40 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumn resume final (1).wps
2014-02-03 14:39 - 2014-02-03 14:39 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumn resume final.wps
2014-02-03 14:35 - 2014-02-03 14:35 - 00000000 ____D () C:\Users\Autumn\AppData\Local\Lenovo Security Suite
2014-02-03 14:26 - 2014-02-03 14:26 - 00002040 _____ () C:\Users\Autumn\Downloads\Rkill.txt
2014-02-03 14:13 - 2014-02-03 14:13 - 00275730 _____ () C:\Users\Autumn\Downloads\Autumn Vecchione - Google+.htm
2014-02-03 14:13 - 2014-02-03 14:13 - 00000000 ____D () C:\Users\Autumn\Downloads\Autumn Vecchione - Google+_files
2014-01-28 20:54 - 2014-01-28 20:54 - 00000000 ____D () C:\Users\Autumn\AppData\Roaming\Malwarebytes
2014-01-28 20:54 - 2014-01-28 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-28 20:52 - 2014-01-28 20:52 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Autumn\Downloads\mbam-setup.exe
2014-01-28 20:49 - 2014-01-28 20:49 - 01037068 _____ (Thisisu) C:\Users\Autumn\Downloads\JRT (1).exe
2014-01-28 20:44 - 2014-01-28 20:44 - 00020213 _____ () C:\Users\Autumn\Desktop\JRT.txt
2014-01-28 20:25 - 2014-01-28 20:25 - 00000000 ____D () C:\windows\ERUNT
2014-01-28 20:24 - 2014-01-28 20:24 - 01037068 _____ (Thisisu) C:\Users\Autumn\Downloads\JRT.exe
2014-01-28 20:20 - 2014-01-28 20:22 - 00002040 _____ () C:\Users\Autumn\Desktop\Rkill.txt
2014-01-28 20:20 - 2014-01-28 20:20 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Autumn\Downloads\rkill.com
2014-01-28 16:36 - 2014-01-28 16:36 - 00000143 _____ () C:\Users\BBY488\AppData\Roaming\WB.CFG
2014-01-28 16:36 - 2014-01-28 16:36 - 00000005 _____ () C:\Users\BBY488\AppData\Roaming\WBPU-TTL.DAT
2014-01-28 16:29 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-01-28 16:28 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-01-28 16:28 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-01-28 16:28 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2014-01-28 16:28 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-01-28 16:28 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2014-01-28 16:28 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-01-28 16:28 - 2013-05-10 00:49 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2014-01-28 16:28 - 2013-05-09 22:20 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2014-01-28 16:28 - 2013-04-26 00:51 - 00751104 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-01-28 16:28 - 2013-04-25 23:55 - 00492544 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2014-01-28 16:27 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-01-28 16:27 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-01-28 16:27 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2014-01-28 16:27 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-01-28 16:27 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2014-01-28 16:27 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-01-28 16:27 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2014-01-28 16:27 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2014-01-28 16:27 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-28 16:27 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-01-28 16:27 - 2013-05-13 00:51 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-01-28 16:27 - 2013-05-13 00:51 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-01-28 16:27 - 2013-05-13 00:51 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2014-01-28 16:27 - 2013-05-13 00:50 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\certenc.dll
2014-01-28 16:27 - 2013-05-12 23:45 - 01160192 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-01-28 16:27 - 2013-05-12 23:45 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2014-01-28 16:27 - 2013-05-12 23:45 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2014-01-28 16:27 - 2013-05-12 22:43 - 01192448 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2014-01-28 16:27 - 2013-05-12 22:08 - 00903168 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2014-01-28 16:27 - 2013-05-12 22:08 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\certenc.dll
2014-01-28 16:27 - 2013-04-17 02:02 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-01-28 16:27 - 2013-04-17 01:24 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-01-28 16:26 - 2013-08-01 07:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-01-28 16:12 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2014-01-28 16:12 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2014-01-28 16:10 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2014-01-28 16:10 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2014-01-28 16:10 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2014-01-28 16:10 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2014-01-28 16:10 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2014-01-28 16:09 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2014-01-28 07:44 - 2014-01-29 06:30 - 00007704 _____ () C:\windows\PFRO.log
2014-01-26 19:47 - 2014-01-26 19:47 - 00003322 _____ () C:\windows\System32\Tasks\{9717955D-FC1A-4303-AC8B-ECA9D06B5709}
 
==================== One Month Modified Files and Folders =======
 
2014-02-06 12:46 - 2014-02-03 22:43 - 00013229 _____ () C:\Users\Autumn\Downloads\FRST.txt
2014-02-06 12:46 - 2009-07-13 23:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-06 12:46 - 2009-07-13 23:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-06 12:45 - 2014-02-06 12:45 - 00000000 ____D () C:\Users\Autumn\Downloads\FRST-OlderVersion
2014-02-06 12:45 - 2014-02-03 22:43 - 00000000 ____D () C:\FRST
2014-02-06 12:45 - 2014-02-03 22:42 - 02082304 _____ (Farbar) C:\Users\Autumn\Downloads\FRST64.exe
2014-02-06 12:43 - 2009-07-14 00:13 - 00005376 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-06 12:42 - 2011-06-18 13:44 - 01764183 _____ () C:\windows\WindowsUpdate.log
2014-02-06 12:38 - 2011-06-18 15:00 - 00483394 _____ () C:\windows\system32\fastboot.set
2014-02-06 12:38 - 2011-06-18 14:53 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-06 12:38 - 2011-06-18 14:30 - 03648497 _____ () C:\FaceProv.log
2014-02-06 12:38 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-06 12:37 - 2013-09-30 19:06 - 00003024 _____ () C:\windows\setupact.log
2014-02-05 23:03 - 2011-10-06 05:53 - 00000000 ___RD () C:\Users\Autumn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-05 23:03 - 2011-10-06 05:51 - 00000000 ___RD () C:\Users\Autumn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-05 22:59 - 2011-02-22 06:42 - 00000000 ____D () C:\Program Files\Windows Journal
2014-02-05 22:48 - 2014-02-05 22:48 - 00000000 ____D () C:\cb6a251129f55ecf6ceda270
2014-02-05 22:47 - 2014-02-05 22:46 - 00657688 _____ (Conduit) C:\Users\Autumn\Downloads\Video_Converter_TSV33LKOD.exe
2014-02-05 22:35 - 2014-02-05 22:29 - 00000000 ____D () C:\windows\system32\MRT
2014-02-05 21:58 - 2011-06-18 14:30 - 00000000 ____D () C:\ProgramData\VeriFace
2014-02-05 00:18 - 2014-02-03 22:45 - 00025647 _____ () C:\Users\Autumn\Downloads\Addition.txt
2014-02-04 23:51 - 2014-02-04 23:48 - 00000000 ____D () C:\AdwCleaner
2014-02-04 23:50 - 2011-08-16 03:57 - 00000000 ____D () C:\Users\BBY488
2014-02-04 23:46 - 2014-02-04 23:46 - 01166132 _____ () C:\Users\Autumn\Downloads\AdwCleaner.exe
2014-02-04 23:41 - 2013-01-16 17:16 - 00000000 ____D () C:\Users\Joey
2014-02-04 23:38 - 2014-02-04 23:38 - 00004851 _____ () C:\Users\Autumn\Downloads\fixlist (1).txt
2014-02-03 14:42 - 2014-02-03 14:42 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumns Updated Resume (1).wps
2014-02-03 14:41 - 2014-02-03 14:41 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumn resume final (2).wps
2014-02-03 14:40 - 2014-02-03 14:40 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumn resume final (1).wps
2014-02-03 14:39 - 2014-02-03 14:39 - 00025600 _____ () C:\Users\Autumn\Downloads\Autumn resume final.wps
2014-02-03 14:35 - 2014-02-03 14:35 - 00000000 ____D () C:\Users\Autumn\AppData\Local\Lenovo Security Suite
2014-02-03 14:26 - 2014-02-03 14:26 - 00002040 _____ () C:\Users\Autumn\Downloads\Rkill.txt
2014-02-03 14:13 - 2014-02-03 14:13 - 00275730 _____ () C:\Users\Autumn\Downloads\Autumn Vecchione - Google+.htm
2014-02-03 14:13 - 2014-02-03 14:13 - 00000000 ____D () C:\Users\Autumn\Downloads\Autumn Vecchione - Google+_files
2014-02-03 12:08 - 2011-06-18 14:53 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-29 06:50 - 2011-10-06 05:51 - 00002243 _____ () C:\Users\Autumn\Desktop\OneKey Recovery.lnk
2014-01-29 06:30 - 2014-01-28 07:44 - 00007704 _____ () C:\windows\PFRO.log
2014-01-29 06:30 - 2011-06-18 14:54 - 00000000 ____D () C:\Program Files\Google
2014-01-29 06:30 - 2011-06-18 14:53 - 00000000 ____D () C:\Program Files (x86)\Google
2014-01-29 02:12 - 2013-03-01 16:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-29 01:10 - 2012-12-26 13:05 - 00000932 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1000UA.job
2014-01-29 00:24 - 2013-03-10 00:19 - 00000924 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1004UA.job
2014-01-29 00:24 - 2013-03-10 00:19 - 00000902 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1004Core.job
2014-01-28 20:54 - 2014-01-28 20:54 - 00000000 ____D () C:\Users\Autumn\AppData\Roaming\Malwarebytes
2014-01-28 20:54 - 2014-01-28 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-28 20:52 - 2014-01-28 20:52 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Autumn\Downloads\mbam-setup.exe
2014-01-28 20:49 - 2014-01-28 20:49 - 01037068 _____ (Thisisu) C:\Users\Autumn\Downloads\JRT (1).exe
2014-01-28 20:44 - 2014-01-28 20:44 - 00020213 _____ () C:\Users\Autumn\Desktop\JRT.txt
2014-01-28 20:32 - 2011-06-18 14:32 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-28 20:32 - 2011-06-18 14:32 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-28 20:25 - 2014-01-28 20:25 - 00000000 ____D () C:\windows\ERUNT
2014-01-28 20:24 - 2014-01-28 20:24 - 01037068 _____ (Thisisu) C:\Users\Autumn\Downloads\JRT.exe
2014-01-28 20:22 - 2014-01-28 20:20 - 00002040 _____ () C:\Users\Autumn\Desktop\Rkill.txt
2014-01-28 20:20 - 2014-01-28 20:20 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Autumn\Downloads\rkill.com
2014-01-28 20:05 - 2011-10-06 05:57 - 00000000 ____D () C:\Users\Autumn\AppData\Local\Google
2014-01-28 20:05 - 2011-06-18 14:54 - 00000000 ____D () C:\ProgramData\Google
2014-01-28 16:36 - 2014-01-28 16:36 - 00000143 _____ () C:\Users\BBY488\AppData\Roaming\WB.CFG
2014-01-28 16:36 - 2014-01-28 16:36 - 00000005 _____ () C:\Users\BBY488\AppData\Roaming\WBPU-TTL.DAT
2014-01-28 15:52 - 2013-03-05 06:04 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-28 15:47 - 2013-03-01 16:00 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-01-28 15:46 - 2013-03-01 16:00 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-28 15:46 - 2013-03-01 16:00 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-28 15:46 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-01-28 15:44 - 2012-12-26 13:05 - 00000910 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1000Core.job
2014-01-28 09:55 - 2011-06-18 14:53 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-28 09:55 - 2011-06-18 14:53 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-28 09:40 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-01-26 19:55 - 2013-01-06 14:00 - 00000000 ____D () C:\Users\Autumn\AppData\Local\Adobe
2014-01-26 19:55 - 2011-10-06 06:30 - 00000000 ____D () C:\Users\Autumn\AppData\Roaming\Adobe
2014-01-26 19:47 - 2014-01-26 19:47 - 00003322 _____ () C:\windows\System32\Tasks\{9717955D-FC1A-4303-AC8B-ECA9D06B5709}
2014-01-19 02:33 - 2010-11-20 22:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\Autumn\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-29 00:12
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2014
Ran by Autumn at 2014-02-06 12:48:42
Running from C:\Users\Autumn\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}
 
==================== Installed Programs ======================
 
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (x32 Version: 9.5.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.4.634 - Adobe Systems, Inc.)
Apple Application Support (x32 Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (x32 Version: 7.0 - Atheros)
ATI AVIVO64 Codecs (Version: 11.6.0.10518 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (Version: 3.0.812.0 - ATI Technologies, Inc.)
AVG 2013 (Version: 13.0.2638 - AVG Technologies) Hidden
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Big Fish Games: Game Manager (x32 Version: 3.0.1.60 - )
BioExcess (Version: 7.0.67.0 - Egis Technology Inc.) Hidden
BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.)
BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0525.1041.17280 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0525.1041.17280 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0525.1041.17280 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0525.1041.17280 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help English (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help French (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help German (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0525.1040.17280 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0525.1041.17280 - ATI) Hidden
ccc-utility64 (Version: 2011.0525.1041.17280 - ATI) Hidden
Conexant HD Audio (Version: 8.54.4.50 - Conexant)
CyberLink YouCam (x32 Version: 3.1.3728 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EgisTec ES603 WDM Driver (x32 Version: 3.0.20.0 - Egis Technology Inc.)
Energy Management (x32 Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
ES603 WDM Driver (x32 Version: 3.0.20.0 - Egis Technology Inc.) Hidden
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287 - Skype Limited)
Facebook Video Calling 2.0.0.447 (x32 Version: 2.0.447 - Skype Limited)
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
iTunes (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 13 (x32 Version: 7.0.130 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Lenovo EasyCamera (x32 Version: 13.10.1201.1 - Vimicro)
Lenovo EE Boot Optimizer (Version: 0.0.1.7 - Lenovo)
Lenovo OneKey Recovery (Version: 7.0.0.2525 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (x32 Version: 7.0.0.2525 - CyberLink Corp.)
Lenovo Security Suite (x32 Version: 2.0.13.0 - Lenovo)
Lenovo Security Suite (x32 Version: 2.0.13.0 - Lenovo) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.2.0223.1 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Pirate101 (x32 Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Port Locker (Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.)
Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Power2Go (x32 Version: 5.6.0.7303 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
QuickTime (x32 Version: 7.72.80.56 - Apple Inc.)
Realtek Ethernet Controller Driver (x32 Version: 7.42.304.2011 - Realtek)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
ROBLOX Player for Autumn (HKCU Version:  - ROBLOX Corporation)
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 15.2.5.2 - Synaptics Incorporated)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
UserGuide (x32 Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (x32 Version: 4.0.0.1224 - Lenovo)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Wizard101 (x32 Version: 1.0.0 - KingsIsle Entertainment, Inc.)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
World of Warcraft (x32 Version: 4.0.0.12911 - Blizzard Entertainment)
 
==================== Restore Points  =========================
 
07-05-2013 23:05:26 Windows Update
15-05-2013 20:47:58 Windows Update
19-05-2013 03:31:00 Windows Update
22-05-2013 20:49:30 Windows Update
30-09-2013 17:12:00 Windows Update
28-01-2014 16:01:32 Scheduled Checkpoint
28-01-2014 21:12:21 Windows Update
06-02-2014 03:27:17 Windows Update
06-02-2014 04:24:09 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0188B75F-5354-4149-ADC1-AD06FC2BA453} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink)
Task: {0A9FC5C2-9D16-4470-9033-942428C2E15D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18] (Google Inc.)
Task: {129C8023-F3B8-44EC-A35A-777B27504E50} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1004Core => C:\Users\Joey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-10] (Facebook Inc.)
Task: {2A731CBF-C485-4C89-925A-A30D199307A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5E2556C0-07B0-4695-8917-0F589462F090} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1004UA => C:\Users\Joey\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-10] (Facebook Inc.)
Task: {7CF38705-346D-4921-BF76-F1C4E421CD9F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-28] (Adobe Systems Incorporated)
Task: {803E6E92-04B1-46F7-A697-A9A3DF0C185E} - System32\Tasks\BuzzSocialPoints_DNS_Checker => C:\Windows\BuzzSocialPointsChecker\BSP_li.exe
Task: {9F1B68DE-C1D8-4857-BBEA-1FFC7C74FF14} - System32\Tasks\Test TimeTrigger => C:\Users\Autumn\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {B1D8EBE2-5357-445C-B9D2-2D27C048F868} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1000Core => C:\Users\BBY488\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-26] (Facebook Inc.)
Task: {C0456B0A-B331-4796-9A10-1BF03A040348} - \AmiUpdXp No Task File
Task: {C8DA581C-82F9-4F5A-87AC-F8619A2A8999} - System32\Tasks\RunAsStdUser Task => C:\Users\Autumn\AppData\Local\teeveewatchSA\bin\1.0.9.0\TeeveeWatchSA.exe
Task: {D100CADE-FB09-4B74-9975-9E282B92AE52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-18] (Google Inc.)
Task: {E48A16E7-7EF7-4C3B-B98E-03465649DECD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1000UA => C:\Users\BBY488\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-26] (Facebook Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1000Core.job => C:\Users\BBY488\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1000UA.job => C:\Users\BBY488\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1004Core.job => C:\Users\Joey\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817446971-4238635741-1619600606-1004UA.job => C:\Users\Joey\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-06-18 14:30 - 2011-06-18 14:30 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2011-09-27 10:23 - 2011-09-27 10:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 10:22 - 2011-09-27 10:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-28 11:04 - 2014-01-23 00:56 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-01-28 11:04 - 2014-01-23 00:56 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-01-28 11:04 - 2014-01-23 00:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-28 11:05 - 2014-01-23 00:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-28 11:04 - 2014-01-23 00:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== Faulty Device Manager Devices =============
 
Name: AVG AVI Loader Driver
Description: AVG AVI Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Avgldx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: avgtp
Description: avgtp
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: avgtp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/06/2014 00:48:40 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).
 
Error: (02/06/2014 00:43:05 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (02/06/2014 00:43:05 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (02/06/2014 00:40:22 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (02/06/2014 00:39:50 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (02/06/2014 00:39:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2014 11:25:14 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).
 
Error: (02/05/2014 11:20:11 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (02/05/2014 11:20:10 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (02/05/2014 11:16:47 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
 
System errors:
=============
Error: (02/06/2014 00:38:32 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgldx64
avgtp
cdrom
 
Error: (02/05/2014 11:14:57 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgldx64
avgtp
cdrom
 
Error: (02/05/2014 11:11:44 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (02/05/2014 11:11:44 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (02/05/2014 11:11:41 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (02/05/2014 11:11:33 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (02/05/2014 11:11:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AVGIDSDriver
Avgldx64
avgtp
BPntDrv
cdrom
discache
EgisTecFF
MpFilter
mwlPSDFilter
mwlPSDNServ
mwlPSDVDisk
spldr
Wanarpv6
 
Error: (02/05/2014 11:11:07 PM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: 
%%1068
 
Error: (02/05/2014 11:11:00 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:09:54 PM on ‎2/‎5/‎2014 was unexpected.
 
Error: (02/05/2014 11:02:15 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgldx64
avgtp
cdrom
 
 
Microsoft Office Sessions:
=========================
Error: (02/06/2014 00:48:40 PM) (Source: CVHSVC)(User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).
 
Error: (02/06/2014 00:43:05 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (02/06/2014 00:43:05 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (02/06/2014 00:40:22 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed
 
Error: (02/06/2014 00:39:50 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2
 
Error: (02/06/2014 00:39:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2014 11:25:14 PM) (Source: CVHSVC)(User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).
 
Error: (02/05/2014 11:20:11 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (02/05/2014 11:20:10 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (02/05/2014 11:16:47 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 33%
Total physical RAM: 3686.11 MB
Available physical RAM: 2434.61 MB
Total Pagefile: 7370.4 MB
Available Pagefile: 5981.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:254.14 GB) (Free:189.87 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.2 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 1AB91EF8)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)
 
==================== End Of Log ============================


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:45 AM

Posted 06 February 2014 - 06:07 PM

Please download and run the AVG 2013 Removal Tool. That should remove AVG remnants.

 

There are a few drivers that are not loading:

 

BPntDrv
cdrom
discache
EgisTecFF
MpFilter
mwlPSDFilter
mwlPSDNServ
mwlPSDVDisk
spldr
Wanarpv6
 
Do you have any problem with your audio, video, cd_ROM .... etc.

 

Run FRST64 as you did before.

Type the following in the edit box on FRST, after "Search:".

cdrom.sys

It then should look like:

Search: cdrom.sys

Click Search button and post the log (Search.txt) it will be produced  in your next reply.


Under Hurricane Emergency, expect delays on my responses

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 Vecc1982

Vecc1982
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:45 AM

Posted 06 February 2014 - 09:20 PM

Farbar Recovery Scan Tool (x64) Version: 06-02-2014
Ran by Autumn at 2014-02-06 21:15:37
Running from C:\Users\Autumn\Downloads\FRST-OlderVersion
Boot Mode: Normal
 
================== Search: "cdrom.sys" ===================
 
C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
[2010-11-20 22:23] - [2010-11-20 22:23] - 0147456 ____A (Microsoft Corporation) F036CE71586E93D94DAB220D7BDF4416
 
C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010-11-20 22:23] - [2010-11-20 22:23] - 0147456 ____A (Microsoft Corporation) F036CE71586E93D94DAB220D7BDF4416
 
C:\Windows\System32\drivers\cdrom.sys
[2010-11-20 22:23] - [2010-11-20 22:23] - 0147456 ____A (Microsoft Corporation) F036CE71586E93D94DAB220D7BDF4416
 
====== End Of Search ======


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:45 AM

Posted 06 February 2014 - 09:42 PM

Do you have any problem with your audio, video, cd_ROM .... etc? Check and let me know.

 

How is it doing?


Edited by JSntgRvr, 06 February 2014 - 09:43 PM.

Under Hurricane Emergency, expect delays on my responses

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 Vecc1982

Vecc1982
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:45 AM

Posted 07 February 2014 - 06:53 AM

The audio works fine, my cd is jammed, can't get it to open.I will look at it more when I get back from work. Can you recommend a good anti virus/spyware to keep on it? My son likes to play games on it like minecraft, lord of the rings, etc. Don't know if that was part of the problem or not. Thank you so much for your assistance again. Also, is it safe to pay bills and stuff now?



#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:45 AM

Posted 07 February 2014 - 11:04 AM

Download the enclosed file.

 

Save it in the location FRST64 is.

 

Run FRST64 and click on the Fix button, and wait.

 

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.


Under Hurricane Emergency, expect delays on my responses

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users