Jump to content

swiss487

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral

About swiss487

  • Birthday 08/08/1982
  1. Nothing found!!! I have it set to scan every day and real time protection checked now. Thank you so much!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  2. Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.06.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 owner :: OWNER-HP [administrator] Protection: Disabled 1/6/2014 6:02:33 PM mbam-log-2014-01-06 (18-02-33).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 207799 Time elapsed: 3 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|23556fb1360f366337f97c924e76ead3 (Trojan.Agent) -> Data: "C:\Users\owner\AppData\Roaming\svchost.exe" .. -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|23556fb1360f366337f97c924e76ead3 (Trojan.Agent) -> Data: "C:\Users\owner\AppData\Roaming\svchost.exe" .. -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Public\Downloads\coretemp_1236.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully. (end) # AdwCleaner v3.016 - Report created 06/01/2014 at 19:12:18 # Updated 23/12/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : owner - OWNER-HP # Running from : C:\Users\owner\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apn ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Deleted : HKCU\Software\23556fb1360f366337f97c924e76ead3 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKLM\Software\InstallIQ ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2434 octets] - [06/01/2014 19:08:33] AdwCleaner[s0].txt - [2036 octets] - [06/01/2014 19:12:18] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2096 octets] ##########
  3. When I was restarting, I got the BSOD. I just got her back on and looked in the task manager before I did anything and did not see the virus in there like it has been. Am I ok to go ahead and run and scan malwarebytes?
  4. It told me to reboot, I will be back in a few with the other logs. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-01-2014 Ran by owner at 2014-01-06 16:46:19 Run:1 Running from C:\Users\owner\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start HKCU\...\Run: [23556fb1360f366337f97c924e76ead3] - C:\Users\owner\AppData\Roaming\svchost.exe C:\Users\owner\AppData\Roaming\svchost.exe Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe (w6A7BaTo) C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe End ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\23556fb1360f366337f97c924e76ead3 => Value deleted successfully. C:\Users\owner\AppData\Roaming\svchost.exe => Moved successfully. C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe => Moved successfully. "C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe" => File/Directory not found. The system needs a manual reboot. ==== End of Fixlog ====
  5. I have Windows Defender. I'm assuming from the virus I have that Defender is not gonna cut it. lol Will post my results from above instructions in a few moments. Thank you for your help. Are you snowed in too? We got 14 inches of snow last night!
  6. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014 Ran by owner at 2014-01-06 16:00:23 Running from C:\Users\owner\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.160 - Adobe Systems Incorporated) Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633 - Adobe Systems, Inc.) Apple Application Support (x32 Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.) AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (Version: 3.0.0.10 - Apple Inc.) CCleaner (Version: 4.07 - Piriform) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Core Temp 1.0 RC5 (Version: 1.0 - Alcpu) Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Cricut Driver v2.01 (x32 Version: 2.01 - Provo Craft & Novelty, Inc.) Cricut Craft Room® (x32 Version: 1.0.183 - Provo Craft & Novelty, Inc.) Hidden Cricut Craft Room® (x32 Version: v1.0 build-183 - Provo Craft & Novelty, Inc.) CyberLink YouCam (x32 Version: 3.5.2.4725 - CyberLink Corp.) CyberLink YouCam (x32 Version: 3.5.2.4725 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden ESU for Microsoft Windows 7 SP1 (x32 Version: 4.1.2 - Hewlett-Packard) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden HP 3D DriveGuard (Version: 4.1.10.1 - Hewlett-Packard Company) HP Application Assistant (Version: 1.0.409.3882 - Hewlett-Packard) HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden HP CoolSense (x32 Version: 2.10.3 - Hewlett-Packard Company) HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden HP Documentation (x32 Version: 1.3.0.0 - Hewlett-Packard) HP Games (x32 Version: 1.0.2.5 - WildTangent) HP Launch Box (Version: 1.1.5 - Hewlett-Packard Company) HP MovieStore (x32 Version: 2.1.096 - Hewlett-Packard) Hidden HP MovieStore (x32 Version: 2.1.21096.0 - Hewlett-Packard Company) HP On Screen Display (x32 Version: 1.3.5 - Hewlett-Packard Company) HP Power Manager (x32 Version: 1.4.7 - Hewlett-Packard Company) HP Quick Launch (x32 Version: 2.6.2 - Hewlett-Packard Company) HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden HP Security Assistant (Version: 2.0.2 - Hewlett-Packard Company) HP Setup (x32 Version: 9.0.15109.3899 - Hewlett-Packard Company) HP Setup Manager (x32 Version: 1.2.14901.3869 - Hewlett-Packard Company) HP SimplePass (x32 Version: 6.0.100.272 - Hewlett-Packard) HP Software Framework (x32 Version: 4.5.4.1 - Hewlett-Packard Company) HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company) IDT Audio (x32 Version: 1.0.6381.0 - IDT) Intel PROSet Wireless (Version: - ) Hidden Intel® Management Engine Components (x32 Version: 8.0.0.1351 - Intel Corporation) Intel® OpenCL CPU Runtime (x32 Version: - Intel Corporation) Intel® Processor Graphics (x32 Version: 8.15.10.2626 - Intel Corporation) Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.0.0.0074 - Intel Corporation) Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.0.0.0086 - Intel Corporation) Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.0.199 - Intel Corporation) Intel® WiDi (x32 Version: 3.0.12.0 - Intel Corporation) Intel® Wireless Display (Version: - ) Intel® Wireless Music device driver (Version: 1.5.5310.0 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0682 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.23.216.0 - Intel Corporation) iTunes (Version: 11.1.3.8 - Apple Inc.) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Silverlight (x32 Version: 4.0.50401.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden QuickTime (x32 Version: 7.74.80.86 - Apple Inc.) Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011 - Realtek) Realtek PCIE Card Reader (x32 Version: 6.1.7601.29005 - Realtek Semiconductor Corp.) RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (Version: 15.3.29.0 - Synaptics Incorporated) The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Validity WBF DDK (Version: 4.3.301.0 - Validity Sensors, Inc.) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinRAR 5.00 (64-bit) (Version: 5.00.0 - win.rar GmbH) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Restore Points ========================= 28-12-2013 19:37:48 Device Driver Package Install: CUTOK Printers 28-12-2013 19:45:32 Windows Update 29-12-2013 19:39:19 Windows Update 05-01-2014 21:08:37 Windows Update 06-01-2014 02:36:00 010514 06-01-2014 04:58:43 Configured PowerDVD 06-01-2014 05:01:13 Removed Evernote v. 4.5.2 06-01-2014 05:03:42 Removed Blio. ==================== Hosts content: ========================== 2009-07-13 21:34 - 2013-12-27 13:12 - 00000867 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {20C2C914-E71E-4774-BF7D-9769176DA5D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard) Task: {50A324E3-024F-401D-8443-3C13C2043503} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {5900D82B-222E-4DBA-B626-F4DA585210A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.) Task: {6EF9C9A2-355E-4C53-B1B3-A0B9CC9906DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.) Task: {85964B46-442D-40E7-92A9-719B6ECE939A} - System32\Tasks\Core Temp Autostart owner => C:\Program Files\Core Temp\Core Temp.exe [2013-03-01] () Task: {A1B39F92-F58C-4B6C-8A68-E1F66894E42D} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-10-06] () Task: {B4A4F004-3D30-4BF6-B94C-0BE0FBFD2688} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {BEC34B84-9848-4F13-BCE9-25EB332EFF66} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink) Task: {C2189053-5157-4141-B6EF-B36B7717637A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard) Task: {C8CD3758-5DA2-4BAB-B714-9F542D714C87} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd) Task: {D1BAE797-E288-4465-8C99-E70098409F66} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company) Task: {D4585B9F-EFF1-40FF-9951-8A406215B5C0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-23] (Adobe Systems Incorporated) Task: {EBE707D0-6DE6-4D37-B53F-06BD7B54EC0B} - System32\Tasks\HPCeeScheduleForowner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForowner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2013-02-07 08:19 - 2013-02-07 08:19 - 00019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll 2013-12-21 19:55 - 2013-12-03 21:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll 2013-12-21 19:55 - 2013-12-03 21:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll 2013-12-21 19:55 - 2013-12-03 21:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll 2013-12-21 19:55 - 2013-12-03 21:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll 2013-12-21 19:54 - 2013-12-03 21:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll 2013-12-21 19:55 - 2013-12-03 21:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/06/2014 00:43:49 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 11:01:19 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/05/2014 09:47:15 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 09:44:44 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 09:32:08 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 09:31:47 PM) (Source: ESENT) (User: ) Description: taskhost (2712) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\owner\AppData\Local\Microsoft\Windows\WebCache\V0100069.log. Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4274 Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4274 Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/01/2014 07:46:18 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3057 System errors: ============= Error: (01/06/2014 03:53:12 PM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (01/06/2014 03:43:12 PM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (01/06/2014 03:33:12 PM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (01/06/2014 00:54:46 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (01/06/2014 00:44:46 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (01/06/2014 00:42:08 AM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (01/06/2014 00:42:08 AM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (01/06/2014 00:42:08 AM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (01/06/2014 00:41:56 AM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (01/06/2014 00:41:56 AM) (Source: DCOM) (User: ) Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89} Microsoft Office Sessions: ========================= Error: (01/06/2014 00:43:49 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 11:01:19 PM) (Source: SideBySide)(User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\cricut-craft room\Drivers\Cricut Expression Drivers ia64.exe Error: (01/05/2014 09:47:15 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 09:44:44 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 09:32:08 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 09:31:47 PM) (Source: ESENT)(User: ) Description: taskhost2712WebCacheLocal: C:\Users\owner\AppData\Local\Microsoft\Windows\WebCache\V0100069.log-1811 Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4274 Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4274 Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/01/2014 07:46:18 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3057 ==================== Memory info =========================== Percentage of memory in use: 26% Total physical RAM: 8089.31 MB Available physical RAM: 5939.28 MB Total Pagefile: 16176.8 MB Available Pagefile: 13819.28 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:676.66 GB) (Free:528.76 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Recovery) (Fixed) (Total:21.68 GB) (Free:2.33 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 1E75F28A) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=677 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=22 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=102 MB) - (Type=0C) ==================== End Of Log ============================
  7. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014 Ran by owner (administrator) on OWNER-HP on 06-01-2014 16:00:00 Running from C:\Users\owner\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe () C:\Program Files\Core Temp\Core Temp.exe (AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (w6A7BaTo) C:\Users\owner\AppData\Roaming\svchost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [23556fb1360f366337f97c924e76ead3] - C:\Users\owner\AppData\Roaming\svchost.exe [76800 2013-05-23] (w6A7BaTo) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [23556fb1360f366337f97c924e76ead3] - C:\Users\owner\AppData\Roaming\svchost.exe [76800 2013-05-23] (w6A7BaTo) HKCU\...\Run: [2706594A3E67FD236E1C49110F47E7F15075846A._service_run] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-12-03] (Google Inc.) Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe (w6A7BaTo) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM - {334B3E44-5ACF-4E5C-A5D1-4A018193996D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM-x32 - {334B3E44-5ACF-4E5C-A5D1-4A018193996D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = SearchScopes: HKCU - {334B3E44-5ACF-4E5C-A5D1-4A018193996D} URL = SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0 CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Website Logon) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof\6.0.100_0 CHR Extension: (Facebook Share Button (by Shareaholic)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\2.0.0_0 CHR Extension: (Phone 2 Google Chrome\u2122) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlgojabfogikedjanecphloghlegpdm\4.3_0 CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 CHR Extension: (Chrome to Phone) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0 CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx ==================== Services (Whitelisted) ================= R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP) S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard) S3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] () S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] () S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation) S3 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [x] ==================== Drivers (Whitelisted) ==================== S3 cricut; C:\Windows\System32\DRIVERS\cricut_x64.sys [72248 2013-12-26] () R3 hswpan; C:\Windows\system32\drivers\hswpan.sys [108288 2011-12-07] (Ozmo Inc) S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.) R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-13] (Synaptics Incorporated) R3 ALSysIO; \??\C:\Users\owner\AppData\Local\Temp\ALSysIO64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-06 16:00 - 2014-01-06 16:00 - 00009909 _____ C:\Users\owner\Desktop\FRST.txt 2014-01-06 15:55 - 2014-01-06 15:55 - 01931762 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe 2014-01-06 15:47 - 2014-01-06 15:47 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill (2).exe 2014-01-06 15:46 - 2014-01-06 15:46 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill (1).exe 2014-01-06 15:45 - 2014-01-06 15:46 - 02918528 _____ (Emsisoft GmbH ) C:\Users\owner\Downloads\EmsisoftHiJackFreeSetup.exe 2014-01-06 15:45 - 2014-01-06 15:45 - 01153912 _____ (Emsi Software GmbH) C:\Users\owner\Downloads\BlitzBlank.exe 2014-01-06 15:43 - 2014-01-06 15:44 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill.exe 2014-01-06 15:42 - 2014-01-06 15:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\owner\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-06 15:42 - 2014-01-06 15:42 - 00688992 _____ (Swearware) C:\Users\owner\Downloads\dds.scr 2014-01-06 00:41 - 2014-01-06 00:41 - 00281856 _____ C:\Windows\Minidump\010614-30498-01.dmp 2014-01-05 23:51 - 2014-01-05 23:56 - 00000000 ____D C:\Windows\pss 2014-01-05 21:57 - 2014-01-05 21:57 - 00000000 ____D C:\FRST 2014-01-05 21:46 - 2014-01-05 21:47 - 00281680 _____ C:\Windows\Minidump\010514-33072-01.dmp 2014-01-05 21:45 - 2014-01-06 00:40 - 00000000 ____D C:\32788R22FWJFW 2014-01-05 21:45 - 2014-01-05 21:45 - 00000000 ____D C:\Windows\erdnt 2014-01-05 21:44 - 2014-01-05 21:44 - 00281720 _____ C:\Windows\Minidump\010514-31418-01.dmp 2014-01-05 21:31 - 2014-01-06 00:43 - 00000556 _____ C:\Windows\setupact.log 2014-01-05 21:31 - 2014-01-06 00:41 - 648594595 _____ C:\Windows\MEMORY.DMP 2014-01-05 21:31 - 2014-01-05 21:31 - 00285232 _____ C:\Windows\Minidump\010514-37736-01.dmp 2014-01-05 21:31 - 2014-01-05 21:31 - 00000000 _____ C:\Windows\setuperr.log 2014-01-05 21:27 - 2014-01-05 23:56 - 00000000 ____D C:\Program Files\CCleaner 2014-01-05 21:27 - 2014-01-05 23:55 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-01-05 21:25 - 2014-01-05 21:25 - 00041272 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys 2014-01-05 21:25 - 2014-01-05 21:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\Malwarebytes 2014-01-05 21:25 - 2014-01-05 21:25 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-01 02:32 - 2014-01-01 02:32 - 00017294 _____ C:\Windows\SysWOW64\Road Rage.txt 2014-01-01 02:31 - 2014-01-01 02:31 - 00159516 _____ C:\Windows\SysWOW64\New Road Rage.txt 2014-01-01 02:31 - 2014-01-01 02:31 - 00068222 _____ C:\Windows\SysWOW64\number 2 wouldnt fit.txt 2014-01-01 02:31 - 2014-01-01 02:31 - 00065218 _____ C:\Windows\SysWOW64\dj swiss - 500 mix.txt 2013-12-29 15:00 - 2013-12-29 15:00 - 00000000 ____D C:\Users\owner\New folder (4) 2013-12-29 14:59 - 2013-12-29 15:00 - 00000000 ____D C:\Users\owner\Backup 2013-12-29 14:49 - 2013-12-30 23:09 - 00000000 ____D C:\Users\owner\My Design 2013-12-29 14:49 - 2013-12-29 14:49 - 00000000 ____D C:\Users\owner\New folder (3) 2013-12-29 14:44 - 2013-12-29 14:44 - 00000000 ____D C:\Users\owner\New folder (2) 2013-12-29 14:43 - 2013-12-29 14:44 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-12-29 14:43 - 2013-12-29 14:44 - 00000000 ____D C:\Program Files\iTunes 2013-12-29 14:43 - 2013-12-29 14:44 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\New folder 2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\Documents\New folder 2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\Documents\eBooks 2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Program Files\iPod 2013-12-29 14:37 - 2013-12-29 14:37 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-12-28 14:34 - 2014-01-06 16:00 - 00020480 _____ C:\Windows\SysWOW64\.tmp 2013-12-27 13:35 - 2014-01-06 15:57 - 00165167 _____ C:\Windows\WindowsUpdate.log 2013-12-27 13:31 - 2014-01-06 00:41 - 00000000 ____D C:\Windows\Minidump 2013-12-27 13:24 - 2013-05-23 20:09 - 00076800 _____ (w6A7BaTo) C:\Users\owner\AppData\Roaming\svchost.exe 2013-12-27 12:55 - 2013-12-27 12:55 - 00000000 ____D C:\Program Files (x86)\DAMN NFO Viewer 2013-12-26 22:34 - 2014-01-06 00:02 - 00000000 ____D C:\Program Files (x86)\Make The Cut! 2013-12-26 22:31 - 2014-01-06 00:03 - 00000000 ____D C:\Program Files (x86)\Craft Edge 2013-12-26 22:31 - 2013-12-26 22:32 - 00000000 ____D C:\Users\Public\Documents\CraftEdge 2013-12-26 22:31 - 2013-12-26 22:32 - 00000000 ____D C:\ProgramData\Documents\CraftEdge 2013-12-26 22:31 - 2013-12-26 22:32 - 00000000 ____D C:\ProgramData\CraftEdge 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\owner\AppData\Roaming\com.cricut.Cricut-CraftRoom 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Program Files\Provocraft 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Program Files (x86)\Cricut-Craft Room 2013-12-26 21:09 - 2013-12-26 21:08 - 00072248 _____ () C:\Windows\system32\Drivers\cricut_x64.sys 2013-12-24 01:58 - 2013-12-24 01:58 - 00001568 _____ C:\Users\owner\Documents\ch.log 2013-12-24 01:00 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-24 01:00 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-24 01:00 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-24 01:00 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-24 00:59 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-24 00:59 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-24 00:59 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-24 00:59 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-24 00:59 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-24 00:59 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-24 00:59 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-24 00:59 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-24 00:59 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-24 00:59 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-24 00:59 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-24 00:59 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-24 00:59 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-24 00:59 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-24 00:59 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-24 00:59 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-24 00:59 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-24 00:59 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-24 00:59 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-24 00:59 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-24 00:59 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-24 00:59 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-24 00:59 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-24 00:59 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-24 00:59 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-24 00:59 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-24 00:59 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-24 00:59 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-24 00:59 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-24 00:59 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-24 00:59 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-21 19:55 - 2013-12-21 19:57 - 00000000 ____D C:\Users\owner\AppData\Roaming\Apple Computer 2013-12-21 19:55 - 2013-12-21 19:55 - 00000000 ____D C:\Users\owner\AppData\Local\Apple Computer 2013-12-21 19:55 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Windows\System32\Tasks\Apple 2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-12-21 19:48 - 2013-11-27 12:12 - 48147496 _____ (Poikosoft) C:\Users\Public\Downloads\ez_cd_audio_converter_free_setup.exe 2013-12-21 19:48 - 2013-11-27 12:10 - 01005568 _____ (Microsoft Corporation) C:\Users\Public\Downloads\dotNetFx45_Full_setup.exe 2013-12-21 19:48 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-21 19:48 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-21 19:48 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-21 19:48 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-21 19:48 - 2013-11-11 05:31 - 04379048 _____ (Piriform Ltd) C:\Users\Public\Downloads\ccsetup407.exe 2013-12-21 19:48 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-21 19:48 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-21 19:48 - 2013-10-29 20:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-21 19:48 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-21 19:48 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-21 19:48 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-21 19:48 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-21 19:48 - 2013-09-29 12:34 - 15069520 _____ (Ventis Media Inc. ) C:\Users\Public\Downloads\MediaMonkey_4.0.7.1511.exe 2013-12-21 19:48 - 2013-09-28 19:36 - 01970848 _____ C:\Users\Public\Downloads\winrar-x64-500.exe 2013-12-21 19:48 - 2013-09-27 11:58 - 97176400 _____ (Apple Inc.) C:\Users\Public\Downloads\iTunes64Setup.exe 2013-12-21 19:48 - 2013-09-24 03:52 - 01907792 _____ (InstallX, LLC) C:\Users\Public\Downloads\coretemp_1236.exe 2013-12-21 19:46 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-21 19:46 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-21 19:46 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-21 19:46 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-21 19:46 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-21 19:46 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-21 19:46 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-21 19:46 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe ==================== One Month Modified Files and Folders ======= 2014-01-06 16:00 - 2014-01-06 16:00 - 00009909 _____ C:\Users\owner\Desktop\FRST.txt 2014-01-06 16:00 - 2013-12-28 14:34 - 00020480 _____ C:\Windows\SysWOW64\.tmp 2014-01-06 15:59 - 2013-11-09 02:16 - 00000000 ____D C:\Users\owner\Desktop\TOSHIBA 2014-01-06 15:57 - 2013-12-27 13:35 - 00165167 _____ C:\Windows\WindowsUpdate.log 2014-01-06 15:55 - 2014-01-06 15:55 - 01931762 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe 2014-01-06 15:47 - 2014-01-06 15:47 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill (2).exe 2014-01-06 15:46 - 2014-01-06 15:46 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill (1).exe 2014-01-06 15:46 - 2014-01-06 15:45 - 02918528 _____ (Emsisoft GmbH ) C:\Users\owner\Downloads\EmsisoftHiJackFreeSetup.exe 2014-01-06 15:45 - 2014-01-06 15:45 - 01153912 _____ (Emsi Software GmbH) C:\Users\owner\Downloads\BlitzBlank.exe 2014-01-06 15:44 - 2014-01-06 15:43 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill.exe 2014-01-06 15:42 - 2014-01-06 15:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\owner\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-06 15:42 - 2014-01-06 15:42 - 00688992 _____ (Swearware) C:\Users\owner\Downloads\dds.scr 2014-01-06 15:28 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-06 00:50 - 2009-07-13 23:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-06 00:50 - 2009-07-13 23:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-06 00:43 - 2014-01-05 21:31 - 00000556 _____ C:\Windows\setupact.log 2014-01-06 00:43 - 2013-09-10 03:51 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-06 00:43 - 2013-09-10 03:51 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-06 00:43 - 2013-09-07 19:05 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForowner.job 2014-01-06 00:43 - 2012-02-23 22:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-06 00:43 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-06 00:41 - 2014-01-06 00:41 - 00281856 _____ C:\Windows\Minidump\010614-30498-01.dmp 2014-01-06 00:41 - 2014-01-05 21:31 - 648594595 _____ C:\Windows\MEMORY.DMP 2014-01-06 00:41 - 2013-12-27 13:31 - 00000000 ____D C:\Windows\Minidump 2014-01-06 00:40 - 2014-01-05 21:45 - 00000000 ____D C:\32788R22FWJFW 2014-01-06 00:38 - 2013-10-02 09:41 - 00000000 ____D C:\Users\owner\Downloads\New folder 2014-01-06 00:14 - 2013-08-22 11:24 - 00000000 ___RD C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-06 00:11 - 2013-08-22 11:18 - 00000000 ____D C:\Users\owner 2014-01-06 00:03 - 2013-12-26 22:31 - 00000000 ____D C:\Program Files (x86)\Craft Edge 2014-01-06 00:03 - 2013-09-29 12:39 - 00000000 ____D C:\Program Files (x86)\MediaMonkey 2014-01-06 00:02 - 2013-12-26 22:34 - 00000000 ____D C:\Program Files (x86)\Make The Cut! 2014-01-06 00:01 - 2012-02-23 22:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2014-01-06 00:00 - 2012-08-12 12:02 - 00000000 ____D C:\ProgramData\CyberLink 2014-01-06 00:00 - 2012-08-12 11:54 - 00000000 ____D C:\Program Files (x86)\CyberLink 2014-01-05 23:56 - 2014-01-05 23:51 - 00000000 ____D C:\Windows\pss 2014-01-05 23:56 - 2014-01-05 21:27 - 00000000 ____D C:\Program Files\CCleaner 2014-01-05 23:55 - 2014-01-05 21:27 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-01-05 23:55 - 2013-09-10 03:51 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-01-05 23:55 - 2013-09-10 03:51 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-01-05 23:55 - 2013-09-07 19:05 - 00003188 _____ C:\Windows\System32\Tasks\HPCeeScheduleForowner 2014-01-05 23:55 - 2013-08-22 11:20 - 00003570 _____ C:\Windows\System32\Tasks\Registration 2014-01-05 23:55 - 2012-02-23 22:25 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-01-05 21:57 - 2014-01-05 21:57 - 00000000 ____D C:\FRST 2014-01-05 21:47 - 2014-01-05 21:46 - 00281680 _____ C:\Windows\Minidump\010514-33072-01.dmp 2014-01-05 21:45 - 2014-01-05 21:45 - 00000000 ____D C:\Windows\erdnt 2014-01-05 21:44 - 2014-01-05 21:44 - 00281720 _____ C:\Windows\Minidump\010514-31418-01.dmp 2014-01-05 21:36 - 2013-08-22 11:24 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{30EDE5D5-18FA-42F4-ACC4-348017773A2A} 2014-01-05 21:31 - 2014-01-05 21:31 - 00285232 _____ C:\Windows\Minidump\010514-37736-01.dmp 2014-01-05 21:31 - 2014-01-05 21:31 - 00000000 _____ C:\Windows\setuperr.log 2014-01-05 21:31 - 2009-07-13 23:45 - 00346816 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-05 21:28 - 2013-09-27 06:00 - 00000000 ____D C:\Users\owner\AppData\Local\CrashDumps 2014-01-05 21:28 - 2013-09-07 23:18 - 00000000 ___DC C:\Users\owner\AppData\Local\MigWiz 2014-01-05 21:28 - 2007-01-01 20:25 - 00000000 ____D C:\Windows\Panther 2014-01-05 21:25 - 2014-01-05 21:25 - 00041272 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys 2014-01-05 21:25 - 2014-01-05 21:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\Malwarebytes 2014-01-05 21:25 - 2014-01-05 21:25 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-01 02:32 - 2014-01-01 02:32 - 00017294 _____ C:\Windows\SysWOW64\Road Rage.txt 2014-01-01 02:31 - 2014-01-01 02:31 - 00159516 _____ C:\Windows\SysWOW64\New Road Rage.txt 2014-01-01 02:31 - 2014-01-01 02:31 - 00068222 _____ C:\Windows\SysWOW64\number 2 wouldnt fit.txt 2014-01-01 02:31 - 2014-01-01 02:31 - 00065218 _____ C:\Windows\SysWOW64\dj swiss - 500 mix.txt 2014-01-01 01:52 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-12-30 23:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors 2013-12-30 23:09 - 2013-12-29 14:49 - 00000000 ____D C:\Users\owner\My Design 2013-12-29 15:01 - 2013-08-31 13:24 - 00082024 _____ C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-29 15:00 - 2013-12-29 15:00 - 00000000 ____D C:\Users\owner\New folder (4) 2013-12-29 15:00 - 2013-12-29 14:59 - 00000000 ____D C:\Users\owner\Backup 2013-12-29 14:49 - 2013-12-29 14:49 - 00000000 ____D C:\Users\owner\New folder (3) 2013-12-29 14:49 - 2013-11-27 12:14 - 00774404 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-12-29 14:44 - 2013-12-29 14:44 - 00000000 ____D C:\Users\owner\New folder (2) 2013-12-29 14:44 - 2013-12-29 14:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-12-29 14:44 - 2013-12-29 14:43 - 00000000 ____D C:\Program Files\iTunes 2013-12-29 14:44 - 2013-12-29 14:43 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\New folder 2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\Documents\New folder 2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\Documents\eBooks 2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Program Files\iPod 2013-12-29 14:37 - 2013-12-29 14:37 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-12-28 21:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2013-12-27 12:55 - 2013-12-27 12:55 - 00000000 ____D C:\Program Files (x86)\DAMN NFO Viewer 2013-12-26 22:32 - 2013-12-26 22:31 - 00000000 ____D C:\Users\Public\Documents\CraftEdge 2013-12-26 22:32 - 2013-12-26 22:31 - 00000000 ____D C:\ProgramData\Documents\CraftEdge 2013-12-26 22:32 - 2013-12-26 22:31 - 00000000 ____D C:\ProgramData\CraftEdge 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\owner\AppData\Roaming\com.cricut.Cricut-CraftRoom 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Program Files\Provocraft 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Program Files (x86)\Cricut-Craft Room 2013-12-26 21:09 - 2012-02-23 22:37 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-12-26 21:08 - 2013-12-26 21:09 - 00072248 _____ () C:\Windows\system32\Drivers\cricut_x64.sys 2013-12-26 21:08 - 2013-11-11 05:27 - 00000000 ____D C:\Users\owner\AppData\Local\Adobe 2013-12-26 21:08 - 2013-09-03 18:38 - 00000000 ____D C:\Users\owner\AppData\Roaming\Macromedia 2013-12-24 01:58 - 2013-12-24 01:58 - 00001568 _____ C:\Users\owner\Documents\ch.log 2013-12-24 00:58 - 2013-09-14 05:55 - 00000000 ____D C:\Windows\system32\MRT 2013-12-24 00:57 - 2013-09-14 05:55 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-21 19:57 - 2013-12-21 19:55 - 00000000 ____D C:\Users\owner\AppData\Roaming\Apple Computer 2013-12-21 19:55 - 2013-12-21 19:55 - 00000000 ____D C:\Users\owner\AppData\Local\Apple Computer 2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Windows\System32\Tasks\Apple 2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-12-21 19:53 - 2013-11-09 06:37 - 00000000 ____D C:\ProgramData\Apple 2013-12-21 19:53 - 2013-09-27 12:03 - 00000000 ____D C:\ProgramData\Apple Computer 2013-12-21 19:43 - 2013-09-29 12:40 - 00000000 ____D C:\Users\owner\AppData\Roaming\MediaMonkey ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-01 04:31 ==================== End Of Log ============================
  8. Hi, I have a terrible virus... svchost in my temp folder... any time I tried to kill it, or run any malwarebytes or hijackthis program to try to kill it... it gives me the BSOD. I have a hp pavilion dv7, running windows 7 64 bit. I have found several cases like mine on here.. but they all say do not run those programs unless told to do so by one of ya'll, so here I am. Thank you for your help!!!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.