-
Posts
9 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by swiss487
-
Nothing found!!! I have it set to scan every day and real time protection checked now. Thank you so much!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-
Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.06.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 owner :: OWNER-HP [administrator] Protection: Disabled 1/6/2014 6:02:33 PM mbam-log-2014-01-06 (18-02-33).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 207799 Time elapsed: 3 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|23556fb1360f366337f97c924e76ead3 (Trojan.Agent) -> Data: "C:\Users\owner\AppData\Roaming\svchost.exe" .. -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|23556fb1360f366337f97c924e76ead3 (Trojan.Agent) -> Data: "C:\Users\owner\AppData\Roaming\svchost.exe" .. -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Public\Downloads\coretemp_1236.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully. (end) # AdwCleaner v3.016 - Report created 06/01/2014 at 19:12:18 # Updated 23/12/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : owner - OWNER-HP # Running from : C:\Users\owner\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apn ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Deleted : HKCU\Software\23556fb1360f366337f97c924e76ead3 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKLM\Software\InstallIQ ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2434 octets] - [06/01/2014 19:08:33] AdwCleaner[s0].txt - [2036 octets] - [06/01/2014 19:12:18] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2096 octets] ##########
-
When I was restarting, I got the BSOD. I just got her back on and looked in the task manager before I did anything and did not see the virus in there like it has been. Am I ok to go ahead and run and scan malwarebytes?
-
It told me to reboot, I will be back in a few with the other logs. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-01-2014 Ran by owner at 2014-01-06 16:46:19 Run:1 Running from C:\Users\owner\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start HKCU\...\Run: [23556fb1360f366337f97c924e76ead3] - C:\Users\owner\AppData\Roaming\svchost.exe C:\Users\owner\AppData\Roaming\svchost.exe Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe (w6A7BaTo) C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe End ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\23556fb1360f366337f97c924e76ead3 => Value deleted successfully. C:\Users\owner\AppData\Roaming\svchost.exe => Moved successfully. C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe => Moved successfully. "C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe" => File/Directory not found. The system needs a manual reboot. ==== End of Fixlog ====
-
I have Windows Defender. I'm assuming from the virus I have that Defender is not gonna cut it. lol Will post my results from above instructions in a few moments. Thank you for your help. Are you snowed in too? We got 14 inches of snow last night!
-
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014 Ran by owner at 2014-01-06 16:00:23 Running from C:\Users\owner\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.160 - Adobe Systems Incorporated) Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633 - Adobe Systems, Inc.) Apple Application Support (x32 Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.) AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (Version: 3.0.0.10 - Apple Inc.) CCleaner (Version: 4.07 - Piriform) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Core Temp 1.0 RC5 (Version: 1.0 - Alcpu) Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Cricut Driver v2.01 (x32 Version: 2.01 - Provo Craft & Novelty, Inc.) Cricut Craft Room® (x32 Version: 1.0.183 - Provo Craft & Novelty, Inc.) Hidden Cricut Craft Room® (x32 Version: v1.0 build-183 - Provo Craft & Novelty, Inc.) CyberLink YouCam (x32 Version: 3.5.2.4725 - CyberLink Corp.) CyberLink YouCam (x32 Version: 3.5.2.4725 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden ESU for Microsoft Windows 7 SP1 (x32 Version: 4.1.2 - Hewlett-Packard) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden HP 3D DriveGuard (Version: 4.1.10.1 - Hewlett-Packard Company) HP Application Assistant (Version: 1.0.409.3882 - Hewlett-Packard) HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden HP CoolSense (x32 Version: 2.10.3 - Hewlett-Packard Company) HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden HP Documentation (x32 Version: 1.3.0.0 - Hewlett-Packard) HP Games (x32 Version: 1.0.2.5 - WildTangent) HP Launch Box (Version: 1.1.5 - Hewlett-Packard Company) HP MovieStore (x32 Version: 2.1.096 - Hewlett-Packard) Hidden HP MovieStore (x32 Version: 2.1.21096.0 - Hewlett-Packard Company) HP On Screen Display (x32 Version: 1.3.5 - Hewlett-Packard Company) HP Power Manager (x32 Version: 1.4.7 - Hewlett-Packard Company) HP Quick Launch (x32 Version: 2.6.2 - Hewlett-Packard Company) HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden HP Security Assistant (Version: 2.0.2 - Hewlett-Packard Company) HP Setup (x32 Version: 9.0.15109.3899 - Hewlett-Packard Company) HP Setup Manager (x32 Version: 1.2.14901.3869 - Hewlett-Packard Company) HP SimplePass (x32 Version: 6.0.100.272 - Hewlett-Packard) HP Software Framework (x32 Version: 4.5.4.1 - Hewlett-Packard Company) HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company) IDT Audio (x32 Version: 1.0.6381.0 - IDT) Intel PROSet Wireless (Version: - ) Hidden Intel® Management Engine Components (x32 Version: 8.0.0.1351 - Intel Corporation) Intel® OpenCL CPU Runtime (x32 Version: - Intel Corporation) Intel® Processor Graphics (x32 Version: 8.15.10.2626 - Intel Corporation) Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.0.0.0074 - Intel Corporation) Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.0.0.0086 - Intel Corporation) Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.0.199 - Intel Corporation) Intel® WiDi (x32 Version: 3.0.12.0 - Intel Corporation) Intel® Wireless Display (Version: - ) Intel® Wireless Music device driver (Version: 1.5.5310.0 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0682 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.23.216.0 - Intel Corporation) iTunes (Version: 11.1.3.8 - Apple Inc.) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Silverlight (x32 Version: 4.0.50401.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden QuickTime (x32 Version: 7.74.80.86 - Apple Inc.) Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011 - Realtek) Realtek PCIE Card Reader (x32 Version: 6.1.7601.29005 - Realtek Semiconductor Corp.) RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (Version: 15.3.29.0 - Synaptics Incorporated) The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Validity WBF DDK (Version: 4.3.301.0 - Validity Sensors, Inc.) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinRAR 5.00 (64-bit) (Version: 5.00.0 - win.rar GmbH) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Restore Points ========================= 28-12-2013 19:37:48 Device Driver Package Install: CUTOK Printers 28-12-2013 19:45:32 Windows Update 29-12-2013 19:39:19 Windows Update 05-01-2014 21:08:37 Windows Update 06-01-2014 02:36:00 010514 06-01-2014 04:58:43 Configured PowerDVD 06-01-2014 05:01:13 Removed Evernote v. 4.5.2 06-01-2014 05:03:42 Removed Blio. ==================== Hosts content: ========================== 2009-07-13 21:34 - 2013-12-27 13:12 - 00000867 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {20C2C914-E71E-4774-BF7D-9769176DA5D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard) Task: {50A324E3-024F-401D-8443-3C13C2043503} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {5900D82B-222E-4DBA-B626-F4DA585210A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.) Task: {6EF9C9A2-355E-4C53-B1B3-A0B9CC9906DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.) Task: {85964B46-442D-40E7-92A9-719B6ECE939A} - System32\Tasks\Core Temp Autostart owner => C:\Program Files\Core Temp\Core Temp.exe [2013-03-01] () Task: {A1B39F92-F58C-4B6C-8A68-E1F66894E42D} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-10-06] () Task: {B4A4F004-3D30-4BF6-B94C-0BE0FBFD2688} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {BEC34B84-9848-4F13-BCE9-25EB332EFF66} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink) Task: {C2189053-5157-4141-B6EF-B36B7717637A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard) Task: {C8CD3758-5DA2-4BAB-B714-9F542D714C87} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd) Task: {D1BAE797-E288-4465-8C99-E70098409F66} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company) Task: {D4585B9F-EFF1-40FF-9951-8A406215B5C0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-23] (Adobe Systems Incorporated) Task: {EBE707D0-6DE6-4D37-B53F-06BD7B54EC0B} - System32\Tasks\HPCeeScheduleForowner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForowner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2013-02-07 08:19 - 2013-02-07 08:19 - 00019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll 2013-12-21 19:55 - 2013-12-03 21:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll 2013-12-21 19:55 - 2013-12-03 21:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll 2013-12-21 19:55 - 2013-12-03 21:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll 2013-12-21 19:55 - 2013-12-03 21:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll 2013-12-21 19:54 - 2013-12-03 21:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll 2013-12-21 19:55 - 2013-12-03 21:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/06/2014 00:43:49 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 11:01:19 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/05/2014 09:47:15 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 09:44:44 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 09:32:08 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 09:31:47 PM) (Source: ESENT) (User: ) Description: taskhost (2712) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\owner\AppData\Local\Microsoft\Windows\WebCache\V0100069.log. Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4274 Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4274 Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/01/2014 07:46:18 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3057 System errors: ============= Error: (01/06/2014 03:53:12 PM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (01/06/2014 03:43:12 PM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (01/06/2014 03:33:12 PM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (01/06/2014 00:54:46 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (01/06/2014 00:44:46 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (01/06/2014 00:42:08 AM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (01/06/2014 00:42:08 AM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (01/06/2014 00:42:08 AM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (01/06/2014 00:41:56 AM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (01/06/2014 00:41:56 AM) (Source: DCOM) (User: ) Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89} Microsoft Office Sessions: ========================= Error: (01/06/2014 00:43:49 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 11:01:19 PM) (Source: SideBySide)(User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\cricut-craft room\Drivers\Cricut Expression Drivers ia64.exe Error: (01/05/2014 09:47:15 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 09:44:44 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 09:32:08 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 09:31:47 PM) (Source: ESENT)(User: ) Description: taskhost2712WebCacheLocal: C:\Users\owner\AppData\Local\Microsoft\Windows\WebCache\V0100069.log-1811 Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4274 Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4274 Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/01/2014 07:46:18 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3057 ==================== Memory info =========================== Percentage of memory in use: 26% Total physical RAM: 8089.31 MB Available physical RAM: 5939.28 MB Total Pagefile: 16176.8 MB Available Pagefile: 13819.28 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:676.66 GB) (Free:528.76 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Recovery) (Fixed) (Total:21.68 GB) (Free:2.33 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 1E75F28A) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=677 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=22 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=102 MB) - (Type=0C) ==================== End Of Log ============================
-
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014 Ran by owner (administrator) on OWNER-HP on 06-01-2014 16:00:00 Running from C:\Users\owner\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe () C:\Program Files\Core Temp\Core Temp.exe (AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (w6A7BaTo) C:\Users\owner\AppData\Roaming\svchost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [23556fb1360f366337f97c924e76ead3] - C:\Users\owner\AppData\Roaming\svchost.exe [76800 2013-05-23] (w6A7BaTo) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [23556fb1360f366337f97c924e76ead3] - C:\Users\owner\AppData\Roaming\svchost.exe [76800 2013-05-23] (w6A7BaTo) HKCU\...\Run: [2706594A3E67FD236E1C49110F47E7F15075846A._service_run] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-12-03] (Google Inc.) Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe (w6A7BaTo) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM - {334B3E44-5ACF-4E5C-A5D1-4A018193996D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM-x32 - {334B3E44-5ACF-4E5C-A5D1-4A018193996D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = SearchScopes: HKCU - {334B3E44-5ACF-4E5C-A5D1-4A018193996D} URL = SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0 CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Website Logon) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof\6.0.100_0 CHR Extension: (Facebook Share Button (by Shareaholic)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\2.0.0_0 CHR Extension: (Phone 2 Google Chrome\u2122) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlgojabfogikedjanecphloghlegpdm\4.3_0 CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 CHR Extension: (Chrome to Phone) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0 CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx ==================== Services (Whitelisted) ================= R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP) S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard) S3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] () S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] () S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation) S3 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [x] ==================== Drivers (Whitelisted) ==================== S3 cricut; C:\Windows\System32\DRIVERS\cricut_x64.sys [72248 2013-12-26] () R3 hswpan; C:\Windows\system32\drivers\hswpan.sys [108288 2011-12-07] (Ozmo Inc) S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.) R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-13] (Synaptics Incorporated) R3 ALSysIO; \??\C:\Users\owner\AppData\Local\Temp\ALSysIO64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-06 16:00 - 2014-01-06 16:00 - 00009909 _____ C:\Users\owner\Desktop\FRST.txt 2014-01-06 15:55 - 2014-01-06 15:55 - 01931762 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe 2014-01-06 15:47 - 2014-01-06 15:47 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill (2).exe 2014-01-06 15:46 - 2014-01-06 15:46 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill (1).exe 2014-01-06 15:45 - 2014-01-06 15:46 - 02918528 _____ (Emsisoft GmbH ) C:\Users\owner\Downloads\EmsisoftHiJackFreeSetup.exe 2014-01-06 15:45 - 2014-01-06 15:45 - 01153912 _____ (Emsi Software GmbH) C:\Users\owner\Downloads\BlitzBlank.exe 2014-01-06 15:43 - 2014-01-06 15:44 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill.exe 2014-01-06 15:42 - 2014-01-06 15:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\owner\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-06 15:42 - 2014-01-06 15:42 - 00688992 _____ (Swearware) C:\Users\owner\Downloads\dds.scr 2014-01-06 00:41 - 2014-01-06 00:41 - 00281856 _____ C:\Windows\Minidump\010614-30498-01.dmp 2014-01-05 23:51 - 2014-01-05 23:56 - 00000000 ____D C:\Windows\pss 2014-01-05 21:57 - 2014-01-05 21:57 - 00000000 ____D C:\FRST 2014-01-05 21:46 - 2014-01-05 21:47 - 00281680 _____ C:\Windows\Minidump\010514-33072-01.dmp 2014-01-05 21:45 - 2014-01-06 00:40 - 00000000 ____D C:\32788R22FWJFW 2014-01-05 21:45 - 2014-01-05 21:45 - 00000000 ____D C:\Windows\erdnt 2014-01-05 21:44 - 2014-01-05 21:44 - 00281720 _____ C:\Windows\Minidump\010514-31418-01.dmp 2014-01-05 21:31 - 2014-01-06 00:43 - 00000556 _____ C:\Windows\setupact.log 2014-01-05 21:31 - 2014-01-06 00:41 - 648594595 _____ C:\Windows\MEMORY.DMP 2014-01-05 21:31 - 2014-01-05 21:31 - 00285232 _____ C:\Windows\Minidump\010514-37736-01.dmp 2014-01-05 21:31 - 2014-01-05 21:31 - 00000000 _____ C:\Windows\setuperr.log 2014-01-05 21:27 - 2014-01-05 23:56 - 00000000 ____D C:\Program Files\CCleaner 2014-01-05 21:27 - 2014-01-05 23:55 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-01-05 21:25 - 2014-01-05 21:25 - 00041272 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys 2014-01-05 21:25 - 2014-01-05 21:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\Malwarebytes 2014-01-05 21:25 - 2014-01-05 21:25 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-01 02:32 - 2014-01-01 02:32 - 00017294 _____ C:\Windows\SysWOW64\Road Rage.txt 2014-01-01 02:31 - 2014-01-01 02:31 - 00159516 _____ C:\Windows\SysWOW64\New Road Rage.txt 2014-01-01 02:31 - 2014-01-01 02:31 - 00068222 _____ C:\Windows\SysWOW64\number 2 wouldnt fit.txt 2014-01-01 02:31 - 2014-01-01 02:31 - 00065218 _____ C:\Windows\SysWOW64\dj swiss - 500 mix.txt 2013-12-29 15:00 - 2013-12-29 15:00 - 00000000 ____D C:\Users\owner\New folder (4) 2013-12-29 14:59 - 2013-12-29 15:00 - 00000000 ____D C:\Users\owner\Backup 2013-12-29 14:49 - 2013-12-30 23:09 - 00000000 ____D C:\Users\owner\My Design 2013-12-29 14:49 - 2013-12-29 14:49 - 00000000 ____D C:\Users\owner\New folder (3) 2013-12-29 14:44 - 2013-12-29 14:44 - 00000000 ____D C:\Users\owner\New folder (2) 2013-12-29 14:43 - 2013-12-29 14:44 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-12-29 14:43 - 2013-12-29 14:44 - 00000000 ____D C:\Program Files\iTunes 2013-12-29 14:43 - 2013-12-29 14:44 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\New folder 2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\Documents\New folder 2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\Documents\eBooks 2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Program Files\iPod 2013-12-29 14:37 - 2013-12-29 14:37 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-12-28 14:34 - 2014-01-06 16:00 - 00020480 _____ C:\Windows\SysWOW64\.tmp 2013-12-27 13:35 - 2014-01-06 15:57 - 00165167 _____ C:\Windows\WindowsUpdate.log 2013-12-27 13:31 - 2014-01-06 00:41 - 00000000 ____D C:\Windows\Minidump 2013-12-27 13:24 - 2013-05-23 20:09 - 00076800 _____ (w6A7BaTo) C:\Users\owner\AppData\Roaming\svchost.exe 2013-12-27 12:55 - 2013-12-27 12:55 - 00000000 ____D C:\Program Files (x86)\DAMN NFO Viewer 2013-12-26 22:34 - 2014-01-06 00:02 - 00000000 ____D C:\Program Files (x86)\Make The Cut! 2013-12-26 22:31 - 2014-01-06 00:03 - 00000000 ____D C:\Program Files (x86)\Craft Edge 2013-12-26 22:31 - 2013-12-26 22:32 - 00000000 ____D C:\Users\Public\Documents\CraftEdge 2013-12-26 22:31 - 2013-12-26 22:32 - 00000000 ____D C:\ProgramData\Documents\CraftEdge 2013-12-26 22:31 - 2013-12-26 22:32 - 00000000 ____D C:\ProgramData\CraftEdge 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\owner\AppData\Roaming\com.cricut.Cricut-CraftRoom 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Program Files\Provocraft 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Program Files (x86)\Cricut-Craft Room 2013-12-26 21:09 - 2013-12-26 21:08 - 00072248 _____ () C:\Windows\system32\Drivers\cricut_x64.sys 2013-12-24 01:58 - 2013-12-24 01:58 - 00001568 _____ C:\Users\owner\Documents\ch.log 2013-12-24 01:00 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-24 01:00 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-24 01:00 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-24 01:00 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-24 00:59 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-24 00:59 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-24 00:59 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-24 00:59 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-24 00:59 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-24 00:59 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-24 00:59 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-24 00:59 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-24 00:59 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-24 00:59 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-24 00:59 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-24 00:59 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-24 00:59 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-24 00:59 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-24 00:59 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-24 00:59 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-24 00:59 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-24 00:59 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-24 00:59 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-24 00:59 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-24 00:59 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-24 00:59 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-24 00:59 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-24 00:59 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-24 00:59 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-24 00:59 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-24 00:59 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-24 00:59 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-24 00:59 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-24 00:59 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-24 00:59 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-21 19:55 - 2013-12-21 19:57 - 00000000 ____D C:\Users\owner\AppData\Roaming\Apple Computer 2013-12-21 19:55 - 2013-12-21 19:55 - 00000000 ____D C:\Users\owner\AppData\Local\Apple Computer 2013-12-21 19:55 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Windows\System32\Tasks\Apple 2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-12-21 19:48 - 2013-11-27 12:12 - 48147496 _____ (Poikosoft) C:\Users\Public\Downloads\ez_cd_audio_converter_free_setup.exe 2013-12-21 19:48 - 2013-11-27 12:10 - 01005568 _____ (Microsoft Corporation) C:\Users\Public\Downloads\dotNetFx45_Full_setup.exe 2013-12-21 19:48 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-21 19:48 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-21 19:48 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-21 19:48 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-21 19:48 - 2013-11-11 05:31 - 04379048 _____ (Piriform Ltd) C:\Users\Public\Downloads\ccsetup407.exe 2013-12-21 19:48 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-21 19:48 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-21 19:48 - 2013-10-29 20:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-21 19:48 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-21 19:48 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-21 19:48 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-21 19:48 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-21 19:48 - 2013-09-29 12:34 - 15069520 _____ (Ventis Media Inc. ) C:\Users\Public\Downloads\MediaMonkey_4.0.7.1511.exe 2013-12-21 19:48 - 2013-09-28 19:36 - 01970848 _____ C:\Users\Public\Downloads\winrar-x64-500.exe 2013-12-21 19:48 - 2013-09-27 11:58 - 97176400 _____ (Apple Inc.) C:\Users\Public\Downloads\iTunes64Setup.exe 2013-12-21 19:48 - 2013-09-24 03:52 - 01907792 _____ (InstallX, LLC) C:\Users\Public\Downloads\coretemp_1236.exe 2013-12-21 19:46 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-21 19:46 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-21 19:46 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-21 19:46 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-21 19:46 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-21 19:46 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-21 19:46 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-21 19:46 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe ==================== One Month Modified Files and Folders ======= 2014-01-06 16:00 - 2014-01-06 16:00 - 00009909 _____ C:\Users\owner\Desktop\FRST.txt 2014-01-06 16:00 - 2013-12-28 14:34 - 00020480 _____ C:\Windows\SysWOW64\.tmp 2014-01-06 15:59 - 2013-11-09 02:16 - 00000000 ____D C:\Users\owner\Desktop\TOSHIBA 2014-01-06 15:57 - 2013-12-27 13:35 - 00165167 _____ C:\Windows\WindowsUpdate.log 2014-01-06 15:55 - 2014-01-06 15:55 - 01931762 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe 2014-01-06 15:47 - 2014-01-06 15:47 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill (2).exe 2014-01-06 15:46 - 2014-01-06 15:46 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill (1).exe 2014-01-06 15:46 - 2014-01-06 15:45 - 02918528 _____ (Emsisoft GmbH ) C:\Users\owner\Downloads\EmsisoftHiJackFreeSetup.exe 2014-01-06 15:45 - 2014-01-06 15:45 - 01153912 _____ (Emsi Software GmbH) C:\Users\owner\Downloads\BlitzBlank.exe 2014-01-06 15:44 - 2014-01-06 15:43 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill.exe 2014-01-06 15:42 - 2014-01-06 15:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\owner\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-06 15:42 - 2014-01-06 15:42 - 00688992 _____ (Swearware) C:\Users\owner\Downloads\dds.scr 2014-01-06 15:28 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-06 00:50 - 2009-07-13 23:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-06 00:50 - 2009-07-13 23:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-06 00:43 - 2014-01-05 21:31 - 00000556 _____ C:\Windows\setupact.log 2014-01-06 00:43 - 2013-09-10 03:51 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-06 00:43 - 2013-09-10 03:51 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-06 00:43 - 2013-09-07 19:05 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForowner.job 2014-01-06 00:43 - 2012-02-23 22:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-06 00:43 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-06 00:41 - 2014-01-06 00:41 - 00281856 _____ C:\Windows\Minidump\010614-30498-01.dmp 2014-01-06 00:41 - 2014-01-05 21:31 - 648594595 _____ C:\Windows\MEMORY.DMP 2014-01-06 00:41 - 2013-12-27 13:31 - 00000000 ____D C:\Windows\Minidump 2014-01-06 00:40 - 2014-01-05 21:45 - 00000000 ____D C:\32788R22FWJFW 2014-01-06 00:38 - 2013-10-02 09:41 - 00000000 ____D C:\Users\owner\Downloads\New folder 2014-01-06 00:14 - 2013-08-22 11:24 - 00000000 ___RD C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-06 00:11 - 2013-08-22 11:18 - 00000000 ____D C:\Users\owner 2014-01-06 00:03 - 2013-12-26 22:31 - 00000000 ____D C:\Program Files (x86)\Craft Edge 2014-01-06 00:03 - 2013-09-29 12:39 - 00000000 ____D C:\Program Files (x86)\MediaMonkey 2014-01-06 00:02 - 2013-12-26 22:34 - 00000000 ____D C:\Program Files (x86)\Make The Cut! 2014-01-06 00:01 - 2012-02-23 22:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2014-01-06 00:00 - 2012-08-12 12:02 - 00000000 ____D C:\ProgramData\CyberLink 2014-01-06 00:00 - 2012-08-12 11:54 - 00000000 ____D C:\Program Files (x86)\CyberLink 2014-01-05 23:56 - 2014-01-05 23:51 - 00000000 ____D C:\Windows\pss 2014-01-05 23:56 - 2014-01-05 21:27 - 00000000 ____D C:\Program Files\CCleaner 2014-01-05 23:55 - 2014-01-05 21:27 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-01-05 23:55 - 2013-09-10 03:51 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-01-05 23:55 - 2013-09-10 03:51 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-01-05 23:55 - 2013-09-07 19:05 - 00003188 _____ C:\Windows\System32\Tasks\HPCeeScheduleForowner 2014-01-05 23:55 - 2013-08-22 11:20 - 00003570 _____ C:\Windows\System32\Tasks\Registration 2014-01-05 23:55 - 2012-02-23 22:25 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-01-05 21:57 - 2014-01-05 21:57 - 00000000 ____D C:\FRST 2014-01-05 21:47 - 2014-01-05 21:46 - 00281680 _____ C:\Windows\Minidump\010514-33072-01.dmp 2014-01-05 21:45 - 2014-01-05 21:45 - 00000000 ____D C:\Windows\erdnt 2014-01-05 21:44 - 2014-01-05 21:44 - 00281720 _____ C:\Windows\Minidump\010514-31418-01.dmp 2014-01-05 21:36 - 2013-08-22 11:24 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{30EDE5D5-18FA-42F4-ACC4-348017773A2A} 2014-01-05 21:31 - 2014-01-05 21:31 - 00285232 _____ C:\Windows\Minidump\010514-37736-01.dmp 2014-01-05 21:31 - 2014-01-05 21:31 - 00000000 _____ C:\Windows\setuperr.log 2014-01-05 21:31 - 2009-07-13 23:45 - 00346816 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-05 21:28 - 2013-09-27 06:00 - 00000000 ____D C:\Users\owner\AppData\Local\CrashDumps 2014-01-05 21:28 - 2013-09-07 23:18 - 00000000 ___DC C:\Users\owner\AppData\Local\MigWiz 2014-01-05 21:28 - 2007-01-01 20:25 - 00000000 ____D C:\Windows\Panther 2014-01-05 21:25 - 2014-01-05 21:25 - 00041272 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys 2014-01-05 21:25 - 2014-01-05 21:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\Malwarebytes 2014-01-05 21:25 - 2014-01-05 21:25 - 00000000 ____D C:\ProgramData\Malwarebytes 2014-01-01 02:32 - 2014-01-01 02:32 - 00017294 _____ C:\Windows\SysWOW64\Road Rage.txt 2014-01-01 02:31 - 2014-01-01 02:31 - 00159516 _____ C:\Windows\SysWOW64\New Road Rage.txt 2014-01-01 02:31 - 2014-01-01 02:31 - 00068222 _____ C:\Windows\SysWOW64\number 2 wouldnt fit.txt 2014-01-01 02:31 - 2014-01-01 02:31 - 00065218 _____ C:\Windows\SysWOW64\dj swiss - 500 mix.txt 2014-01-01 01:52 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-12-30 23:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors 2013-12-30 23:09 - 2013-12-29 14:49 - 00000000 ____D C:\Users\owner\My Design 2013-12-29 15:01 - 2013-08-31 13:24 - 00082024 _____ C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-29 15:00 - 2013-12-29 15:00 - 00000000 ____D C:\Users\owner\New folder (4) 2013-12-29 15:00 - 2013-12-29 14:59 - 00000000 ____D C:\Users\owner\Backup 2013-12-29 14:49 - 2013-12-29 14:49 - 00000000 ____D C:\Users\owner\New folder (3) 2013-12-29 14:49 - 2013-11-27 12:14 - 00774404 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-12-29 14:44 - 2013-12-29 14:44 - 00000000 ____D C:\Users\owner\New folder (2) 2013-12-29 14:44 - 2013-12-29 14:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-12-29 14:44 - 2013-12-29 14:43 - 00000000 ____D C:\Program Files\iTunes 2013-12-29 14:44 - 2013-12-29 14:43 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\New folder 2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\Documents\New folder 2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\Documents\eBooks 2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Program Files\iPod 2013-12-29 14:37 - 2013-12-29 14:37 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-12-28 21:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2013-12-27 12:55 - 2013-12-27 12:55 - 00000000 ____D C:\Program Files (x86)\DAMN NFO Viewer 2013-12-26 22:32 - 2013-12-26 22:31 - 00000000 ____D C:\Users\Public\Documents\CraftEdge 2013-12-26 22:32 - 2013-12-26 22:31 - 00000000 ____D C:\ProgramData\Documents\CraftEdge 2013-12-26 22:32 - 2013-12-26 22:31 - 00000000 ____D C:\ProgramData\CraftEdge 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\owner\AppData\Roaming\com.cricut.Cricut-CraftRoom 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Program Files\Provocraft 2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Program Files (x86)\Cricut-Craft Room 2013-12-26 21:09 - 2012-02-23 22:37 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-12-26 21:08 - 2013-12-26 21:09 - 00072248 _____ () C:\Windows\system32\Drivers\cricut_x64.sys 2013-12-26 21:08 - 2013-11-11 05:27 - 00000000 ____D C:\Users\owner\AppData\Local\Adobe 2013-12-26 21:08 - 2013-09-03 18:38 - 00000000 ____D C:\Users\owner\AppData\Roaming\Macromedia 2013-12-24 01:58 - 2013-12-24 01:58 - 00001568 _____ C:\Users\owner\Documents\ch.log 2013-12-24 00:58 - 2013-09-14 05:55 - 00000000 ____D C:\Windows\system32\MRT 2013-12-24 00:57 - 2013-09-14 05:55 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-21 19:57 - 2013-12-21 19:55 - 00000000 ____D C:\Users\owner\AppData\Roaming\Apple Computer 2013-12-21 19:55 - 2013-12-21 19:55 - 00000000 ____D C:\Users\owner\AppData\Local\Apple Computer 2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Windows\System32\Tasks\Apple 2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-12-21 19:53 - 2013-11-09 06:37 - 00000000 ____D C:\ProgramData\Apple 2013-12-21 19:53 - 2013-09-27 12:03 - 00000000 ____D C:\ProgramData\Apple Computer 2013-12-21 19:43 - 2013-09-29 12:40 - 00000000 ____D C:\Users\owner\AppData\Roaming\MediaMonkey ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-01 04:31 ==================== End Of Log ============================
-
Hi, I have a terrible virus... svchost in my temp folder... any time I tried to kill it, or run any malwarebytes or hijackthis program to try to kill it... it gives me the BSOD. I have a hp pavilion dv7, running windows 7 64 bit. I have found several cases like mine on here.. but they all say do not run those programs unless told to do so by one of ya'll, so here I am. Thank you for your help!!!!