svchost virus in temp folder. BSOD any time I run hijack this or malwarebytes. win7 64bit

swiss487 · January 6, 2014

Hi, I have a terrible virus... svchost in my temp folder... any time I tried to kill it, or run any malwarebytes or hijackthis program to try to kill it... it gives me the BSOD.

I have a hp pavilion dv7, running windows 7 64 bit.

I have found several cases like mine on here.. but they all say do not run those programs unless told to do so by one of ya'll, so here I am.

Thank you for your help!!!!

kevinf80 · January 6, 2014

Hello and

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Kevin

swiss487 · January 6, 2014

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014

Ran by owner (administrator) on OWNER-HP on 06-01-2014 16:00:00

Running from C:\Users\owner\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

() C:\Program Files\Core Temp\Core Temp.exe

(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(w6A7BaTo) C:\Users\owner\AppData\Roaming\svchost.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [23556fb1360f366337f97c924e76ead3] - C:\Users\owner\AppData\Roaming\svchost.exe [76800 2013-05-23] (w6A7BaTo)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [23556fb1360f366337f97c924e76ead3] - C:\Users\owner\AppData\Roaming\svchost.exe [76800 2013-05-23] (w6A7BaTo)

HKCU\...\Run: [2706594A3E67FD236E1C49110F47E7F15075846A._service_run] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-12-03] (Google Inc.)

Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe (w6A7BaTo)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKLM - {334B3E44-5ACF-4E5C-A5D1-4A018193996D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKLM-x32 - {334B3E44-5ACF-4E5C-A5D1-4A018193996D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL =

SearchScopes: HKCU - {334B3E44-5ACF-4E5C-A5D1-4A018193996D} URL =

SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =

SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0

CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Website Logon) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof\6.0.100_0

CHR Extension: (Facebook Share Button (by Shareaholic)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\2.0.0_0

CHR Extension: (Phone 2 Google Chrome\u2122) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlgojabfogikedjanecphloghlegpdm\4.3_0

CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0

CHR Extension: (Chrome to Phone) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0

CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx

==================== Services (Whitelisted) =================

R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)

S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)

S3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()

S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()

S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

S3 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 cricut; C:\Windows\System32\DRIVERS\cricut_x64.sys [72248 2013-12-26] ()

R3 hswpan; C:\Windows\system32\drivers\hswpan.sys [108288 2011-12-07] (Ozmo Inc)

S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)

R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-13] (Synaptics Incorporated)

R3 ALSysIO; \??\C:\Users\owner\AppData\Local\Temp\ALSysIO64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-06 16:00 - 2014-01-06 16:00 - 00009909 _____ C:\Users\owner\Desktop\FRST.txt

2014-01-06 15:55 - 2014-01-06 15:55 - 01931762 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe

2014-01-06 15:47 - 2014-01-06 15:47 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill (2).exe

2014-01-06 15:46 - 2014-01-06 15:46 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill (1).exe

2014-01-06 15:45 - 2014-01-06 15:46 - 02918528 _____ (Emsisoft GmbH ) C:\Users\owner\Downloads\EmsisoftHiJackFreeSetup.exe

2014-01-06 15:45 - 2014-01-06 15:45 - 01153912 _____ (Emsi Software GmbH) C:\Users\owner\Downloads\BlitzBlank.exe

2014-01-06 15:43 - 2014-01-06 15:44 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill.exe

2014-01-06 15:42 - 2014-01-06 15:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\owner\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-06 15:42 - 2014-01-06 15:42 - 00688992 _____ (Swearware) C:\Users\owner\Downloads\dds.scr

2014-01-06 00:41 - 2014-01-06 00:41 - 00281856 _____ C:\Windows\Minidump\010614-30498-01.dmp

2014-01-05 23:51 - 2014-01-05 23:56 - 00000000 ____D C:\Windows\pss

2014-01-05 21:57 - 2014-01-05 21:57 - 00000000 ____D C:\FRST

2014-01-05 21:46 - 2014-01-05 21:47 - 00281680 _____ C:\Windows\Minidump\010514-33072-01.dmp

2014-01-05 21:45 - 2014-01-06 00:40 - 00000000 ____D C:\32788R22FWJFW

2014-01-05 21:45 - 2014-01-05 21:45 - 00000000 ____D C:\Windows\erdnt

2014-01-05 21:44 - 2014-01-05 21:44 - 00281720 _____ C:\Windows\Minidump\010514-31418-01.dmp

2014-01-05 21:31 - 2014-01-06 00:43 - 00000556 _____ C:\Windows\setupact.log

2014-01-05 21:31 - 2014-01-06 00:41 - 648594595 _____ C:\Windows\MEMORY.DMP

2014-01-05 21:31 - 2014-01-05 21:31 - 00285232 _____ C:\Windows\Minidump\010514-37736-01.dmp

2014-01-05 21:31 - 2014-01-05 21:31 - 00000000 _____ C:\Windows\setuperr.log

2014-01-05 21:27 - 2014-01-05 23:56 - 00000000 ____D C:\Program Files\CCleaner

2014-01-05 21:27 - 2014-01-05 23:55 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-01-05 21:25 - 2014-01-05 21:25 - 00041272 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys

2014-01-05 21:25 - 2014-01-05 21:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\Malwarebytes

2014-01-05 21:25 - 2014-01-05 21:25 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-01 02:32 - 2014-01-01 02:32 - 00017294 _____ C:\Windows\SysWOW64\Road Rage.txt

2014-01-01 02:31 - 2014-01-01 02:31 - 00159516 _____ C:\Windows\SysWOW64\New Road Rage.txt

2014-01-01 02:31 - 2014-01-01 02:31 - 00068222 _____ C:\Windows\SysWOW64\number 2 wouldnt fit.txt

2014-01-01 02:31 - 2014-01-01 02:31 - 00065218 _____ C:\Windows\SysWOW64\dj swiss - 500 mix.txt

2013-12-29 15:00 - 2013-12-29 15:00 - 00000000 ____D C:\Users\owner\New folder (4)

2013-12-29 14:59 - 2013-12-29 15:00 - 00000000 ____D C:\Users\owner\Backup

2013-12-29 14:49 - 2013-12-30 23:09 - 00000000 ____D C:\Users\owner\My Design

2013-12-29 14:49 - 2013-12-29 14:49 - 00000000 ____D C:\Users\owner\New folder (3)

2013-12-29 14:44 - 2013-12-29 14:44 - 00000000 ____D C:\Users\owner\New folder (2)

2013-12-29 14:43 - 2013-12-29 14:44 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-12-29 14:43 - 2013-12-29 14:44 - 00000000 ____D C:\Program Files\iTunes

2013-12-29 14:43 - 2013-12-29 14:44 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\New folder

2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\Documents\New folder

2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\Documents\eBooks

2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Program Files\iPod

2013-12-29 14:37 - 2013-12-29 14:37 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-12-28 14:34 - 2014-01-06 16:00 - 00020480 _____ C:\Windows\SysWOW64\.tmp

2013-12-27 13:35 - 2014-01-06 15:57 - 00165167 _____ C:\Windows\WindowsUpdate.log

2013-12-27 13:31 - 2014-01-06 00:41 - 00000000 ____D C:\Windows\Minidump

2013-12-27 13:24 - 2013-05-23 20:09 - 00076800 _____ (w6A7BaTo) C:\Users\owner\AppData\Roaming\svchost.exe

2013-12-27 12:55 - 2013-12-27 12:55 - 00000000 ____D C:\Program Files (x86)\DAMN NFO Viewer

2013-12-26 22:34 - 2014-01-06 00:02 - 00000000 ____D C:\Program Files (x86)\Make The Cut!

2013-12-26 22:31 - 2014-01-06 00:03 - 00000000 ____D C:\Program Files (x86)\Craft Edge

2013-12-26 22:31 - 2013-12-26 22:32 - 00000000 ____D C:\Users\Public\Documents\CraftEdge

2013-12-26 22:31 - 2013-12-26 22:32 - 00000000 ____D C:\ProgramData\Documents\CraftEdge

2013-12-26 22:31 - 2013-12-26 22:32 - 00000000 ____D C:\ProgramData\CraftEdge

2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\owner\AppData\Roaming\com.cricut.Cricut-CraftRoom

2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia

2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia

2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Program Files\Provocraft

2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Program Files (x86)\Cricut-Craft Room

2013-12-26 21:09 - 2013-12-26 21:08 - 00072248 _____ () C:\Windows\system32\Drivers\cricut_x64.sys

2013-12-24 01:58 - 2013-12-24 01:58 - 00001568 _____ C:\Users\owner\Documents\ch.log

2013-12-24 01:00 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2013-12-24 01:00 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2013-12-24 01:00 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2013-12-24 01:00 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2013-12-24 00:59 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-12-24 00:59 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-12-24 00:59 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2013-12-24 00:59 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-12-24 00:59 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-12-24 00:59 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2013-12-24 00:59 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-12-24 00:59 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-12-24 00:59 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-12-24 00:59 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-12-24 00:59 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-12-24 00:59 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-12-24 00:59 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2013-12-24 00:59 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2013-12-24 00:59 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-12-24 00:59 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-12-24 00:59 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-12-24 00:59 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-12-24 00:59 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-12-24 00:59 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2013-12-24 00:59 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-12-24 00:59 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-12-24 00:59 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-12-24 00:59 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-12-24 00:59 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-12-24 00:59 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-12-24 00:59 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-12-24 00:59 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-12-24 00:59 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-12-24 00:59 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-12-24 00:59 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-12-21 19:55 - 2013-12-21 19:57 - 00000000 ____D C:\Users\owner\AppData\Roaming\Apple Computer

2013-12-21 19:55 - 2013-12-21 19:55 - 00000000 ____D C:\Users\owner\AppData\Local\Apple Computer

2013-12-21 19:55 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Windows\System32\Tasks\Apple

2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-12-21 19:48 - 2013-11-27 12:12 - 48147496 _____ (Poikosoft) C:\Users\Public\Downloads\ez_cd_audio_converter_free_setup.exe

2013-12-21 19:48 - 2013-11-27 12:10 - 01005568 _____ (Microsoft Corporation) C:\Users\Public\Downloads\dotNetFx45_Full_setup.exe

2013-12-21 19:48 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-12-21 19:48 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2013-12-21 19:48 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-12-21 19:48 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-12-21 19:48 - 2013-11-11 05:31 - 04379048 _____ (Piriform Ltd) C:\Users\Public\Downloads\ccsetup407.exe

2013-12-21 19:48 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll

2013-12-21 19:48 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll

2013-12-21 19:48 - 2013-10-29 20:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-12-21 19:48 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

2013-12-21 19:48 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2013-12-21 19:48 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2013-12-21 19:48 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

2013-12-21 19:48 - 2013-09-29 12:34 - 15069520 _____ (Ventis Media Inc. ) C:\Users\Public\Downloads\MediaMonkey_4.0.7.1511.exe

2013-12-21 19:48 - 2013-09-28 19:36 - 01970848 _____ C:\Users\Public\Downloads\winrar-x64-500.exe

2013-12-21 19:48 - 2013-09-27 11:58 - 97176400 _____ (Apple Inc.) C:\Users\Public\Downloads\iTunes64Setup.exe

2013-12-21 19:48 - 2013-09-24 03:52 - 01907792 _____ (InstallX, LLC) C:\Users\Public\Downloads\coretemp_1236.exe

2013-12-21 19:46 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2013-12-21 19:46 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2013-12-21 19:46 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx

2013-12-21 19:46 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll

2013-12-21 19:46 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2013-12-21 19:46 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2013-12-21 19:46 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe

2013-12-21 19:46 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

==================== One Month Modified Files and Folders =======

2014-01-06 16:00 - 2014-01-06 16:00 - 00009909 _____ C:\Users\owner\Desktop\FRST.txt

2014-01-06 16:00 - 2013-12-28 14:34 - 00020480 _____ C:\Windows\SysWOW64\.tmp

2014-01-06 15:59 - 2013-11-09 02:16 - 00000000 ____D C:\Users\owner\Desktop\TOSHIBA

2014-01-06 15:57 - 2013-12-27 13:35 - 00165167 _____ C:\Windows\WindowsUpdate.log

2014-01-06 15:55 - 2014-01-06 15:55 - 01931762 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe

2014-01-06 15:47 - 2014-01-06 15:47 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill (2).exe

2014-01-06 15:46 - 2014-01-06 15:46 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill (1).exe

2014-01-06 15:46 - 2014-01-06 15:45 - 02918528 _____ (Emsisoft GmbH ) C:\Users\owner\Downloads\EmsisoftHiJackFreeSetup.exe

2014-01-06 15:45 - 2014-01-06 15:45 - 01153912 _____ (Emsi Software GmbH) C:\Users\owner\Downloads\BlitzBlank.exe

2014-01-06 15:44 - 2014-01-06 15:43 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill.exe

2014-01-06 15:42 - 2014-01-06 15:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\owner\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-06 15:42 - 2014-01-06 15:42 - 00688992 _____ (Swearware) C:\Users\owner\Downloads\dds.scr

2014-01-06 15:28 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-06 00:50 - 2009-07-13 23:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-06 00:50 - 2009-07-13 23:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-06 00:43 - 2014-01-05 21:31 - 00000556 _____ C:\Windows\setupact.log

2014-01-06 00:43 - 2013-09-10 03:51 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-06 00:43 - 2013-09-10 03:51 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-06 00:43 - 2013-09-07 19:05 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForowner.job

2014-01-06 00:43 - 2012-02-23 22:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-01-06 00:43 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-06 00:41 - 2014-01-06 00:41 - 00281856 _____ C:\Windows\Minidump\010614-30498-01.dmp

2014-01-06 00:41 - 2014-01-05 21:31 - 648594595 _____ C:\Windows\MEMORY.DMP

2014-01-06 00:41 - 2013-12-27 13:31 - 00000000 ____D C:\Windows\Minidump

2014-01-06 00:40 - 2014-01-05 21:45 - 00000000 ____D C:\32788R22FWJFW

2014-01-06 00:38 - 2013-10-02 09:41 - 00000000 ____D C:\Users\owner\Downloads\New folder

2014-01-06 00:14 - 2013-08-22 11:24 - 00000000 ___RD C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-01-06 00:11 - 2013-08-22 11:18 - 00000000 ____D C:\Users\owner

2014-01-06 00:03 - 2013-12-26 22:31 - 00000000 ____D C:\Program Files (x86)\Craft Edge

2014-01-06 00:03 - 2013-09-29 12:39 - 00000000 ____D C:\Program Files (x86)\MediaMonkey

2014-01-06 00:02 - 2013-12-26 22:34 - 00000000 ____D C:\Program Files (x86)\Make The Cut!

2014-01-06 00:01 - 2012-02-23 22:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2014-01-06 00:00 - 2012-08-12 12:02 - 00000000 ____D C:\ProgramData\CyberLink

2014-01-06 00:00 - 2012-08-12 11:54 - 00000000 ____D C:\Program Files (x86)\CyberLink

2014-01-05 23:56 - 2014-01-05 23:51 - 00000000 ____D C:\Windows\pss

2014-01-05 23:56 - 2014-01-05 21:27 - 00000000 ____D C:\Program Files\CCleaner

2014-01-05 23:55 - 2014-01-05 21:27 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-01-05 23:55 - 2013-09-10 03:51 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-01-05 23:55 - 2013-09-10 03:51 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-01-05 23:55 - 2013-09-07 19:05 - 00003188 _____ C:\Windows\System32\Tasks\HPCeeScheduleForowner

2014-01-05 23:55 - 2013-08-22 11:20 - 00003570 _____ C:\Windows\System32\Tasks\Registration

2014-01-05 23:55 - 2012-02-23 22:25 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-01-05 21:57 - 2014-01-05 21:57 - 00000000 ____D C:\FRST

2014-01-05 21:47 - 2014-01-05 21:46 - 00281680 _____ C:\Windows\Minidump\010514-33072-01.dmp

2014-01-05 21:45 - 2014-01-05 21:45 - 00000000 ____D C:\Windows\erdnt

2014-01-05 21:44 - 2014-01-05 21:44 - 00281720 _____ C:\Windows\Minidump\010514-31418-01.dmp

2014-01-05 21:36 - 2013-08-22 11:24 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{30EDE5D5-18FA-42F4-ACC4-348017773A2A}

2014-01-05 21:31 - 2014-01-05 21:31 - 00285232 _____ C:\Windows\Minidump\010514-37736-01.dmp

2014-01-05 21:31 - 2014-01-05 21:31 - 00000000 _____ C:\Windows\setuperr.log

2014-01-05 21:31 - 2009-07-13 23:45 - 00346816 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-05 21:28 - 2013-09-27 06:00 - 00000000 ____D C:\Users\owner\AppData\Local\CrashDumps

2014-01-05 21:28 - 2013-09-07 23:18 - 00000000 ___DC C:\Users\owner\AppData\Local\MigWiz

2014-01-05 21:28 - 2007-01-01 20:25 - 00000000 ____D C:\Windows\Panther

2014-01-05 21:25 - 2014-01-05 21:25 - 00041272 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys

2014-01-05 21:25 - 2014-01-05 21:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\Malwarebytes

2014-01-05 21:25 - 2014-01-05 21:25 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-01 02:32 - 2014-01-01 02:32 - 00017294 _____ C:\Windows\SysWOW64\Road Rage.txt

2014-01-01 02:31 - 2014-01-01 02:31 - 00159516 _____ C:\Windows\SysWOW64\New Road Rage.txt

2014-01-01 02:31 - 2014-01-01 02:31 - 00068222 _____ C:\Windows\SysWOW64\number 2 wouldnt fit.txt

2014-01-01 02:31 - 2014-01-01 02:31 - 00065218 _____ C:\Windows\SysWOW64\dj swiss - 500 mix.txt

2014-01-01 01:52 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries

2013-12-30 23:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors

2013-12-30 23:09 - 2013-12-29 14:49 - 00000000 ____D C:\Users\owner\My Design

2013-12-29 15:01 - 2013-08-31 13:24 - 00082024 _____ C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT

2013-12-29 15:00 - 2013-12-29 15:00 - 00000000 ____D C:\Users\owner\New folder (4)

2013-12-29 15:00 - 2013-12-29 14:59 - 00000000 ____D C:\Users\owner\Backup

2013-12-29 14:49 - 2013-12-29 14:49 - 00000000 ____D C:\Users\owner\New folder (3)

2013-12-29 14:49 - 2013-11-27 12:14 - 00774404 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-12-29 14:44 - 2013-12-29 14:44 - 00000000 ____D C:\Users\owner\New folder (2)

2013-12-29 14:44 - 2013-12-29 14:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-12-29 14:44 - 2013-12-29 14:43 - 00000000 ____D C:\Program Files\iTunes

2013-12-29 14:44 - 2013-12-29 14:43 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\New folder

2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\Documents\New folder

2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\Documents\eBooks

2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Program Files\iPod

2013-12-29 14:37 - 2013-12-29 14:37 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-12-28 21:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

2013-12-27 12:55 - 2013-12-27 12:55 - 00000000 ____D C:\Program Files (x86)\DAMN NFO Viewer

2013-12-26 22:32 - 2013-12-26 22:31 - 00000000 ____D C:\Users\Public\Documents\CraftEdge

2013-12-26 22:32 - 2013-12-26 22:31 - 00000000 ____D C:\ProgramData\Documents\CraftEdge

2013-12-26 22:32 - 2013-12-26 22:31 - 00000000 ____D C:\ProgramData\CraftEdge

2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\owner\AppData\Roaming\com.cricut.Cricut-CraftRoom

2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia

2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia

2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Program Files\Provocraft

2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Program Files (x86)\Cricut-Craft Room

2013-12-26 21:09 - 2012-02-23 22:37 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-12-26 21:08 - 2013-12-26 21:09 - 00072248 _____ () C:\Windows\system32\Drivers\cricut_x64.sys

2013-12-26 21:08 - 2013-11-11 05:27 - 00000000 ____D C:\Users\owner\AppData\Local\Adobe

2013-12-26 21:08 - 2013-09-03 18:38 - 00000000 ____D C:\Users\owner\AppData\Roaming\Macromedia

2013-12-24 01:58 - 2013-12-24 01:58 - 00001568 _____ C:\Users\owner\Documents\ch.log

2013-12-24 00:58 - 2013-09-14 05:55 - 00000000 ____D C:\Windows\system32\MRT

2013-12-24 00:57 - 2013-09-14 05:55 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-12-21 19:57 - 2013-12-21 19:55 - 00000000 ____D C:\Users\owner\AppData\Roaming\Apple Computer

2013-12-21 19:55 - 2013-12-21 19:55 - 00000000 ____D C:\Users\owner\AppData\Local\Apple Computer

2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Windows\System32\Tasks\Apple

2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-12-21 19:53 - 2013-11-09 06:37 - 00000000 ____D C:\ProgramData\Apple

2013-12-21 19:53 - 2013-09-27 12:03 - 00000000 ____D C:\ProgramData\Apple Computer

2013-12-21 19:43 - 2013-09-29 12:40 - 00000000 ____D C:\Users\owner\AppData\Roaming\MediaMonkey

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-01 04:31

==================== End Of Log ============================

swiss487 · January 6, 2014

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014

Ran by owner at 2014-01-06 16:00:23

Running from C:\Users\owner\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.160 - Adobe Systems Incorporated)

Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633 - Adobe Systems, Inc.)

Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)

AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden

Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bonjour (Version: 3.0.0.10 - Apple Inc.)

CCleaner (Version: 4.07 - Piriform)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Core Temp 1.0 RC5 (Version: 1.0 - Alcpu)

Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Cricut Driver v2.01 (x32 Version: 2.01 - Provo Craft & Novelty, Inc.)

Cricut Craft Room® (x32 Version: 1.0.183 - Provo Craft & Novelty, Inc.) Hidden

Cricut Craft Room® (x32 Version: v1.0 build-183 - Provo Craft & Novelty, Inc.)

CyberLink YouCam (x32 Version: 3.5.2.4725 - CyberLink Corp.)

CyberLink YouCam (x32 Version: 3.5.2.4725 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

ESU for Microsoft Windows 7 SP1 (x32 Version: 4.1.2 - Hewlett-Packard)

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden

FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden

Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden

Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)

Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden

Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden

HP 3D DriveGuard (Version: 4.1.10.1 - Hewlett-Packard Company)

HP Application Assistant (Version: 1.0.409.3882 - Hewlett-Packard)

HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden

HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden

HP CoolSense (x32 Version: 2.10.3 - Hewlett-Packard Company)

HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden

HP Documentation (x32 Version: 1.3.0.0 - Hewlett-Packard)

HP Games (x32 Version: 1.0.2.5 - WildTangent)

HP Launch Box (Version: 1.1.5 - Hewlett-Packard Company)

HP MovieStore (x32 Version: 2.1.096 - Hewlett-Packard) Hidden

HP MovieStore (x32 Version: 2.1.21096.0 - Hewlett-Packard Company)

HP On Screen Display (x32 Version: 1.3.5 - Hewlett-Packard Company)

HP Power Manager (x32 Version: 1.4.7 - Hewlett-Packard Company)

HP Quick Launch (x32 Version: 2.6.2 - Hewlett-Packard Company)

HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden

HP Security Assistant (Version: 2.0.2 - Hewlett-Packard Company)

HP Setup (x32 Version: 9.0.15109.3899 - Hewlett-Packard Company)

HP Setup Manager (x32 Version: 1.2.14901.3869 - Hewlett-Packard Company)

HP SimplePass (x32 Version: 6.0.100.272 - Hewlett-Packard)

HP Software Framework (x32 Version: 4.5.4.1 - Hewlett-Packard Company)

HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company)

IDT Audio (x32 Version: 1.0.6381.0 - IDT)

Intel PROSet Wireless (Version: - ) Hidden

Intel® Management Engine Components (x32 Version: 8.0.0.1351 - Intel Corporation)

Intel® OpenCL CPU Runtime (x32 Version: - Intel Corporation)

Intel® Processor Graphics (x32 Version: 8.15.10.2626 - Intel Corporation)

Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.0.0.0074 - Intel Corporation)

Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.0.0.0086 - Intel Corporation)

Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.0.199 - Intel Corporation)

Intel® WiDi (x32 Version: 3.0.12.0 - Intel Corporation)

Intel® Wireless Display (Version: - )

Intel® Wireless Music device driver (Version: 1.5.5310.0 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0682 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.23.216.0 - Intel Corporation)

iTunes (Version: 11.1.3.8 - Apple Inc.)

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Silverlight (x32 Version: 4.0.50401.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)

opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden

QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)

Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011 - Realtek)

Realtek PCIE Card Reader (x32 Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)

RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (Version: 15.3.29.0 - Synaptics Incorporated)

The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden

Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

Validity WBF DDK (Version: 4.3.301.0 - Validity Sensors, Inc.)

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden

WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

WinRAR 5.00 (64-bit) (Version: 5.00.0 - win.rar GmbH)

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points =========================

28-12-2013 19:37:48 Device Driver Package Install: CUTOK Printers

28-12-2013 19:45:32 Windows Update

29-12-2013 19:39:19 Windows Update

05-01-2014 21:08:37 Windows Update

06-01-2014 02:36:00 010514

06-01-2014 04:58:43 Configured PowerDVD

06-01-2014 05:01:13 Removed Evernote v. 4.5.2

06-01-2014 05:03:42 Removed Blio.

==================== Hosts content: ==========================

2009-07-13 21:34 - 2013-12-27 13:12 - 00000867 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {20C2C914-E71E-4774-BF7D-9769176DA5D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)

Task: {50A324E3-024F-401D-8443-3C13C2043503} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {5900D82B-222E-4DBA-B626-F4DA585210A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.)

Task: {6EF9C9A2-355E-4C53-B1B3-A0B9CC9906DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.)

Task: {85964B46-442D-40E7-92A9-719B6ECE939A} - System32\Tasks\Core Temp Autostart owner => C:\Program Files\Core Temp\Core Temp.exe [2013-03-01] ()

Task: {A1B39F92-F58C-4B6C-8A68-E1F66894E42D} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-10-06] ()

Task: {B4A4F004-3D30-4BF6-B94C-0BE0FBFD2688} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {BEC34B84-9848-4F13-BCE9-25EB332EFF66} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink)

Task: {C2189053-5157-4141-B6EF-B36B7717637A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)

Task: {C8CD3758-5DA2-4BAB-B714-9F542D714C87} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)

Task: {D1BAE797-E288-4465-8C99-E70098409F66} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)

Task: {D4585B9F-EFF1-40FF-9951-8A406215B5C0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-23] (Adobe Systems Incorporated)

Task: {EBE707D0-6DE6-4D37-B53F-06BD7B54EC0B} - System32\Tasks\HPCeeScheduleForowner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForowner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-02-07 08:19 - 2013-02-07 08:19 - 00019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll

2013-12-21 19:55 - 2013-12-03 21:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

2013-12-21 19:55 - 2013-12-03 21:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll

2013-12-21 19:55 - 2013-12-03 21:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

2013-12-21 19:55 - 2013-12-03 21:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

2013-12-21 19:54 - 2013-12-03 21:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

2013-12-21 19:55 - 2013-12-03 21:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (01/06/2014 00:43:49 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2014 11:01:19 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (01/05/2014 09:47:15 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2014 09:44:44 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2014 09:32:08 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2014 09:31:47 PM) (Source: ESENT) (User: )

Description: taskhost (2712) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\owner\AppData\Local\Microsoft\Windows\WebCache\V0100069.log.

Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4274

Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 4274

Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/01/2014 07:46:18 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 3057

System errors:

=============

Error: (01/06/2014 03:53:12 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/06/2014 03:43:12 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/06/2014 03:33:12 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/06/2014 00:54:46 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/06/2014 00:44:46 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/06/2014 00:42:08 AM) (Source: Service Control Manager) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

Error: (01/06/2014 00:42:08 AM) (Source: Service Control Manager) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

Error: (01/06/2014 00:42:08 AM) (Source: Service Control Manager) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

Error: (01/06/2014 00:41:56 AM) (Source: Service Control Manager) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

Error: (01/06/2014 00:41:56 AM) (Source: DCOM) (User: )

Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Microsoft Office Sessions:

=========================

Error: (01/06/2014 00:43:49 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2014 11:01:19 PM) (Source: SideBySide)(User: )

Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\cricut-craft room\Drivers\Cricut Expression Drivers ia64.exe

Error: (01/05/2014 09:47:15 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2014 09:44:44 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2014 09:32:08 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2014 09:31:47 PM) (Source: ESENT)(User: )

Description: taskhost2712WebCacheLocal: C:\Users\owner\AppData\Local\Microsoft\Windows\WebCache\V0100069.log-1811

Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4274

Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 4274

Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/01/2014 07:46:18 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 3057

==================== Memory info ===========================

Percentage of memory in use: 26%

Total physical RAM: 8089.31 MB

Available physical RAM: 5939.28 MB

Total Pagefile: 16176.8 MB

Available Pagefile: 13819.28 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:676.66 GB) (Free:528.76 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (Recovery) (Fixed) (Total:21.68 GB) (Free:2.33 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 1E75F28A)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=677 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=22 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)

==================== End Of Log ============================

kevinf80 · January 6, 2014

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next,

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

Download Malwarebytes from the following link and save it to your desktop.:

http://www.malwarebytes.org/mbam.php

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Next,

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Post those logs in next reply, also I do not see an Antivirus program installed, is that correct...

Kevin

fixlist.txt

swiss487 · January 6, 2014

I have Windows Defender. I'm assuming from the virus I have that Defender is not gonna cut it. lol Will post my results from above instructions in a few moments. Thank you for your help. Are you snowed in too? We got 14 inches of snow last night!

swiss487 · January 6, 2014

It told me to reboot, I will be back in a few with the other logs.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-01-2014

Ran by owner at 2014-01-06 16:46:19 Run:1

Running from C:\Users\owner\Desktop

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

Start

HKCU\...\Run: [23556fb1360f366337f97c924e76ead3] - C:\Users\owner\AppData\Roaming\svchost.exe

C:\Users\owner\AppData\Roaming\svchost.exe

Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe (w6A7BaTo)

C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe

End

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\23556fb1360f366337f97c924e76ead3 => Value deleted successfully.

C:\Users\owner\AppData\Roaming\svchost.exe => Moved successfully.

C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe => Moved successfully.

"C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe" => File/Directory not found.

The system needs a manual reboot.

==== End of Fixlog ====

swiss487 · January 6, 2014

When I was restarting, I got the BSOD. I just got her back on and looked in the task manager before I did anything and did not see the virus in there like it has been. Am I ok to go ahead and run and scan malwarebytes?

kevinf80 · January 6, 2014

Yes please, run Malwarebytes and AdwCleaner. Just so you are aware Windows Defender does not have an Antivirus component in Windows 7, only Windows 8....

Also i`m based in the UK, no snow here yet.......

swiss487 · January 7, 2014

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2014.01.06.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

owner :: OWNER-HP [administrator]

Protection: Disabled

1/6/2014 6:02:33 PM

mbam-log-2014-01-06 (18-02-33).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 207799

Time elapsed: 3 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|23556fb1360f366337f97c924e76ead3 (Trojan.Agent) -> Data: "C:\Users\owner\AppData\Roaming\svchost.exe" .. -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|23556fb1360f366337f97c924e76ead3 (Trojan.Agent) -> Data: "C:\Users\owner\AppData\Roaming\svchost.exe" .. -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Public\Downloads\coretemp_1236.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.

(end)

# AdwCleaner v3.016 - Report created 06/01/2014 at 19:12:18

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : owner - OWNER-HP

# Running from : C:\Users\owner\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKCU\Software\23556fb1360f366337f97c924e76ead3

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : HKLM\Software\InstallIQ

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2434 octets] - [06/01/2014 19:08:33]

AdwCleaner[s0].txt - [2036 octets] - [06/01/2014 19:12:18]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2096 octets] ##########

kevinf80 · January 7, 2014

Download and install Microsoft Security Essentials from here: http://www.microsoft.com/en-gb/download/details.aspx?id=5201 when installed check for updates, then run a quick scan. Let me know if anything is found.

Give an update on any remaining issues or concerns...

swiss487 · January 7, 2014

Nothing found!!! I have it set to scan every day and real time protection checked now. Thank you so much!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

swiss487 · January 7, 2014

Oh one more thing... should I erase my restore points up until now?

kevinf80 · January 7, 2014

The restore points can be reset very shortly as we clean up....

We need to remove FRST, first it is very important to deal with its own Quarantine folder by using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

Next,

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

Next,

Uninstall adwcleaner.exe (unless you want to keep it)

Please close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Uninstall
Click Yes at Would you like to Uninstall Adwcleaner

Next,

Download "Delfix by Xplode" and save it to your desktop.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

Activate UAC
Remove disinfection tools
Purge System Restore

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Let me know if those steps complete, also if any remaining issues or concerns.. Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

Kevin....

fixlist.txt

LDTate · January 13, 2014

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

svchost virus in temp folder. BSOD any time I run hijack this or malwarebytes. win7 64bit

Recommended Posts

swiss487 0

Link to post

Share on other sites

kevinf80 156

Link to post

Share on other sites

swiss487 0

Link to post

Share on other sites

swiss487 0

Link to post

Share on other sites

kevinf80 156

Link to post

Share on other sites

swiss487 0

Link to post

Share on other sites

swiss487 0

Link to post

Share on other sites

swiss487 0

Link to post

Share on other sites

kevinf80 156

Link to post

Share on other sites

swiss487 0

Link to post

Share on other sites

kevinf80 156

Link to post

Share on other sites

swiss487 0

Link to post

Share on other sites

swiss487 0

Link to post

Share on other sites

kevinf80 156

Link to post

Share on other sites

LDTate 7

Link to post

Share on other sites

Recently Browsing 0 members

Important Information