swiss487 Posted January 6, 2014 ID:774519 Share Posted January 6, 2014 Hi, I have a terrible virus... svchost in my temp folder... any time I tried to kill it, or run any malwarebytes or hijackthis program to try to kill it... it gives me the BSOD. I have a hp pavilion dv7, running windows 7 64 bit. I have found several cases like mine on here.. but they all say do not run those programs unless told to do so by one of ya'll, so here I am. Thank you for your help!!!! Link to post Share on other sites More sharing options...
kevinf80 Posted January 6, 2014 ID:774520 Share Posted January 6, 2014 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin Link to post Share on other sites More sharing options...
swiss487 Posted January 6, 2014 Author ID:774532 Share Posted January 6, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014Ran by owner (administrator) on OWNER-HP on 06-01-2014 16:00:00Running from C:\Users\owner\DesktopWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal ==================== Processes (Whitelisted) ================= (HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe() C:\Program Files\Core Temp\Core Temp.exe(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(w6A7BaTo) C:\Users\owner\AppData\Roaming\svchost.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)HKLM-x32\...\Run: [] - [x]HKLM-x32\...\Run: [23556fb1360f366337f97c924e76ead3] - C:\Users\owner\AppData\Roaming\svchost.exe [76800 2013-05-23] (w6A7BaTo)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKCU\...\Run: [23556fb1360f366337f97c924e76ead3] - C:\Users\owner\AppData\Roaming\svchost.exe [76800 2013-05-23] (w6A7BaTo)HKCU\...\Run: [2706594A3E67FD236E1C49110F47E7F15075846A._service_run] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-12-03] (Google Inc.)Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe (w6A7BaTo) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDFSearchScopes: HKLM - {334B3E44-5ACF-4E5C-A5D1-4A018193996D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFSearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDFSearchScopes: HKLM-x32 - {334B3E44-5ACF-4E5C-A5D1-4A018193996D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFSearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = SearchScopes: HKCU - {334B3E44-5ACF-4E5C-A5D1-4A018193996D} URL = SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileTcpip\Parameters: [DhcpNameServer] 192.168.1.254 Chrome: =======CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No FileCHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Website Logon) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof\6.0.100_0CHR Extension: (Facebook Share Button (by Shareaholic)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf\2.0.0_0CHR Extension: (Phone 2 Google Chrome\u2122) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlgojabfogikedjanecphloghlegpdm\4.3_0CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0CHR Extension: (Chrome to Phone) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx ==================== Services (Whitelisted) ================= R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)S3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)S3 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [x] ==================== Drivers (Whitelisted) ==================== S3 cricut; C:\Windows\System32\DRIVERS\cricut_x64.sys [72248 2013-12-26] ()R3 hswpan; C:\Windows\system32\drivers\hswpan.sys [108288 2011-12-07] (Ozmo Inc)S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-13] (Synaptics Incorporated)R3 ALSysIO; \??\C:\Users\owner\AppData\Local\Temp\ALSysIO64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-06 16:00 - 2014-01-06 16:00 - 00009909 _____ C:\Users\owner\Desktop\FRST.txt2014-01-06 15:55 - 2014-01-06 15:55 - 01931762 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe2014-01-06 15:47 - 2014-01-06 15:47 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill (2).exe2014-01-06 15:46 - 2014-01-06 15:46 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill (1).exe2014-01-06 15:45 - 2014-01-06 15:46 - 02918528 _____ (Emsisoft GmbH ) C:\Users\owner\Downloads\EmsisoftHiJackFreeSetup.exe2014-01-06 15:45 - 2014-01-06 15:45 - 01153912 _____ (Emsi Software GmbH) C:\Users\owner\Downloads\BlitzBlank.exe2014-01-06 15:43 - 2014-01-06 15:44 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill.exe2014-01-06 15:42 - 2014-01-06 15:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\owner\Downloads\mbam-setup-1.75.0.1300.exe2014-01-06 15:42 - 2014-01-06 15:42 - 00688992 _____ (Swearware) C:\Users\owner\Downloads\dds.scr2014-01-06 00:41 - 2014-01-06 00:41 - 00281856 _____ C:\Windows\Minidump\010614-30498-01.dmp2014-01-05 23:51 - 2014-01-05 23:56 - 00000000 ____D C:\Windows\pss2014-01-05 21:57 - 2014-01-05 21:57 - 00000000 ____D C:\FRST2014-01-05 21:46 - 2014-01-05 21:47 - 00281680 _____ C:\Windows\Minidump\010514-33072-01.dmp2014-01-05 21:45 - 2014-01-06 00:40 - 00000000 ____D C:\32788R22FWJFW2014-01-05 21:45 - 2014-01-05 21:45 - 00000000 ____D C:\Windows\erdnt2014-01-05 21:44 - 2014-01-05 21:44 - 00281720 _____ C:\Windows\Minidump\010514-31418-01.dmp2014-01-05 21:31 - 2014-01-06 00:43 - 00000556 _____ C:\Windows\setupact.log2014-01-05 21:31 - 2014-01-06 00:41 - 648594595 _____ C:\Windows\MEMORY.DMP2014-01-05 21:31 - 2014-01-05 21:31 - 00285232 _____ C:\Windows\Minidump\010514-37736-01.dmp2014-01-05 21:31 - 2014-01-05 21:31 - 00000000 _____ C:\Windows\setuperr.log2014-01-05 21:27 - 2014-01-05 23:56 - 00000000 ____D C:\Program Files\CCleaner2014-01-05 21:27 - 2014-01-05 23:55 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC2014-01-05 21:25 - 2014-01-05 21:25 - 00041272 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys2014-01-05 21:25 - 2014-01-05 21:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\Malwarebytes2014-01-05 21:25 - 2014-01-05 21:25 - 00000000 ____D C:\ProgramData\Malwarebytes2014-01-01 02:32 - 2014-01-01 02:32 - 00017294 _____ C:\Windows\SysWOW64\Road Rage.txt2014-01-01 02:31 - 2014-01-01 02:31 - 00159516 _____ C:\Windows\SysWOW64\New Road Rage.txt2014-01-01 02:31 - 2014-01-01 02:31 - 00068222 _____ C:\Windows\SysWOW64\number 2 wouldnt fit.txt2014-01-01 02:31 - 2014-01-01 02:31 - 00065218 _____ C:\Windows\SysWOW64\dj swiss - 500 mix.txt2013-12-29 15:00 - 2013-12-29 15:00 - 00000000 ____D C:\Users\owner\New folder (4)2013-12-29 14:59 - 2013-12-29 15:00 - 00000000 ____D C:\Users\owner\Backup2013-12-29 14:49 - 2013-12-30 23:09 - 00000000 ____D C:\Users\owner\My Design2013-12-29 14:49 - 2013-12-29 14:49 - 00000000 ____D C:\Users\owner\New folder (3)2013-12-29 14:44 - 2013-12-29 14:44 - 00000000 ____D C:\Users\owner\New folder (2)2013-12-29 14:43 - 2013-12-29 14:44 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-12-29 14:43 - 2013-12-29 14:44 - 00000000 ____D C:\Program Files\iTunes2013-12-29 14:43 - 2013-12-29 14:44 - 00000000 ____D C:\Program Files (x86)\iTunes2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\New folder2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\Documents\New folder2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\Documents\eBooks2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Program Files\iPod2013-12-29 14:37 - 2013-12-29 14:37 - 00000000 ____D C:\Program Files (x86)\QuickTime2013-12-28 14:34 - 2014-01-06 16:00 - 00020480 _____ C:\Windows\SysWOW64\.tmp2013-12-27 13:35 - 2014-01-06 15:57 - 00165167 _____ C:\Windows\WindowsUpdate.log2013-12-27 13:31 - 2014-01-06 00:41 - 00000000 ____D C:\Windows\Minidump2013-12-27 13:24 - 2013-05-23 20:09 - 00076800 _____ (w6A7BaTo) C:\Users\owner\AppData\Roaming\svchost.exe2013-12-27 12:55 - 2013-12-27 12:55 - 00000000 ____D C:\Program Files (x86)\DAMN NFO Viewer2013-12-26 22:34 - 2014-01-06 00:02 - 00000000 ____D C:\Program Files (x86)\Make The Cut!2013-12-26 22:31 - 2014-01-06 00:03 - 00000000 ____D C:\Program Files (x86)\Craft Edge2013-12-26 22:31 - 2013-12-26 22:32 - 00000000 ____D C:\Users\Public\Documents\CraftEdge2013-12-26 22:31 - 2013-12-26 22:32 - 00000000 ____D C:\ProgramData\Documents\CraftEdge2013-12-26 22:31 - 2013-12-26 22:32 - 00000000 ____D C:\ProgramData\CraftEdge2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\owner\AppData\Roaming\com.cricut.Cricut-CraftRoom2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Program Files\Provocraft2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Program Files (x86)\Cricut-Craft Room2013-12-26 21:09 - 2013-12-26 21:08 - 00072248 _____ () C:\Windows\system32\Drivers\cricut_x64.sys2013-12-24 01:58 - 2013-12-24 01:58 - 00001568 _____ C:\Users\owner\Documents\ch.log2013-12-24 01:00 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll2013-12-24 01:00 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL2013-12-24 01:00 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL2013-12-24 01:00 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll2013-12-24 00:59 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-12-24 00:59 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-12-24 00:59 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2013-12-24 00:59 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-12-24 00:59 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2013-12-24 00:59 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2013-12-24 00:59 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-12-24 00:59 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-12-24 00:59 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2013-12-24 00:59 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-12-24 00:59 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-12-24 00:59 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2013-12-24 00:59 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2013-12-24 00:59 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2013-12-24 00:59 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2013-12-24 00:59 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-12-24 00:59 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-12-24 00:59 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2013-12-24 00:59 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-12-24 00:59 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2013-12-24 00:59 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-12-24 00:59 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2013-12-24 00:59 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-12-24 00:59 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-12-24 00:59 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-12-24 00:59 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-12-24 00:59 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-12-24 00:59 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2013-12-24 00:59 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2013-12-24 00:59 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-12-24 00:59 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-12-21 19:55 - 2013-12-21 19:57 - 00000000 ____D C:\Users\owner\AppData\Roaming\Apple Computer2013-12-21 19:55 - 2013-12-21 19:55 - 00000000 ____D C:\Users\owner\AppData\Local\Apple Computer2013-12-21 19:55 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Windows\System32\Tasks\Apple2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Program Files\Common Files\Apple2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Program Files (x86)\Apple Software Update2013-12-21 19:48 - 2013-11-27 12:12 - 48147496 _____ (Poikosoft) C:\Users\Public\Downloads\ez_cd_audio_converter_free_setup.exe2013-12-21 19:48 - 2013-11-27 12:10 - 01005568 _____ (Microsoft Corporation) C:\Users\Public\Downloads\dotNetFx45_Full_setup.exe2013-12-21 19:48 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll2013-12-21 19:48 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll2013-12-21 19:48 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2013-12-21 19:48 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2013-12-21 19:48 - 2013-11-11 05:31 - 04379048 _____ (Piriform Ltd) C:\Users\Public\Downloads\ccsetup407.exe2013-12-21 19:48 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll2013-12-21 19:48 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll2013-12-21 19:48 - 2013-10-29 20:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2013-12-21 19:48 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll2013-12-21 19:48 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll2013-12-21 19:48 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys2013-12-21 19:48 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys2013-12-21 19:48 - 2013-09-29 12:34 - 15069520 _____ (Ventis Media Inc. ) C:\Users\Public\Downloads\MediaMonkey_4.0.7.1511.exe2013-12-21 19:48 - 2013-09-28 19:36 - 01970848 _____ C:\Users\Public\Downloads\winrar-x64-500.exe2013-12-21 19:48 - 2013-09-27 11:58 - 97176400 _____ (Apple Inc.) C:\Users\Public\Downloads\iTunes64Setup.exe2013-12-21 19:48 - 2013-09-24 03:52 - 01907792 _____ (InstallX, LLC) C:\Users\Public\Downloads\coretemp_1236.exe2013-12-21 19:46 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx2013-12-21 19:46 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll2013-12-21 19:46 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx2013-12-21 19:46 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll2013-12-21 19:46 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe2013-12-21 19:46 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe2013-12-21 19:46 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe2013-12-21 19:46 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe ==================== One Month Modified Files and Folders ======= 2014-01-06 16:00 - 2014-01-06 16:00 - 00009909 _____ C:\Users\owner\Desktop\FRST.txt2014-01-06 16:00 - 2013-12-28 14:34 - 00020480 _____ C:\Windows\SysWOW64\.tmp2014-01-06 15:59 - 2013-11-09 02:16 - 00000000 ____D C:\Users\owner\Desktop\TOSHIBA2014-01-06 15:57 - 2013-12-27 13:35 - 00165167 _____ C:\Windows\WindowsUpdate.log2014-01-06 15:55 - 2014-01-06 15:55 - 01931762 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe2014-01-06 15:47 - 2014-01-06 15:47 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill (2).exe2014-01-06 15:46 - 2014-01-06 15:46 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill (1).exe2014-01-06 15:46 - 2014-01-06 15:45 - 02918528 _____ (Emsisoft GmbH ) C:\Users\owner\Downloads\EmsisoftHiJackFreeSetup.exe2014-01-06 15:45 - 2014-01-06 15:45 - 01153912 _____ (Emsi Software GmbH) C:\Users\owner\Downloads\BlitzBlank.exe2014-01-06 15:44 - 2014-01-06 15:43 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill.exe2014-01-06 15:42 - 2014-01-06 15:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\owner\Downloads\mbam-setup-1.75.0.1300.exe2014-01-06 15:42 - 2014-01-06 15:42 - 00688992 _____ (Swearware) C:\Users\owner\Downloads\dds.scr2014-01-06 15:28 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI2014-01-06 00:50 - 2009-07-13 23:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-01-06 00:50 - 2009-07-13 23:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-01-06 00:43 - 2014-01-05 21:31 - 00000556 _____ C:\Windows\setupact.log2014-01-06 00:43 - 2013-09-10 03:51 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-01-06 00:43 - 2013-09-10 03:51 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-01-06 00:43 - 2013-09-07 19:05 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForowner.job2014-01-06 00:43 - 2012-02-23 22:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2014-01-06 00:43 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2014-01-06 00:41 - 2014-01-06 00:41 - 00281856 _____ C:\Windows\Minidump\010614-30498-01.dmp2014-01-06 00:41 - 2014-01-05 21:31 - 648594595 _____ C:\Windows\MEMORY.DMP2014-01-06 00:41 - 2013-12-27 13:31 - 00000000 ____D C:\Windows\Minidump2014-01-06 00:40 - 2014-01-05 21:45 - 00000000 ____D C:\32788R22FWJFW2014-01-06 00:38 - 2013-10-02 09:41 - 00000000 ____D C:\Users\owner\Downloads\New folder2014-01-06 00:14 - 2013-08-22 11:24 - 00000000 ___RD C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-01-06 00:11 - 2013-08-22 11:18 - 00000000 ____D C:\Users\owner2014-01-06 00:03 - 2013-12-26 22:31 - 00000000 ____D C:\Program Files (x86)\Craft Edge2014-01-06 00:03 - 2013-09-29 12:39 - 00000000 ____D C:\Program Files (x86)\MediaMonkey2014-01-06 00:02 - 2013-12-26 22:34 - 00000000 ____D C:\Program Files (x86)\Make The Cut!2014-01-06 00:01 - 2012-02-23 22:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2014-01-06 00:00 - 2012-08-12 12:02 - 00000000 ____D C:\ProgramData\CyberLink2014-01-06 00:00 - 2012-08-12 11:54 - 00000000 ____D C:\Program Files (x86)\CyberLink2014-01-05 23:56 - 2014-01-05 23:51 - 00000000 ____D C:\Windows\pss2014-01-05 23:56 - 2014-01-05 21:27 - 00000000 ____D C:\Program Files\CCleaner2014-01-05 23:55 - 2014-01-05 21:27 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC2014-01-05 23:55 - 2013-09-10 03:51 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-01-05 23:55 - 2013-09-10 03:51 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-01-05 23:55 - 2013-09-07 19:05 - 00003188 _____ C:\Windows\System32\Tasks\HPCeeScheduleForowner2014-01-05 23:55 - 2013-08-22 11:20 - 00003570 _____ C:\Windows\System32\Tasks\Registration2014-01-05 23:55 - 2012-02-23 22:25 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-01-05 21:57 - 2014-01-05 21:57 - 00000000 ____D C:\FRST2014-01-05 21:47 - 2014-01-05 21:46 - 00281680 _____ C:\Windows\Minidump\010514-33072-01.dmp2014-01-05 21:45 - 2014-01-05 21:45 - 00000000 ____D C:\Windows\erdnt2014-01-05 21:44 - 2014-01-05 21:44 - 00281720 _____ C:\Windows\Minidump\010514-31418-01.dmp2014-01-05 21:36 - 2013-08-22 11:24 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{30EDE5D5-18FA-42F4-ACC4-348017773A2A}2014-01-05 21:31 - 2014-01-05 21:31 - 00285232 _____ C:\Windows\Minidump\010514-37736-01.dmp2014-01-05 21:31 - 2014-01-05 21:31 - 00000000 _____ C:\Windows\setuperr.log2014-01-05 21:31 - 2009-07-13 23:45 - 00346816 _____ C:\Windows\system32\FNTCACHE.DAT2014-01-05 21:28 - 2013-09-27 06:00 - 00000000 ____D C:\Users\owner\AppData\Local\CrashDumps2014-01-05 21:28 - 2013-09-07 23:18 - 00000000 ___DC C:\Users\owner\AppData\Local\MigWiz2014-01-05 21:28 - 2007-01-01 20:25 - 00000000 ____D C:\Windows\Panther2014-01-05 21:25 - 2014-01-05 21:25 - 00041272 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys2014-01-05 21:25 - 2014-01-05 21:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\Malwarebytes2014-01-05 21:25 - 2014-01-05 21:25 - 00000000 ____D C:\ProgramData\Malwarebytes2014-01-01 02:32 - 2014-01-01 02:32 - 00017294 _____ C:\Windows\SysWOW64\Road Rage.txt2014-01-01 02:31 - 2014-01-01 02:31 - 00159516 _____ C:\Windows\SysWOW64\New Road Rage.txt2014-01-01 02:31 - 2014-01-01 02:31 - 00068222 _____ C:\Windows\SysWOW64\number 2 wouldnt fit.txt2014-01-01 02:31 - 2014-01-01 02:31 - 00065218 _____ C:\Windows\SysWOW64\dj swiss - 500 mix.txt2014-01-01 01:52 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries2013-12-30 23:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors2013-12-30 23:09 - 2013-12-29 14:49 - 00000000 ____D C:\Users\owner\My Design2013-12-29 15:01 - 2013-08-31 13:24 - 00082024 _____ C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT2013-12-29 15:00 - 2013-12-29 15:00 - 00000000 ____D C:\Users\owner\New folder (4)2013-12-29 15:00 - 2013-12-29 14:59 - 00000000 ____D C:\Users\owner\Backup2013-12-29 14:49 - 2013-12-29 14:49 - 00000000 ____D C:\Users\owner\New folder (3)2013-12-29 14:49 - 2013-11-27 12:14 - 00774404 _____ C:\Windows\SysWOW64\PerfStringBackup.INI2013-12-29 14:44 - 2013-12-29 14:44 - 00000000 ____D C:\Users\owner\New folder (2)2013-12-29 14:44 - 2013-12-29 14:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-12-29 14:44 - 2013-12-29 14:43 - 00000000 ____D C:\Program Files\iTunes2013-12-29 14:44 - 2013-12-29 14:43 - 00000000 ____D C:\Program Files (x86)\iTunes2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\New folder2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\Documents\New folder2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Users\owner\Documents\eBooks2013-12-29 14:43 - 2013-12-29 14:43 - 00000000 ____D C:\Program Files\iPod2013-12-29 14:37 - 2013-12-29 14:37 - 00000000 ____D C:\Program Files (x86)\QuickTime2013-12-28 21:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache2013-12-27 12:55 - 2013-12-27 12:55 - 00000000 ____D C:\Program Files (x86)\DAMN NFO Viewer2013-12-26 22:32 - 2013-12-26 22:31 - 00000000 ____D C:\Users\Public\Documents\CraftEdge2013-12-26 22:32 - 2013-12-26 22:31 - 00000000 ____D C:\ProgramData\Documents\CraftEdge2013-12-26 22:32 - 2013-12-26 22:31 - 00000000 ____D C:\ProgramData\CraftEdge2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\owner\AppData\Roaming\com.cricut.Cricut-CraftRoom2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Program Files\Provocraft2013-12-26 21:09 - 2013-12-26 21:09 - 00000000 ____D C:\Program Files (x86)\Cricut-Craft Room2013-12-26 21:09 - 2012-02-23 22:37 - 00000000 ____D C:\Program Files (x86)\Adobe2013-12-26 21:08 - 2013-12-26 21:09 - 00072248 _____ () C:\Windows\system32\Drivers\cricut_x64.sys2013-12-26 21:08 - 2013-11-11 05:27 - 00000000 ____D C:\Users\owner\AppData\Local\Adobe2013-12-26 21:08 - 2013-09-03 18:38 - 00000000 ____D C:\Users\owner\AppData\Roaming\Macromedia2013-12-24 01:58 - 2013-12-24 01:58 - 00001568 _____ C:\Users\owner\Documents\ch.log2013-12-24 00:58 - 2013-09-14 05:55 - 00000000 ____D C:\Windows\system32\MRT2013-12-24 00:57 - 2013-09-14 05:55 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-12-21 19:57 - 2013-12-21 19:55 - 00000000 ____D C:\Users\owner\AppData\Roaming\Apple Computer2013-12-21 19:55 - 2013-12-21 19:55 - 00000000 ____D C:\Users\owner\AppData\Local\Apple Computer2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Windows\System32\Tasks\Apple2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Program Files\Common Files\Apple2013-12-21 19:53 - 2013-12-21 19:53 - 00000000 ____D C:\Program Files (x86)\Apple Software Update2013-12-21 19:53 - 2013-11-09 06:37 - 00000000 ____D C:\ProgramData\Apple2013-12-21 19:53 - 2013-09-27 12:03 - 00000000 ____D C:\ProgramData\Apple Computer2013-12-21 19:43 - 2013-09-29 12:40 - 00000000 ____D C:\Users\owner\AppData\Roaming\MediaMonkey ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-01 04:31 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
swiss487 Posted January 6, 2014 Author ID:774535 Share Posted January 6, 2014 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014Ran by owner at 2014-01-06 16:00:23Running from C:\Users\owner\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) HiddenAdobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.160 - Adobe Systems Incorporated)Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8 - Adobe Systems Incorporated)Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633 - Adobe Systems, Inc.)Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) HiddenBejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) HiddenBlackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenBonjour (Version: 3.0.0.10 - Apple Inc.)CCleaner (Version: 4.07 - Piriform)Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenCore Temp 1.0 RC5 (Version: 1.0 - Alcpu)Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) HiddenCricut Driver v2.01 (x32 Version: 2.01 - Provo Craft & Novelty, Inc.)Cricut Craft Room® (x32 Version: 1.0.183 - Provo Craft & Novelty, Inc.) HiddenCricut Craft Room® (x32 Version: v1.0 build-183 - Provo Craft & Novelty, Inc.)CyberLink YouCam (x32 Version: 3.5.2.4725 - CyberLink Corp.)CyberLink YouCam (x32 Version: 3.5.2.4725 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) HiddenESU for Microsoft Windows 7 SP1 (x32 Version: 4.1.2 - Hewlett-Packard)Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) HiddenFarmscapes (x32 Version: 2.2.0.98 - WildTangent) HiddenFATE (x32 Version: 2.2.0.97 - WildTangent) HiddenFinal Drive Fury (x32 Version: 2.2.0.95 - WildTangent) HiddenGoogle Chrome (x32 Version: 31.0.1650.63 - Google Inc.)Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) HiddenHewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) HiddenHP 3D DriveGuard (Version: 4.1.10.1 - Hewlett-Packard Company)HP Application Assistant (Version: 1.0.409.3882 - Hewlett-Packard)HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) HiddenHP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) HiddenHP CoolSense (x32 Version: 2.10.3 - Hewlett-Packard Company)HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) HiddenHP Documentation (x32 Version: 1.3.0.0 - Hewlett-Packard)HP Games (x32 Version: 1.0.2.5 - WildTangent)HP Launch Box (Version: 1.1.5 - Hewlett-Packard Company)HP MovieStore (x32 Version: 2.1.096 - Hewlett-Packard) HiddenHP MovieStore (x32 Version: 2.1.21096.0 - Hewlett-Packard Company)HP On Screen Display (x32 Version: 1.3.5 - Hewlett-Packard Company)HP Power Manager (x32 Version: 1.4.7 - Hewlett-Packard Company)HP Quick Launch (x32 Version: 2.6.2 - Hewlett-Packard Company)HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) HiddenHP Security Assistant (Version: 2.0.2 - Hewlett-Packard Company)HP Setup (x32 Version: 9.0.15109.3899 - Hewlett-Packard Company)HP Setup Manager (x32 Version: 1.2.14901.3869 - Hewlett-Packard Company)HP SimplePass (x32 Version: 6.0.100.272 - Hewlett-Packard)HP Software Framework (x32 Version: 4.5.4.1 - Hewlett-Packard Company)HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company)IDT Audio (x32 Version: 1.0.6381.0 - IDT)Intel PROSet Wireless (Version: - ) HiddenIntel® Management Engine Components (x32 Version: 8.0.0.1351 - Intel Corporation)Intel® OpenCL CPU Runtime (x32 Version: - Intel Corporation)Intel® Processor Graphics (x32 Version: 8.15.10.2626 - Intel Corporation)Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.0.0.0074 - Intel Corporation)Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.0.0.0086 - Intel Corporation)Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.0.199 - Intel Corporation)Intel® WiDi (x32 Version: 3.0.12.0 - Intel Corporation)Intel® Wireless Display (Version: - )Intel® Wireless Music device driver (Version: 1.5.5310.0 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0682 - Intel Corporation)Intel® Trusted Connect Service Client (Version: 1.23.216.0 - Intel Corporation)iTunes (Version: 11.1.3.8 - Apple Inc.)Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenJewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) HiddenJohn Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) HiddenJunk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLetters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) HiddenLuxor HD (x32 Version: 2.2.0.98 - WildTangent) HiddenMah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) HiddenMesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Silverlight (x32 Version: 4.0.50401.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)opensource (x32 Version: 1.0.14960.3876 - Your Company Name) HiddenPenguins! (x32 Version: 2.2.0.98 - WildTangent) HiddenPlants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) HiddenPlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Bowler (x32 Version: 2.2.0.97 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.98 - WildTangent) HiddenQuickTime (x32 Version: 7.74.80.86 - Apple Inc.)Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011 - Realtek)Realtek PCIE Card Reader (x32 Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) HiddenswMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics Pointing Device Driver (Version: 15.3.29.0 - Synaptics Incorporated)The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) HiddenTorchlight (x32 Version: 2.2.0.98 - WildTangent) HiddenUpdate Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenValidity WBF DDK (Version: 4.3.301.0 - Validity Sensors, Inc.)Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) HiddenWildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) HiddenWindows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWinRAR 5.00 (64-bit) (Version: 5.00.0 - win.rar GmbH)Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Restore Points ========================= 28-12-2013 19:37:48 Device Driver Package Install: CUTOK Printers28-12-2013 19:45:32 Windows Update29-12-2013 19:39:19 Windows Update05-01-2014 21:08:37 Windows Update06-01-2014 02:36:00 01051406-01-2014 04:58:43 Configured PowerDVD06-01-2014 05:01:13 Removed Evernote v. 4.5.206-01-2014 05:03:42 Removed Blio. ==================== Hosts content: ========================== 2009-07-13 21:34 - 2013-12-27 13:12 - 00000867 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {20C2C914-E71E-4774-BF7D-9769176DA5D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)Task: {50A324E3-024F-401D-8443-3C13C2043503} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: {5900D82B-222E-4DBA-B626-F4DA585210A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.)Task: {6EF9C9A2-355E-4C53-B1B3-A0B9CC9906DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.)Task: {85964B46-442D-40E7-92A9-719B6ECE939A} - System32\Tasks\Core Temp Autostart owner => C:\Program Files\Core Temp\Core Temp.exe [2013-03-01] ()Task: {A1B39F92-F58C-4B6C-8A68-E1F66894E42D} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-10-06] ()Task: {B4A4F004-3D30-4BF6-B94C-0BE0FBFD2688} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {BEC34B84-9848-4F13-BCE9-25EB332EFF66} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink)Task: {C2189053-5157-4141-B6EF-B36B7717637A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)Task: {C8CD3758-5DA2-4BAB-B714-9F542D714C87} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)Task: {D1BAE797-E288-4465-8C99-E70098409F66} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)Task: {D4585B9F-EFF1-40FF-9951-8A406215B5C0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-23] (Adobe Systems Incorporated)Task: {EBE707D0-6DE6-4D37-B53F-06BD7B54EC0B} - System32\Tasks\HPCeeScheduleForowner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HPCeeScheduleForowner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2013-02-07 08:19 - 2013-02-07 08:19 - 00019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll2013-12-21 19:55 - 2013-12-03 21:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll2013-12-21 19:55 - 2013-12-03 21:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll2013-12-21 19:55 - 2013-12-03 21:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll2013-12-21 19:55 - 2013-12-03 21:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll2013-12-21 19:54 - 2013-12-03 21:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll2013-12-21 19:55 - 2013-12-03 21:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (01/06/2014 00:43:49 AM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 11:01:19 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (01/05/2014 09:47:15 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 09:44:44 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 09:32:08 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 09:31:47 PM) (Source: ESENT) (User: )Description: taskhost (2712) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\owner\AppData\Local\Microsoft\Windows\WebCache\V0100069.log. Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4274 Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4274 Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/01/2014 07:46:18 AM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 3057 System errors:=============Error: (01/06/2014 03:53:12 PM) (Source: DCOM) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (01/06/2014 03:43:12 PM) (Source: DCOM) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (01/06/2014 03:33:12 PM) (Source: DCOM) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (01/06/2014 00:54:46 AM) (Source: DCOM) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (01/06/2014 00:44:46 AM) (Source: DCOM) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (01/06/2014 00:42:08 AM) (Source: Service Control Manager) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (01/06/2014 00:42:08 AM) (Source: Service Control Manager) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (01/06/2014 00:42:08 AM) (Source: Service Control Manager) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (01/06/2014 00:41:56 AM) (Source: Service Control Manager) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (01/06/2014 00:41:56 AM) (Source: DCOM) (User: )Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89} Microsoft Office Sessions:=========================Error: (01/06/2014 00:43:49 AM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 11:01:19 PM) (Source: SideBySide)(User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\cricut-craft room\Drivers\Cricut Expression Drivers ia64.exe Error: (01/05/2014 09:47:15 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 09:44:44 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 09:32:08 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2014 09:31:47 PM) (Source: ESENT)(User: )Description: taskhost2712WebCacheLocal: C:\Users\owner\AppData\Local\Microsoft\Windows\WebCache\V0100069.log-1811 Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4274 Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 4274 Error: (01/01/2014 07:46:19 AM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/01/2014 07:46:18 AM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 3057 ==================== Memory info =========================== Percentage of memory in use: 26%Total physical RAM: 8089.31 MBAvailable physical RAM: 5939.28 MBTotal Pagefile: 16176.8 MBAvailable Pagefile: 13819.28 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:676.66 GB) (Free:528.76 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (Recovery) (Fixed) (Total:21.68 GB) (Free:2.33 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 1E75F28A)Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=677 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=22 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=102 MB) - (Type=0C) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted January 6, 2014 ID:774538 Share Posted January 6, 2014 Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed: Download Malwarebytes from the following link and save it to your desktop.: http://www.malwarebytes.org/mbam.php Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) Please save the log to a location you will remember. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Next, Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done you'll see: Pending: Uncheck any elements you don't want removed. Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look over the log especially under Files/Folders for any program you want to save. If there's a program you want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. If you're ready to clean it all up.....click the Clean button. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted (if necessary): Go to Tools > Quarantine Manager > check what you want restored > now click on Restore. Post those logs in next reply, also I do not see an Antivirus program installed, is that correct... Kevin fixlist.txt Link to post Share on other sites More sharing options...
swiss487 Posted January 6, 2014 Author ID:774546 Share Posted January 6, 2014 I have Windows Defender. I'm assuming from the virus I have that Defender is not gonna cut it. lol Will post my results from above instructions in a few moments. Thank you for your help. Are you snowed in too? We got 14 inches of snow last night! Link to post Share on other sites More sharing options...
swiss487 Posted January 6, 2014 Author ID:774560 Share Posted January 6, 2014 It told me to reboot, I will be back in a few with the other logs. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-01-2014Ran by owner at 2014-01-06 16:46:19 Run:1Running from C:\Users\owner\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************StartHKCU\...\Run: [23556fb1360f366337f97c924e76ead3] - C:\Users\owner\AppData\Roaming\svchost.exeC:\Users\owner\AppData\Roaming\svchost.exeStartup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe (w6A7BaTo)C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exeEnd ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\23556fb1360f366337f97c924e76ead3 => Value deleted successfully.C:\Users\owner\AppData\Roaming\svchost.exe => Moved successfully.C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe => Moved successfully."C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe" => File/Directory not found. The system needs a manual reboot. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
swiss487 Posted January 6, 2014 Author ID:774565 Share Posted January 6, 2014 When I was restarting, I got the BSOD. I just got her back on and looked in the task manager before I did anything and did not see the virus in there like it has been. Am I ok to go ahead and run and scan malwarebytes? Link to post Share on other sites More sharing options...
kevinf80 Posted January 6, 2014 ID:774572 Share Posted January 6, 2014 Yes please, run Malwarebytes and AdwCleaner. Just so you are aware Windows Defender does not have an Antivirus component in Windows 7, only Windows 8.... Also i`m based in the UK, no snow here yet....... Link to post Share on other sites More sharing options...
swiss487 Posted January 7, 2014 Author ID:774638 Share Posted January 7, 2014 Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2014.01.06.07 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476owner :: OWNER-HP [administrator] Protection: Disabled 1/6/2014 6:02:33 PMmbam-log-2014-01-06 (18-02-33).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 207799Time elapsed: 3 minute(s), 24 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 2HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|23556fb1360f366337f97c924e76ead3 (Trojan.Agent) -> Data: "C:\Users\owner\AppData\Roaming\svchost.exe" .. -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|23556fb1360f366337f97c924e76ead3 (Trojan.Agent) -> Data: "C:\Users\owner\AppData\Roaming\svchost.exe" .. -> Quarantined and deleted successfully. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Users\Public\Downloads\coretemp_1236.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully. (end) # AdwCleaner v3.016 - Report created 06/01/2014 at 19:12:18# Updated 23/12/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : owner - OWNER-HP# Running from : C:\Users\owner\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apn ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCSKey Deleted : HKCU\Software\23556fb1360f366337f97c924e76ead3Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}Key Deleted : HKLM\Software\InstallIQ ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2434 octets] - [06/01/2014 19:08:33]AdwCleaner[s0].txt - [2036 octets] - [06/01/2014 19:12:18] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2096 octets] ########## Link to post Share on other sites More sharing options...
kevinf80 Posted January 7, 2014 ID:774641 Share Posted January 7, 2014 Download and install Microsoft Security Essentials from here: http://www.microsoft.com/en-gb/download/details.aspx?id=5201 when installed check for updates, then run a quick scan. Let me know if anything is found. Give an update on any remaining issues or concerns... Link to post Share on other sites More sharing options...
swiss487 Posted January 7, 2014 Author ID:774964 Share Posted January 7, 2014 Nothing found!!! I have it set to scan every day and real time protection checked now. Thank you so much!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Link to post Share on other sites More sharing options...
swiss487 Posted January 7, 2014 Author ID:774965 Share Posted January 7, 2014 Oh one more thing... should I erase my restore points up until now? Link to post Share on other sites More sharing options...
kevinf80 Posted January 7, 2014 ID:775009 Share Posted January 7, 2014 The restore points can be reset very shortly as we clean up.... We need to remove FRST, first it is very important to deal with its own Quarantine folder by using FRST itself.. OK, we continue: Delete any fixlist.txt file previously used, continue: Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. Next, Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST Next, Uninstall adwcleaner.exe (unless you want to keep it) Please close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Uninstall Click Yes at Would you like to Uninstall Adwcleaner Next, Download "Delfix by Xplode" and save it to your desktop. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Activate UAC Remove disinfection tools Purge System Restore Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Let me know if those steps complete, also if any remaining issues or concerns.. Read the following link to fully understand PC security and best practices, you may find it useful.... http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 Kevin....fixlist.txt Link to post Share on other sites More sharing options...
LDTate Posted January 13, 2014 ID:777581 Share Posted January 13, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts