Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
malwarebytes not finding malware, issues with running scan and bluescreen
Message
<blockquote data-quote="Gbaby614" data-source="post: 100670" data-attributes="member: 5255"><p>I was able to fit the prog on a flash drive I had, I just hope I didn't make an error on the FRST.txt file as at the end I typed exit on the search bar and couldn't stop it, but here are the logs:</p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-01-2013 02 (ATTENTION: FRST version is 7 days old)</p><p>Ran by SYSTEM at 28-01-2013 11:31:51</p><p>Running from G:\</p><p>Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US) </p><p>The current controlset is ControlSet001</p><p></p><p>==================== Registry (Whitelisted) ===================</p><p></p><p>HKLM\...\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe" [153624 2008-08-25] (Intel Corporation)</p><p>HKLM\...\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" [225816 2008-08-25] (Intel Corporation)</p><p>HKLM\...\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" [199704 2008-08-25] (Intel Corporation)</p><p>HKLM\...\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [1533736 2008-06-19] (Synaptics, Inc.)</p><p>HKLM\...\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)</p><p>HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)</p><p>HKLM\...\Run: [lxdumon.exe] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [676520 2008-09-10] ()</p><p>HKLM\...\Run: [lxduamon] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [16040 2008-09-10] ()</p><p>HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [441344 2008-09-11] (IDT, Inc.)</p><p>HKLM-x32\...\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2008-09-26] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [1152296 2008-09-25] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [189736 2008-09-25] (CyberLink)</p><p>HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" [210216 2008-06-13] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [210216 2008-06-13] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2008-09-26] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)</p><p>HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [210216 2008-06-13] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [210216 2008-06-13] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [HP Health Check Scheduler] "c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [75008 2008-06-16] (Hewlett-Packard)</p><p>HKLM-x32\...\Run: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [54840 2007-05-08] (Hewlett-Packard)</p><p>HKLM-x32\...\Run: [hpWirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)</p><p>HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [] [x]</p><p>HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [887976 2011-08-23] (Ask)</p><p>HKLM-x32\...\Run: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul [733808 2012-12-19] (Webroot)</p><p>HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)</p><p>HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)</p><p>HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)</p><p>HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)</p><p>HKU\Michelle\...\Run: [LightScribe Control Panel] "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden [2363392 2008-06-09] (Hewlett-Packard Company)</p><p>HKU\Michelle\...\Run: [HPAdvisor] "C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)</p><p>HKU\Michelle\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [5252408 2010-06-01] (Yahoo! Inc.)</p><p>HKU\Michelle\...\Run: [Facebook Update] "C:\Users\Michelle\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)</p><p>HKU\Michelle\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-11-01] (SUPERAntiSpyware.com)</p><p>HKU\Michelle\...\Policies\system: [DisableCMD] 0</p><p>HKU\Michelle\...\Policies\system: [NoDispAppearancePage] 0</p><p>HKU\Michelle\...\Policies\system: [NoDispBackgroundPage] 0</p><p>HKU\Michelle\...\Policies\system: [NoDispSettingsPage] 0</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p></p><p>==================== Services (Whitelisted) ===================</p><p></p><p>2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)</p><p>2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [89088 2008-06-27] (Andrea Electronics Corporation)</p><p>2 lxdu_device; C:\Windows\system32\lxducoms.exe -service [1040552 2008-05-23] ( )</p><p>2 lxdu_device; C:\Windows\SysWow64\lxducoms.exe -service [594600 2008-05-23] ( )</p><p>2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365904 2008-09-23] ()</p><p>2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [241734 2008-06-29] ()</p><p>2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe [279040 2008-09-11] (IDT, Inc.)</p><p>2 WRSVC; "C:\Program Files (x86)\Webroot\WRSA.exe" -service [733808 2012-12-19] (Webroot)</p><p>2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 [x]</p><p></p><p>==================== Drivers (Whitelisted) =====================</p><p></p><p>1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)</p><p>1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)</p><p>0 WRkrn; C:\Windows\System32\Drivers\WRkrn.sys [111776 2012-12-19] (Webroot)</p><p>2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)</p><p>3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]</p><p>3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [x]</p><p>3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [x]</p><p>3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]</p><p>3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]</p><p>1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [x]</p><p>1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [x]</p><p></p><p>==================== NetSvcs (Whitelisted) ====================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-01-28 07:04 - 2013-01-28 08:01 - 00004880 ____A C:\Users\Michelle\Desktop\instructions.txt</p><p>2013-01-28 07:03 - 2013-01-28 07:03 - 00000000 ____A C:\Users\Michelle\Desktop\New Text Document.txt</p><p>2013-01-28 07:00 - 2013-01-28 07:00 - 01464303 ____A (Farbar) C:\Users\Michelle\Downloads\FRST64.exe</p><p>2013-01-28 03:59 - 2013-01-28 04:00 - 00000000 ____D C:\Users\Michelle\Desktop\Shortcuts</p><p>2013-01-28 03:32 - 2013-01-28 03:32 - 00002124 ____A C:\Users\Michelle\Desktop\RKreport[1]_S_01282013_02d0632.txt</p><p>2013-01-28 03:31 - 2013-01-28 03:32 - 00000000 ____D C:\Users\Michelle\Desktop\RK_Quarantine</p><p>2013-01-28 03:30 - 2013-01-28 03:30 - 00768512 ____A C:\Users\Michelle\Downloads\RogueKiller.exe</p><p>2013-01-28 01:43 - 2013-01-28 01:43 - 00282008 ____A C:\Windows\Minidump\Mini012813-03.dmp</p><p>2013-01-28 00:12 - 2013-01-28 00:12 - 00282008 ____A C:\Windows\Minidump\Mini012813-02.dmp</p><p>2013-01-27 22:46 - 2013-01-27 22:46 - 00277824 ____A C:\Windows\Minidump\Mini012813-01.dmp</p><p>2013-01-27 14:27 - 2013-01-27 21:17 - 00002091 ____A C:\Users\Michelle\Desktop\popups to rid.txt</p><p>2013-01-26 23:03 - 2013-01-09 11:27 - 01356360 ____A (Malwarebytes Corporation) C:\Users\Michelle\Desktop\mbar.exe</p><p>2013-01-26 20:06 - 2013-01-26 20:06 - 00000529 ____A C:\Users\Michelle\Desktop\mbar-1.01.0.1016 - Shortcut.lnk</p><p>2013-01-26 19:23 - 2013-01-26 19:23 - 00000000 ____D C:\Users\Michelle\My Documents\mbar-1.01.0.1016</p><p>2013-01-26 19:23 - 2013-01-26 19:23 - 00000000 ____D C:\Users\Michelle\Documents\mbar-1.01.0.1016</p><p>2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Users\Michelle\Application Data\Malwarebytes</p><p>2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Malwarebytes</p><p>2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Users\All Users\Malwarebytes</p><p>2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes</p><p>2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>2013-01-26 18:51 - 2012-12-14 13:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys</p><p>2013-01-26 18:49 - 2013-01-26 18:49 - 10156424 ____A (Malwarebytes Corporation ) C:\Users\Michelle\Downloads\mbam-setup.exe</p><p>2013-01-26 16:29 - 2013-01-27 15:10 - 00000000 ____D C:\Users\Michelle\Application Data\QuickScan</p><p>2013-01-26 16:29 - 2013-01-27 15:10 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\QuickScan</p><p>2013-01-25 10:30 - 2013-01-25 10:30 - 00000000 ____D C:\Users\Michelle\Application Data\SUPERAntiSpyware.com</p><p>2013-01-25 10:30 - 2013-01-25 10:30 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\SUPERAntiSpyware.com</p><p>2013-01-25 10:29 - 2013-01-25 10:29 - 00001756 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk</p><p>2013-01-25 10:29 - 2013-01-25 10:29 - 00001756 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk</p><p>2013-01-25 10:28 - 2013-01-25 10:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware</p><p>2013-01-25 10:28 - 2013-01-25 10:28 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com</p><p>2013-01-25 10:28 - 2013-01-25 10:28 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com</p><p>2013-01-25 10:25 - 2013-01-25 10:25 - 23508968 ____A (SUPERAntiSpyware.com) C:\Users\Michelle\Downloads\SUPERAntiSpyware.exe</p><p>2013-01-25 10:08 - 2013-01-25 10:09 - 80047680 ____A (Microsoft Corporation) C:\Users\Michelle\Downloads\msert.exe</p><p>2013-01-24 20:29 - 2013-01-24 20:28 - 00859552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll</p><p>2013-01-24 20:29 - 2013-01-24 20:28 - 00261024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe</p><p>2013-01-24 20:29 - 2013-01-24 20:28 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe</p><p>2013-01-24 20:29 - 2013-01-24 20:28 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe</p><p>2013-01-24 20:29 - 2013-01-24 20:28 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll</p><p>2013-01-24 20:26 - 2013-01-24 20:27 - 31473568 ____A (Oracle Corporation) C:\Users\Michelle\Downloads\jre-7u11-windows-i586.exe</p><p>2013-01-23 21:20 - 2013-01-23 21:20 - 00733296 ____A (Webroot) C:\Users\Michelle\Downloads\wsainstall.exe</p><p>2013-01-23 21:07 - 2013-01-23 21:08 - 00275848 ____A (Webroot Software Inc (www.webroot.com)) C:\Users\Michelle\Downloads\CleanWDF.exe</p><p>2013-01-23 15:40 - 2013-01-23 15:40 - 00281952 ____A C:\Windows\Minidump\Mini012313-01.dmp</p><p>2013-01-23 09:42 - 2013-01-23 09:42 - 00004539 ____A C:\Users\Michelle\Desktop\webroot fix.txt</p><p>2013-01-18 17:51 - 2013-01-18 17:51 - 00282008 ____A C:\Windows\Minidump\Mini011813-01.dmp</p><p>2013-01-18 15:09 - 2013-01-18 15:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox</p><p>2013-01-09 06:05 - 2012-11-19 20:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll</p><p>2013-01-09 06:05 - 2012-11-19 20:21 - 00253952 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll</p><p>2013-01-09 06:04 - 2012-11-22 17:54 - 02770432 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys</p><p>2013-01-09 06:04 - 2012-11-02 02:47 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll</p><p>2013-01-09 06:04 - 2012-11-02 02:47 - 01794560 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll</p><p>2013-01-09 06:04 - 2012-11-02 02:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll</p><p>2013-01-09 06:04 - 2012-11-02 02:19 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll</p><p>2013-01-09 06:02 - 2012-11-21 20:22 - 00456192 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll</p><p>2013-01-09 06:02 - 2012-11-21 19:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll</p><p>2013-01-02 18:12 - 2013-01-28 03:58 - 00000000 ____D C:\Users\Michelle\Desktop\various</p><p>2013-01-02 17:59 - 2013-01-02 17:59 - 00001637 ____A C:\Users\Michelle\Desktop\Paint.lnk</p><p>2013-01-02 17:40 - 2013-01-02 17:40 - 00000134 ____A C:\Users\Michelle\Desktop\Windows Defender - Shortcut.lnk</p><p>2013-01-02 17:37 - 2013-01-02 17:37 - 00000000 ____D C:\Users\Michelle\Local Settings\IsolatedStorage</p><p>2013-01-02 17:37 - 2013-01-02 17:37 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\IsolatedStorage</p><p>2013-01-02 17:37 - 2013-01-02 17:37 - 00000000 ____D C:\Users\Michelle\AppData\Local\IsolatedStorage</p><p>2013-01-01 12:30 - 2013-01-24 19:49 - 00000732 ____A C:\Users\Michelle\Local Settings\d3d9caps64.dat</p><p>2013-01-01 12:30 - 2013-01-24 19:49 - 00000732 ____A C:\Users\Michelle\Local Settings\Application Data\d3d9caps64.dat</p><p>2013-01-01 12:30 - 2013-01-24 19:49 - 00000732 ____A C:\Users\Michelle\AppData\Local\d3d9caps64.dat</p><p>2012-12-30 14:24 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf</p><p>2012-12-30 14:24 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf</p><p>2012-12-30 14:23 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys</p><p>2012-12-30 14:23 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys</p><p>2012-12-30 14:23 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll</p><p>2012-12-30 14:23 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe</p><p>2012-12-30 14:23 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll</p><p>2012-12-30 14:23 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll</p><p>2012-12-30 14:23 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll</p><p>2012-12-30 14:23 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll</p><p>2012-12-30 14:23 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys</p><p>2012-12-30 14:23 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys</p><p>2012-12-30 14:23 - 2009-07-14 04:19 - 00020480 ____A (Microsoft Corporation) C:\Windows\System32\winusb.dll</p><p>2012-12-30 14:23 - 2009-07-14 04:12 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winusb.dll</p><p>2012-12-30 13:54 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll</p><p>2012-12-30 13:54 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll</p><p>2012-12-30 13:54 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll</p><p>2012-12-30 13:54 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll</p><p>2012-12-30 13:54 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll</p><p>2012-12-30 13:54 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl</p><p>2012-12-30 13:54 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll</p><p>2012-12-30 13:54 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll</p><p>2012-12-30 13:54 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll</p><p>2012-12-30 13:54 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll</p><p>2012-12-30 13:54 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe</p><p>2012-12-30 13:54 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll</p><p>2012-12-30 13:54 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll</p><p>2012-12-30 13:54 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll</p><p>2012-12-30 13:54 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb</p><p>2012-12-30 13:54 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll</p><p>2012-12-30 13:54 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2012-12-30 13:54 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2012-12-30 13:54 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2012-12-30 13:54 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</p><p>2012-12-30 13:54 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2012-12-30 13:54 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2012-12-30 13:54 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll</p><p>2012-12-30 13:54 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2012-12-30 13:54 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</p><p>2012-12-30 13:54 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</p><p>2012-12-30 13:54 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</p><p>2012-12-30 13:54 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2012-12-30 13:54 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2012-12-30 13:54 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</p><p>2012-12-30 13:54 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2012-12-30 13:54 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2012-12-30 13:41 - 2012-12-16 05:31 - 00048128 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll</p><p>2012-12-30 13:41 - 2012-12-16 05:12 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll</p><p>2012-12-30 13:41 - 2012-12-16 03:08 - 00368128 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll</p><p>2012-12-30 13:41 - 2012-12-16 02:50 - 00293376 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll</p><p>2012-12-30 13:04 - 2012-12-30 13:04 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bmepmwfm.sys</p><p>2012-12-30 08:28 - 2012-12-30 13:07 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog</p><p>2012-12-30 08:27 - 2012-12-30 08:27 - 00000000 ____D C:\Users\Michelle\Local Settings\visi_coupon</p><p>2012-12-30 08:27 - 2012-12-30 08:27 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\visi_coupon</p><p>2012-12-30 08:27 - 2012-12-30 08:27 - 00000000 ____D C:\Users\Michelle\AppData\Local\visi_coupon</p><p>2012-12-30 02:06 - 2012-12-30 02:07 - 00277288 ____A C:\Windows\Minidump\Mini123012-01.dmp</p><p>2012-12-29 09:37 - 2012-12-30 13:03 - 00000000 ____D C:\Users\Michelle\Local Settings\Conduit</p><p>2012-12-29 09:37 - 2012-12-30 13:03 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\Conduit</p><p>2012-12-29 09:37 - 2012-12-30 13:03 - 00000000 ____D C:\Users\Michelle\AppData\Local\Conduit</p><p></p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-01-28 11:17 - 2013-01-28 11:17 - 00000000 ____D C:\FRST</p><p>2013-01-28 08:01 - 2013-01-28 07:04 - 00004880 ____A C:\Users\Michelle\Desktop\instructions.txt</p><p>2013-01-28 08:01 - 2011-05-18 23:22 - 01845073 ____A C:\Windows\WindowsUpdate.log</p><p>2013-01-28 08:01 - 2006-11-02 07:42 - 00032656 ____A C:\Windows\Tasks\SCHEDLGU.TXT</p><p>2013-01-28 08:01 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-01-28 08:01 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-01-28 08:01 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-01-28 07:51 - 2012-06-28 18:41 - 00000940 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3488472860-609737526-646370250-1000UA.job</p><p>2013-01-28 07:40 - 2011-07-29 13:15 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-01-28 07:03 - 2013-01-28 07:03 - 00000000 ____A C:\Users\Michelle\Desktop\New Text Document.txt</p><p>2013-01-28 07:02 - 2006-11-02 04:46 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI</p><p>2013-01-28 07:00 - 2013-01-28 07:00 - 01464303 ____A (Farbar) C:\Users\Michelle\Downloads\FRST64.exe</p><p>2013-01-28 06:56 - 2006-11-02 07:27 - 00125032 ____A C:\Windows\setupact.log</p><p>2013-01-28 04:00 - 2013-01-28 03:59 - 00000000 ____D C:\Users\Michelle\Desktop\Shortcuts</p><p>2013-01-28 03:58 - 2013-01-02 18:12 - 00000000 ____D C:\Users\Michelle\Desktop\various</p><p>2013-01-28 03:32 - 2013-01-28 03:32 - 00002124 ____A C:\Users\Michelle\Desktop\RKreport[1]_S_01282013_02d0632.txt</p><p>2013-01-28 03:32 - 2013-01-28 03:31 - 00000000 ____D C:\Users\Michelle\Desktop\RK_Quarantine</p><p>2013-01-28 03:30 - 2013-01-28 03:30 - 00768512 ____A C:\Users\Michelle\Downloads\RogueKiller.exe</p><p>2013-01-28 03:26 - 2011-12-09 15:24 - 00000000 ____D C:\Users\All Users\WRData</p><p>2013-01-28 03:26 - 2011-12-09 15:24 - 00000000 ____D C:\Users\All Users\Application Data\WRData</p><p>2013-01-28 03:23 - 2011-06-05 05:54 - 00000680 ____A C:\Users\Michelle\Local Settings\d3d9caps.dat</p><p>2013-01-28 03:23 - 2011-06-05 05:54 - 00000680 ____A C:\Users\Michelle\Local Settings\Application Data\d3d9caps.dat</p><p>2013-01-28 03:23 - 2011-06-05 05:54 - 00000680 ____A C:\Users\Michelle\AppData\Local\d3d9caps.dat</p><p>2013-01-28 03:22 - 2011-07-29 13:15 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-01-28 01:43 - 2013-01-28 01:43 - 00282008 ____A C:\Windows\Minidump\Mini012813-03.dmp</p><p>2013-01-28 01:43 - 2011-09-21 15:22 - 00000000 ____D C:\Windows\Minidump</p><p>2013-01-28 01:43 - 2011-09-21 15:20 - 803643669 ____A C:\Windows\MEMORY.DMP</p><p>2013-01-28 00:12 - 2013-01-28 00:12 - 00282008 ____A C:\Windows\Minidump\Mini012813-02.dmp</p><p>2013-01-27 22:46 - 2013-01-27 22:46 - 00277824 ____A C:\Windows\Minidump\Mini012813-01.dmp</p><p>2013-01-27 21:17 - 2013-01-27 14:27 - 00002091 ____A C:\Users\Michelle\Desktop\popups to rid.txt</p><p>2013-01-27 15:10 - 2013-01-26 16:29 - 00000000 ____D C:\Users\Michelle\Application Data\QuickScan</p><p>2013-01-27 15:10 - 2013-01-26 16:29 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\QuickScan</p><p>2013-01-27 14:30 - 2011-05-19 03:49 - 00359860 ____A C:\Users\Michelle\My Documents\unicode.txt</p><p>2013-01-27 14:30 - 2011-05-19 03:49 - 00359860 ____A C:\Users\Michelle\Documents\unicode.txt</p><p>2013-01-27 13:51 - 2012-06-28 18:41 - 00000918 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3488472860-609737526-646370250-1000Core.job</p><p>2013-01-26 20:06 - 2013-01-26 20:06 - 00000529 ____A C:\Users\Michelle\Desktop\mbar-1.01.0.1016 - Shortcut.lnk</p><p>2013-01-26 19:23 - 2013-01-26 19:23 - 00000000 ____D C:\Users\Michelle\My Documents\mbar-1.01.0.1016</p><p>2013-01-26 19:23 - 2013-01-26 19:23 - 00000000 ____D C:\Users\Michelle\Documents\mbar-1.01.0.1016</p><p>2013-01-26 19:03 - 2008-01-20 19:26 - 00184774 ____A C:\Windows\PFRO.log</p><p>2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Users\Michelle\Application Data\Malwarebytes</p><p>2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Malwarebytes</p><p>2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Users\All Users\Malwarebytes</p><p>2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes</p><p>2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>2013-01-26 18:49 - 2013-01-26 18:49 - 10156424 ____A (Malwarebytes Corporation ) C:\Users\Michelle\Downloads\mbam-setup.exe</p><p>2013-01-26 16:32 - 2011-05-21 15:12 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log</p><p>2013-01-25 10:30 - 2013-01-25 10:30 - 00000000 ____D C:\Users\Michelle\Application Data\SUPERAntiSpyware.com</p><p>2013-01-25 10:30 - 2013-01-25 10:30 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\SUPERAntiSpyware.com</p><p>2013-01-25 10:30 - 2013-01-25 10:28 - 00000000 ____D C:\Program Files\SUPERAntiSpyware</p><p>2013-01-25 10:29 - 2013-01-25 10:29 - 00001756 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk</p><p>2013-01-25 10:29 - 2013-01-25 10:29 - 00001756 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk</p><p>2013-01-25 10:28 - 2013-01-25 10:28 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com</p><p>2013-01-25 10:28 - 2013-01-25 10:28 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com</p><p>2013-01-25 10:25 - 2013-01-25 10:25 - 23508968 ____A (SUPERAntiSpyware.com) C:\Users\Michelle\Downloads\SUPERAntiSpyware.exe</p><p>2013-01-25 10:09 - 2013-01-25 10:08 - 80047680 ____A (Microsoft Corporation) C:\Users\Michelle\Downloads\msert.exe</p><p>2013-01-24 20:35 - 2008-10-24 00:04 - 00000000 ____D C:\Users\All Users\Application Data\Adobe</p><p>2013-01-24 20:35 - 2008-10-24 00:04 - 00000000 ____D C:\Users\All Users\Adobe</p><p>2013-01-24 20:28 - 2013-01-24 20:29 - 00859552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll</p><p>2013-01-24 20:28 - 2013-01-24 20:29 - 00261024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe</p><p>2013-01-24 20:28 - 2013-01-24 20:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe</p><p>2013-01-24 20:28 - 2013-01-24 20:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe</p><p>2013-01-24 20:28 - 2013-01-24 20:29 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll</p><p>2013-01-24 20:28 - 2011-07-09 07:02 - 00780192 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll</p><p>2013-01-24 20:28 - 2008-10-24 00:21 - 00000000 ____D C:\Program Files (x86)\Java</p><p>2013-01-24 20:27 - 2013-01-24 20:26 - 31473568 ____A (Oracle Corporation) C:\Users\Michelle\Downloads\jre-7u11-windows-i586.exe</p><p>2013-01-24 20:12 - 2012-06-21 10:20 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2013-01-24 20:12 - 2011-05-19 05:57 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2013-01-24 19:49 - 2013-01-01 12:30 - 00000732 ____A C:\Users\Michelle\Local Settings\d3d9caps64.dat</p><p>2013-01-24 19:49 - 2013-01-01 12:30 - 00000732 ____A C:\Users\Michelle\Local Settings\Application Data\d3d9caps64.dat</p><p>2013-01-24 19:49 - 2013-01-01 12:30 - 00000732 ____A C:\Users\Michelle\AppData\Local\d3d9caps64.dat</p><p>2013-01-23 21:20 - 2013-01-23 21:20 - 00733296 ____A (Webroot) C:\Users\Michelle\Downloads\wsainstall.exe</p><p>2013-01-23 21:19 - 2012-01-30 15:42 - 00000000 ____D C:\Program Files (x86)\Webroot</p><p>2013-01-23 21:08 - 2013-01-23 21:07 - 00275848 ____A (Webroot Software Inc (www.webroot.com)) C:\Users\Michelle\Downloads\CleanWDF.exe</p><p>2013-01-23 20:14 - 2006-11-02 07:21 - 00310712 ____A C:\Windows\System32\FNTCACHE.DAT</p><p>2013-01-23 19:16 - 2006-11-02 04:35 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe</p><p>2013-01-23 15:40 - 2013-01-23 15:40 - 00281952 ____A C:\Windows\Minidump\Mini012313-01.dmp</p><p>2013-01-23 09:42 - 2013-01-23 09:42 - 00004539 ____A C:\Users\Michelle\Desktop\webroot fix.txt</p><p>2013-01-18 17:51 - 2013-01-18 17:51 - 00282008 ____A C:\Windows\Minidump\Mini011813-01.dmp</p><p>2013-01-18 17:51 - 2012-06-03 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2013-01-18 15:09 - 2013-01-18 15:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox</p><p>2013-01-09 11:27 - 2013-01-26 23:03 - 01356360 ____A (Malwarebytes Corporation) C:\Users\Michelle\Desktop\mbar.exe</p><p>2013-01-02 17:59 - 2013-01-02 17:59 - 00001637 ____A C:\Users\Michelle\Desktop\Paint.lnk</p><p>2013-01-02 17:40 - 2013-01-02 17:40 - 00000134 ____A C:\Users\Michelle\Desktop\Windows Defender - Shortcut.lnk</p><p>2013-01-02 17:37 - 2013-01-02 17:37 - 00000000 ____D C:\Users\Michelle\Local Settings\IsolatedStorage</p><p>2013-01-02 17:37 - 2013-01-02 17:37 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\IsolatedStorage</p><p>2013-01-02 17:37 - 2013-01-02 17:37 - 00000000 ____D C:\Users\Michelle\AppData\Local\IsolatedStorage</p><p>2013-01-02 07:45 - 2006-11-02 04:33 - 65798144 ____A C:\Windows\System32\config\software_previous</p><p>2013-01-02 07:45 - 2006-11-02 04:33 - 18874368 ____A C:\Windows\System32\config\system_previous</p><p>2013-01-02 07:44 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\spool</p><p>2013-01-02 07:44 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\Msdtc</p><p>2013-01-02 07:44 - 2006-11-02 05:33 - 00000000 __RSD C:\Windows\Media</p><p>2013-01-02 07:44 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache</p><p>2013-01-02 07:43 - 2011-05-19 01:50 - 00000000 ____D C:\Users\All Users\Yahoo! Companion</p><p>2013-01-02 07:43 - 2011-05-19 01:50 - 00000000 ____D C:\Users\All Users\Application Data\Yahoo! Companion</p><p>2013-01-02 07:43 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\registration</p><p>2013-01-02 07:28 - 2006-11-02 04:33 - 62652416 ____A C:\Windows\System32\config\components_previous</p><p>2013-01-02 07:28 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\sam_previous</p><p>2013-01-02 04:47 - 2011-05-18 21:38 - 00000000 ____D C:\users\Michelle</p><p>2013-01-02 04:24 - 2012-12-06 11:39 - 00000000 ____D C:\Users\Michelle\Local Settings\Unity</p><p>2013-01-02 04:24 - 2012-12-06 11:39 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\Unity</p><p>2013-01-02 04:24 - 2012-12-06 11:39 - 00000000 ____D C:\Users\Michelle\AppData\Local\Unity</p><p>2013-01-02 04:23 - 2008-10-23 23:28 - 00000000 ____D C:\Users\All Users\WildTangent</p><p>2013-01-02 04:23 - 2008-10-23 23:28 - 00000000 ____D C:\Users\All Users\Application Data\WildTangent</p><p>2013-01-02 04:23 - 2008-10-23 23:28 - 00000000 ____D C:\Program Files (x86)\HP Games</p><p>2012-12-30 13:07 - 2012-12-30 08:28 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog</p><p>2012-12-30 13:04 - 2012-12-30 13:04 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bmepmwfm.sys</p><p>2012-12-30 13:03 - 2012-12-29 09:37 - 00000000 ____D C:\Users\Michelle\Local Settings\Conduit</p><p>2012-12-30 13:03 - 2012-12-29 09:37 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\Conduit</p><p>2012-12-30 13:03 - 2012-12-29 09:37 - 00000000 ____D C:\Users\Michelle\AppData\Local\Conduit</p><p>2012-12-30 08:27 - 2012-12-30 08:27 - 00000000 ____D C:\Users\Michelle\Local Settings\visi_coupon</p><p>2012-12-30 08:27 - 2012-12-30 08:27 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\visi_coupon</p><p>2012-12-30 08:27 - 2012-12-30 08:27 - 00000000 ____D C:\Users\Michelle\AppData\Local\visi_coupon</p><p>2012-12-30 08:24 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\Resources</p><p>2012-12-30 02:07 - 2012-12-30 02:06 - 00277288 ____A C:\Windows\Minidump\Mini123012-01.dmp</p><p>2012-12-30 00:02 - 2011-06-08 10:54 - 00028672 ____A C:\Users\Michelle\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>2012-12-30 00:02 - 2011-06-08 10:54 - 00028672 ____A C:\Users\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>2012-12-30 00:02 - 2011-06-08 10:54 - 00028672 ____A C:\Users\Michelle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p></p><p>==================== Known DLLs (Whitelisted) =================</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys</p><p>[2012-12-12 01:09] - [2012-08-21 03:50] - 0267648 ____A (Microsoft Corporation) 582F710097B46140F5A89A19A6573D4B</p><p></p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points =========================</p><p></p><p>Restore point made on: 2013-01-24 23:39:23</p><p>Restore point made on: 2013-01-25 17:24:34</p><p>Restore point made on: 2013-01-26 19:55:46</p><p>Restore point made on: 2013-01-28 07:37:11</p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 19%</p><p>Total physical RAM: 3998.27 MB</p><p>Available physical RAM: 3203.44 MB</p><p>Total Pagefile: 3675.47 MB</p><p>Available Pagefile: 3265.25 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.89 MB</p><p></p><p>==================== Partitions =============================</p><p></p><p>1 Drive c: () (Fixed) (Total:453.29 GB) (Free:389.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]</p><p>2 Drive d: (RECOVERY) (Fixed) (Total:12.47 GB) (Free:1.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>5 Drive g: () (Removable) (Total:3.76 GB) (Free:3.55 GB) FAT32</p><p>6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS</p><p></p><p> Disk ### Status Size Free Dyn Gpt</p><p> -------- ---------- ------- ------- --- ---</p><p> Disk 0 Online 466 GB 1024 KB </p><p> Disk 1 No Media 0 B 0 B </p><p> Disk 2 Online 3856 MB 0 B </p><p></p><p>Partitions of Disk 0:</p><p>===============</p><p></p><p>Disk ID: 7E2456CC</p><p></p><p> Partition ### Type Size Offset</p><p> ------------- ---------------- ------- -------</p><p> Partition 1 Primary 453 GB 32 KB</p><p> Partition 2 Primary 12 GB 453 GB</p><p></p><p>==================================================================================</p><p></p><p>Disk: 0</p><p>Partition 1</p><p>Type : 07</p><p>Hidden: No</p><p>Active: Yes</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 1 C NTFS Partition 453 GB Healthy </p><p></p><p>=========================================================</p><p></p><p>Disk: 0</p><p>Partition 2</p><p>Type : 07</p><p>Hidden: No</p><p>Active: No</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 2 D RECOVERY NTFS Partition 12 GB Healthy </p><p></p><p>=========================================================</p><p></p><p>Partitions of Disk 2:</p><p>===============</p><p></p><p>Disk ID: 04DD5721</p><p></p><p> Partition ### Type Size Offset</p><p> ------------- ---------------- ------- -------</p><p> Partition 1 Primary 3856 MB 32 KB</p><p></p><p>==================================================================================</p><p></p><p>Disk: 2</p><p>Partition 1</p><p>Type : 0B</p><p>Hidden: No</p><p>Active: Yes</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 4 G FAT32 Removable 3856 MB Healthy </p><p></p><p>=========================================================</p><p></p><p>Last Boot: 2013-01-28 03:28</p><p></p><p>==================== End Of Log =============================</p><p></p><p>Farbar Recovery Scan Tool (x64) Version: 21-01-2013 02</p><p>Ran by SYSTEM at 2013-01-28 11:24:03</p><p>Running from G:\</p><p></p><p>================== Search: "services.exe" ===================</p><p></p><p>C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe</p><p>[2011-05-20 11:38] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B</p><p></p><p>C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe</p><p>[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C</p><p></p><p>C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe</p><p>[2011-05-20 11:39] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3</p><p></p><p>C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe</p><p>[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719</p><p></p><p>C:\WINDOWS\SysWOW64\services.exe</p><p>[2011-05-20 11:38] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B</p><p></p><p>C:\WINDOWS\System32\services.exe</p><p>[2011-05-20 11:39] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3</p><p></p><p>====== End Of Search ======</p></blockquote><p></p>
[QUOTE="Gbaby614, post: 100670, member: 5255"] I was able to fit the prog on a flash drive I had, I just hope I didn't make an error on the FRST.txt file as at the end I typed exit on the search bar and couldn't stop it, but here are the logs: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-01-2013 02 (ATTENTION: FRST version is 7 days old) Ran by SYSTEM at 28-01-2013 11:31:51 Running from G:\ Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe" [153624 2008-08-25] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" [225816 2008-08-25] (Intel Corporation) HKLM\...\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" [199704 2008-08-25] (Intel Corporation) HKLM\...\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [1533736 2008-06-19] (Synaptics, Inc.) HKLM\...\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard) HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [lxdumon.exe] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [676520 2008-09-10] () HKLM\...\Run: [lxduamon] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [16040 2008-09-10] () HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [441344 2008-09-11] (IDT, Inc.) HKLM-x32\...\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2008-09-26] (CyberLink Corp.) HKLM-x32\...\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [1152296 2008-09-25] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [189736 2008-09-25] (CyberLink) HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" [210216 2008-06-13] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [210216 2008-06-13] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2008-09-26] (CyberLink Corp.) HKLM-x32\...\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [210216 2008-06-13] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [210216 2008-06-13] (CyberLink Corp.) HKLM-x32\...\Run: [HP Health Check Scheduler] "c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [75008 2008-06-16] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [54840 2007-05-08] (Hewlett-Packard) HKLM-x32\...\Run: [hpWirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [887976 2011-08-23] (Ask) HKLM-x32\...\Run: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul [733808 2012-12-19] (Webroot) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard) HKU\Michelle\...\Run: [LightScribe Control Panel] "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden [2363392 2008-06-09] (Hewlett-Packard Company) HKU\Michelle\...\Run: [HPAdvisor] "C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard) HKU\Michelle\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [5252408 2010-06-01] (Yahoo! Inc.) HKU\Michelle\...\Run: [Facebook Update] "C:\Users\Michelle\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.) HKU\Michelle\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-11-01] (SUPERAntiSpyware.com) HKU\Michelle\...\Policies\system: [DisableCMD] 0 HKU\Michelle\...\Policies\system: [NoDispAppearancePage] 0 HKU\Michelle\...\Policies\system: [NoDispBackgroundPage] 0 HKU\Michelle\...\Policies\system: [NoDispSettingsPage] 0 Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 ==================== Services (Whitelisted) =================== 2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com) 2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [89088 2008-06-27] (Andrea Electronics Corporation) 2 lxdu_device; C:\Windows\system32\lxducoms.exe -service [1040552 2008-05-23] ( ) 2 lxdu_device; C:\Windows\SysWow64\lxducoms.exe -service [594600 2008-05-23] ( ) 2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365904 2008-09-23] () 2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [241734 2008-06-29] () 2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe [279040 2008-09-11] (IDT, Inc.) 2 WRSVC; "C:\Program Files (x86)\Webroot\WRSA.exe" -service [733808 2012-12-19] (Webroot) 2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 [x] ==================== Drivers (Whitelisted) ===================== 1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 0 WRkrn; C:\Windows\System32\Drivers\WRkrn.sys [111776 2012-12-19] (Webroot) 2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.) 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [x] 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] 1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [x] 1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-01-28 07:04 - 2013-01-28 08:01 - 00004880 ____A C:\Users\Michelle\Desktop\instructions.txt 2013-01-28 07:03 - 2013-01-28 07:03 - 00000000 ____A C:\Users\Michelle\Desktop\New Text Document.txt 2013-01-28 07:00 - 2013-01-28 07:00 - 01464303 ____A (Farbar) C:\Users\Michelle\Downloads\FRST64.exe 2013-01-28 03:59 - 2013-01-28 04:00 - 00000000 ____D C:\Users\Michelle\Desktop\Shortcuts 2013-01-28 03:32 - 2013-01-28 03:32 - 00002124 ____A C:\Users\Michelle\Desktop\RKreport[1]_S_01282013_02d0632.txt 2013-01-28 03:31 - 2013-01-28 03:32 - 00000000 ____D C:\Users\Michelle\Desktop\RK_Quarantine 2013-01-28 03:30 - 2013-01-28 03:30 - 00768512 ____A C:\Users\Michelle\Downloads\RogueKiller.exe 2013-01-28 01:43 - 2013-01-28 01:43 - 00282008 ____A C:\Windows\Minidump\Mini012813-03.dmp 2013-01-28 00:12 - 2013-01-28 00:12 - 00282008 ____A C:\Windows\Minidump\Mini012813-02.dmp 2013-01-27 22:46 - 2013-01-27 22:46 - 00277824 ____A C:\Windows\Minidump\Mini012813-01.dmp 2013-01-27 14:27 - 2013-01-27 21:17 - 00002091 ____A C:\Users\Michelle\Desktop\popups to rid.txt 2013-01-26 23:03 - 2013-01-09 11:27 - 01356360 ____A (Malwarebytes Corporation) C:\Users\Michelle\Desktop\mbar.exe 2013-01-26 20:06 - 2013-01-26 20:06 - 00000529 ____A C:\Users\Michelle\Desktop\mbar-1.01.0.1016 - Shortcut.lnk 2013-01-26 19:23 - 2013-01-26 19:23 - 00000000 ____D C:\Users\Michelle\My Documents\mbar-1.01.0.1016 2013-01-26 19:23 - 2013-01-26 19:23 - 00000000 ____D C:\Users\Michelle\Documents\mbar-1.01.0.1016 2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Users\Michelle\Application Data\Malwarebytes 2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Malwarebytes 2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Users\All Users\Malwarebytes 2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes 2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-26 18:51 - 2012-12-14 13:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-01-26 18:49 - 2013-01-26 18:49 - 10156424 ____A (Malwarebytes Corporation ) C:\Users\Michelle\Downloads\mbam-setup.exe 2013-01-26 16:29 - 2013-01-27 15:10 - 00000000 ____D C:\Users\Michelle\Application Data\QuickScan 2013-01-26 16:29 - 2013-01-27 15:10 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\QuickScan 2013-01-25 10:30 - 2013-01-25 10:30 - 00000000 ____D C:\Users\Michelle\Application Data\SUPERAntiSpyware.com 2013-01-25 10:30 - 2013-01-25 10:30 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\SUPERAntiSpyware.com 2013-01-25 10:29 - 2013-01-25 10:29 - 00001756 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2013-01-25 10:29 - 2013-01-25 10:29 - 00001756 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk 2013-01-25 10:28 - 2013-01-25 10:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2013-01-25 10:28 - 2013-01-25 10:28 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com 2013-01-25 10:28 - 2013-01-25 10:28 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com 2013-01-25 10:25 - 2013-01-25 10:25 - 23508968 ____A (SUPERAntiSpyware.com) C:\Users\Michelle\Downloads\SUPERAntiSpyware.exe 2013-01-25 10:08 - 2013-01-25 10:09 - 80047680 ____A (Microsoft Corporation) C:\Users\Michelle\Downloads\msert.exe 2013-01-24 20:29 - 2013-01-24 20:28 - 00859552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-01-24 20:29 - 2013-01-24 20:28 - 00261024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-01-24 20:29 - 2013-01-24 20:28 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-01-24 20:29 - 2013-01-24 20:28 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-01-24 20:29 - 2013-01-24 20:28 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-01-24 20:26 - 2013-01-24 20:27 - 31473568 ____A (Oracle Corporation) C:\Users\Michelle\Downloads\jre-7u11-windows-i586.exe 2013-01-23 21:20 - 2013-01-23 21:20 - 00733296 ____A (Webroot) C:\Users\Michelle\Downloads\wsainstall.exe 2013-01-23 21:07 - 2013-01-23 21:08 - 00275848 ____A (Webroot Software Inc (www.webroot.com)) C:\Users\Michelle\Downloads\CleanWDF.exe 2013-01-23 15:40 - 2013-01-23 15:40 - 00281952 ____A C:\Windows\Minidump\Mini012313-01.dmp 2013-01-23 09:42 - 2013-01-23 09:42 - 00004539 ____A C:\Users\Michelle\Desktop\webroot fix.txt 2013-01-18 17:51 - 2013-01-18 17:51 - 00282008 ____A C:\Windows\Minidump\Mini011813-01.dmp 2013-01-18 15:09 - 2013-01-18 15:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-01-09 06:05 - 2012-11-19 20:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-01-09 06:05 - 2012-11-19 20:21 - 00253952 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2013-01-09 06:04 - 2012-11-22 17:54 - 02770432 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-01-09 06:04 - 2012-11-02 02:47 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2013-01-09 06:04 - 2012-11-02 02:47 - 01794560 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2013-01-09 06:04 - 2012-11-02 02:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2013-01-09 06:04 - 2012-11-02 02:19 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2013-01-09 06:02 - 2012-11-21 20:22 - 00456192 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll 2013-01-09 06:02 - 2012-11-21 19:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll 2013-01-02 18:12 - 2013-01-28 03:58 - 00000000 ____D C:\Users\Michelle\Desktop\various 2013-01-02 17:59 - 2013-01-02 17:59 - 00001637 ____A C:\Users\Michelle\Desktop\Paint.lnk 2013-01-02 17:40 - 2013-01-02 17:40 - 00000134 ____A C:\Users\Michelle\Desktop\Windows Defender - Shortcut.lnk 2013-01-02 17:37 - 2013-01-02 17:37 - 00000000 ____D C:\Users\Michelle\Local Settings\IsolatedStorage 2013-01-02 17:37 - 2013-01-02 17:37 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\IsolatedStorage 2013-01-02 17:37 - 2013-01-02 17:37 - 00000000 ____D C:\Users\Michelle\AppData\Local\IsolatedStorage 2013-01-01 12:30 - 2013-01-24 19:49 - 00000732 ____A C:\Users\Michelle\Local Settings\d3d9caps64.dat 2013-01-01 12:30 - 2013-01-24 19:49 - 00000732 ____A C:\Users\Michelle\Local Settings\Application Data\d3d9caps64.dat 2013-01-01 12:30 - 2013-01-24 19:49 - 00000732 ____A C:\Users\Michelle\AppData\Local\d3d9caps64.dat 2012-12-30 14:24 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2012-12-30 14:24 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2012-12-30 14:23 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys 2012-12-30 14:23 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys 2012-12-30 14:23 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll 2012-12-30 14:23 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe 2012-12-30 14:23 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll 2012-12-30 14:23 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll 2012-12-30 14:23 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll 2012-12-30 14:23 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll 2012-12-30 14:23 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys 2012-12-30 14:23 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys 2012-12-30 14:23 - 2009-07-14 04:19 - 00020480 ____A (Microsoft Corporation) C:\Windows\System32\winusb.dll 2012-12-30 14:23 - 2009-07-14 04:12 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winusb.dll 2012-12-30 13:54 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-12-30 13:54 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-12-30 13:54 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-12-30 13:54 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-12-30 13:54 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-12-30 13:54 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-12-30 13:54 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-12-30 13:54 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-12-30 13:54 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-12-30 13:54 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-12-30 13:54 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-12-30 13:54 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-12-30 13:54 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-12-30 13:54 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-12-30 13:54 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-12-30 13:54 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-12-30 13:54 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-12-30 13:54 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-12-30 13:54 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-12-30 13:54 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-12-30 13:54 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-12-30 13:54 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-12-30 13:54 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-12-30 13:54 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-12-30 13:54 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-12-30 13:54 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-12-30 13:54 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-12-30 13:54 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-12-30 13:54 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-12-30 13:54 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-12-30 13:54 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-12-30 13:54 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-12-30 13:41 - 2012-12-16 05:31 - 00048128 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-30 13:41 - 2012-12-16 05:12 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-30 13:41 - 2012-12-16 03:08 - 00368128 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-30 13:41 - 2012-12-16 02:50 - 00293376 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-30 13:04 - 2012-12-30 13:04 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bmepmwfm.sys 2012-12-30 08:28 - 2012-12-30 13:07 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog 2012-12-30 08:27 - 2012-12-30 08:27 - 00000000 ____D C:\Users\Michelle\Local Settings\visi_coupon 2012-12-30 08:27 - 2012-12-30 08:27 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\visi_coupon 2012-12-30 08:27 - 2012-12-30 08:27 - 00000000 ____D C:\Users\Michelle\AppData\Local\visi_coupon 2012-12-30 02:06 - 2012-12-30 02:07 - 00277288 ____A C:\Windows\Minidump\Mini123012-01.dmp 2012-12-29 09:37 - 2012-12-30 13:03 - 00000000 ____D C:\Users\Michelle\Local Settings\Conduit 2012-12-29 09:37 - 2012-12-30 13:03 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\Conduit 2012-12-29 09:37 - 2012-12-30 13:03 - 00000000 ____D C:\Users\Michelle\AppData\Local\Conduit ==================== One Month Modified Files and Folders ======= 2013-01-28 11:17 - 2013-01-28 11:17 - 00000000 ____D C:\FRST 2013-01-28 08:01 - 2013-01-28 07:04 - 00004880 ____A C:\Users\Michelle\Desktop\instructions.txt 2013-01-28 08:01 - 2011-05-18 23:22 - 01845073 ____A C:\Windows\WindowsUpdate.log 2013-01-28 08:01 - 2006-11-02 07:42 - 00032656 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-01-28 08:01 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-01-28 08:01 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-01-28 08:01 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-01-28 07:51 - 2012-06-28 18:41 - 00000940 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3488472860-609737526-646370250-1000UA.job 2013-01-28 07:40 - 2011-07-29 13:15 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-01-28 07:03 - 2013-01-28 07:03 - 00000000 ____A C:\Users\Michelle\Desktop\New Text Document.txt 2013-01-28 07:02 - 2006-11-02 04:46 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI 2013-01-28 07:00 - 2013-01-28 07:00 - 01464303 ____A (Farbar) C:\Users\Michelle\Downloads\FRST64.exe 2013-01-28 06:56 - 2006-11-02 07:27 - 00125032 ____A C:\Windows\setupact.log 2013-01-28 04:00 - 2013-01-28 03:59 - 00000000 ____D C:\Users\Michelle\Desktop\Shortcuts 2013-01-28 03:58 - 2013-01-02 18:12 - 00000000 ____D C:\Users\Michelle\Desktop\various 2013-01-28 03:32 - 2013-01-28 03:32 - 00002124 ____A C:\Users\Michelle\Desktop\RKreport[1]_S_01282013_02d0632.txt 2013-01-28 03:32 - 2013-01-28 03:31 - 00000000 ____D C:\Users\Michelle\Desktop\RK_Quarantine 2013-01-28 03:30 - 2013-01-28 03:30 - 00768512 ____A C:\Users\Michelle\Downloads\RogueKiller.exe 2013-01-28 03:26 - 2011-12-09 15:24 - 00000000 ____D C:\Users\All Users\WRData 2013-01-28 03:26 - 2011-12-09 15:24 - 00000000 ____D C:\Users\All Users\Application Data\WRData 2013-01-28 03:23 - 2011-06-05 05:54 - 00000680 ____A C:\Users\Michelle\Local Settings\d3d9caps.dat 2013-01-28 03:23 - 2011-06-05 05:54 - 00000680 ____A C:\Users\Michelle\Local Settings\Application Data\d3d9caps.dat 2013-01-28 03:23 - 2011-06-05 05:54 - 00000680 ____A C:\Users\Michelle\AppData\Local\d3d9caps.dat 2013-01-28 03:22 - 2011-07-29 13:15 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-01-28 01:43 - 2013-01-28 01:43 - 00282008 ____A C:\Windows\Minidump\Mini012813-03.dmp 2013-01-28 01:43 - 2011-09-21 15:22 - 00000000 ____D C:\Windows\Minidump 2013-01-28 01:43 - 2011-09-21 15:20 - 803643669 ____A C:\Windows\MEMORY.DMP 2013-01-28 00:12 - 2013-01-28 00:12 - 00282008 ____A C:\Windows\Minidump\Mini012813-02.dmp 2013-01-27 22:46 - 2013-01-27 22:46 - 00277824 ____A C:\Windows\Minidump\Mini012813-01.dmp 2013-01-27 21:17 - 2013-01-27 14:27 - 00002091 ____A C:\Users\Michelle\Desktop\popups to rid.txt 2013-01-27 15:10 - 2013-01-26 16:29 - 00000000 ____D C:\Users\Michelle\Application Data\QuickScan 2013-01-27 15:10 - 2013-01-26 16:29 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\QuickScan 2013-01-27 14:30 - 2011-05-19 03:49 - 00359860 ____A C:\Users\Michelle\My Documents\unicode.txt 2013-01-27 14:30 - 2011-05-19 03:49 - 00359860 ____A C:\Users\Michelle\Documents\unicode.txt 2013-01-27 13:51 - 2012-06-28 18:41 - 00000918 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3488472860-609737526-646370250-1000Core.job 2013-01-26 20:06 - 2013-01-26 20:06 - 00000529 ____A C:\Users\Michelle\Desktop\mbar-1.01.0.1016 - Shortcut.lnk 2013-01-26 19:23 - 2013-01-26 19:23 - 00000000 ____D C:\Users\Michelle\My Documents\mbar-1.01.0.1016 2013-01-26 19:23 - 2013-01-26 19:23 - 00000000 ____D C:\Users\Michelle\Documents\mbar-1.01.0.1016 2013-01-26 19:03 - 2008-01-20 19:26 - 00184774 ____A C:\Windows\PFRO.log 2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Users\Michelle\Application Data\Malwarebytes 2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Malwarebytes 2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Users\All Users\Malwarebytes 2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes 2013-01-26 18:51 - 2013-01-26 18:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-26 18:49 - 2013-01-26 18:49 - 10156424 ____A (Malwarebytes Corporation ) C:\Users\Michelle\Downloads\mbam-setup.exe 2013-01-26 16:32 - 2011-05-21 15:12 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2013-01-25 10:30 - 2013-01-25 10:30 - 00000000 ____D C:\Users\Michelle\Application Data\SUPERAntiSpyware.com 2013-01-25 10:30 - 2013-01-25 10:30 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\SUPERAntiSpyware.com 2013-01-25 10:30 - 2013-01-25 10:28 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2013-01-25 10:29 - 2013-01-25 10:29 - 00001756 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2013-01-25 10:29 - 2013-01-25 10:29 - 00001756 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk 2013-01-25 10:28 - 2013-01-25 10:28 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com 2013-01-25 10:28 - 2013-01-25 10:28 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com 2013-01-25 10:25 - 2013-01-25 10:25 - 23508968 ____A (SUPERAntiSpyware.com) C:\Users\Michelle\Downloads\SUPERAntiSpyware.exe 2013-01-25 10:09 - 2013-01-25 10:08 - 80047680 ____A (Microsoft Corporation) C:\Users\Michelle\Downloads\msert.exe 2013-01-24 20:35 - 2008-10-24 00:04 - 00000000 ____D C:\Users\All Users\Application Data\Adobe 2013-01-24 20:35 - 2008-10-24 00:04 - 00000000 ____D C:\Users\All Users\Adobe 2013-01-24 20:28 - 2013-01-24 20:29 - 00859552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-01-24 20:28 - 2013-01-24 20:29 - 00261024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-01-24 20:28 - 2013-01-24 20:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-01-24 20:28 - 2013-01-24 20:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-01-24 20:28 - 2013-01-24 20:29 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-01-24 20:28 - 2011-07-09 07:02 - 00780192 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-01-24 20:28 - 2008-10-24 00:21 - 00000000 ____D C:\Program Files (x86)\Java 2013-01-24 20:27 - 2013-01-24 20:26 - 31473568 ____A (Oracle Corporation) C:\Users\Michelle\Downloads\jre-7u11-windows-i586.exe 2013-01-24 20:12 - 2012-06-21 10:20 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-01-24 20:12 - 2011-05-19 05:57 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-01-24 19:49 - 2013-01-01 12:30 - 00000732 ____A C:\Users\Michelle\Local Settings\d3d9caps64.dat 2013-01-24 19:49 - 2013-01-01 12:30 - 00000732 ____A C:\Users\Michelle\Local Settings\Application Data\d3d9caps64.dat 2013-01-24 19:49 - 2013-01-01 12:30 - 00000732 ____A C:\Users\Michelle\AppData\Local\d3d9caps64.dat 2013-01-23 21:20 - 2013-01-23 21:20 - 00733296 ____A (Webroot) C:\Users\Michelle\Downloads\wsainstall.exe 2013-01-23 21:19 - 2012-01-30 15:42 - 00000000 ____D C:\Program Files (x86)\Webroot 2013-01-23 21:08 - 2013-01-23 21:07 - 00275848 ____A (Webroot Software Inc (www.webroot.com)) C:\Users\Michelle\Downloads\CleanWDF.exe 2013-01-23 20:14 - 2006-11-02 07:21 - 00310712 ____A C:\Windows\System32\FNTCACHE.DAT 2013-01-23 19:16 - 2006-11-02 04:35 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-01-23 15:40 - 2013-01-23 15:40 - 00281952 ____A C:\Windows\Minidump\Mini012313-01.dmp 2013-01-23 09:42 - 2013-01-23 09:42 - 00004539 ____A C:\Users\Michelle\Desktop\webroot fix.txt 2013-01-18 17:51 - 2013-01-18 17:51 - 00282008 ____A C:\Windows\Minidump\Mini011813-01.dmp 2013-01-18 17:51 - 2012-06-03 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-01-18 15:09 - 2013-01-18 15:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-01-09 11:27 - 2013-01-26 23:03 - 01356360 ____A (Malwarebytes Corporation) C:\Users\Michelle\Desktop\mbar.exe 2013-01-02 17:59 - 2013-01-02 17:59 - 00001637 ____A C:\Users\Michelle\Desktop\Paint.lnk 2013-01-02 17:40 - 2013-01-02 17:40 - 00000134 ____A C:\Users\Michelle\Desktop\Windows Defender - Shortcut.lnk 2013-01-02 17:37 - 2013-01-02 17:37 - 00000000 ____D C:\Users\Michelle\Local Settings\IsolatedStorage 2013-01-02 17:37 - 2013-01-02 17:37 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\IsolatedStorage 2013-01-02 17:37 - 2013-01-02 17:37 - 00000000 ____D C:\Users\Michelle\AppData\Local\IsolatedStorage 2013-01-02 07:45 - 2006-11-02 04:33 - 65798144 ____A C:\Windows\System32\config\software_previous 2013-01-02 07:45 - 2006-11-02 04:33 - 18874368 ____A C:\Windows\System32\config\system_previous 2013-01-02 07:44 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\spool 2013-01-02 07:44 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\Msdtc 2013-01-02 07:44 - 2006-11-02 05:33 - 00000000 __RSD C:\Windows\Media 2013-01-02 07:44 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache 2013-01-02 07:43 - 2011-05-19 01:50 - 00000000 ____D C:\Users\All Users\Yahoo! Companion 2013-01-02 07:43 - 2011-05-19 01:50 - 00000000 ____D C:\Users\All Users\Application Data\Yahoo! Companion 2013-01-02 07:43 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\registration 2013-01-02 07:28 - 2006-11-02 04:33 - 62652416 ____A C:\Windows\System32\config\components_previous 2013-01-02 07:28 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\sam_previous 2013-01-02 04:47 - 2011-05-18 21:38 - 00000000 ____D C:\users\Michelle 2013-01-02 04:24 - 2012-12-06 11:39 - 00000000 ____D C:\Users\Michelle\Local Settings\Unity 2013-01-02 04:24 - 2012-12-06 11:39 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\Unity 2013-01-02 04:24 - 2012-12-06 11:39 - 00000000 ____D C:\Users\Michelle\AppData\Local\Unity 2013-01-02 04:23 - 2008-10-23 23:28 - 00000000 ____D C:\Users\All Users\WildTangent 2013-01-02 04:23 - 2008-10-23 23:28 - 00000000 ____D C:\Users\All Users\Application Data\WildTangent 2013-01-02 04:23 - 2008-10-23 23:28 - 00000000 ____D C:\Program Files (x86)\HP Games 2012-12-30 13:07 - 2012-12-30 08:28 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog 2012-12-30 13:04 - 2012-12-30 13:04 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bmepmwfm.sys 2012-12-30 13:03 - 2012-12-29 09:37 - 00000000 ____D C:\Users\Michelle\Local Settings\Conduit 2012-12-30 13:03 - 2012-12-29 09:37 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\Conduit 2012-12-30 13:03 - 2012-12-29 09:37 - 00000000 ____D C:\Users\Michelle\AppData\Local\Conduit 2012-12-30 08:27 - 2012-12-30 08:27 - 00000000 ____D C:\Users\Michelle\Local Settings\visi_coupon 2012-12-30 08:27 - 2012-12-30 08:27 - 00000000 ____D C:\Users\Michelle\Local Settings\Application Data\visi_coupon 2012-12-30 08:27 - 2012-12-30 08:27 - 00000000 ____D C:\Users\Michelle\AppData\Local\visi_coupon 2012-12-30 08:24 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\Resources 2012-12-30 02:07 - 2012-12-30 02:06 - 00277288 ____A C:\Windows\Minidump\Mini123012-01.dmp 2012-12-30 00:02 - 2011-06-08 10:54 - 00028672 ____A C:\Users\Michelle\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-12-30 00:02 - 2011-06-08 10:54 - 00028672 ____A C:\Users\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-12-30 00:02 - 2011-06-08 10:54 - 00028672 ____A C:\Users\Michelle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2012-12-12 01:09] - [2012-08-21 03:50] - 0267648 ____A (Microsoft Corporation) 582F710097B46140F5A89A19A6573D4B ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-01-24 23:39:23 Restore point made on: 2013-01-25 17:24:34 Restore point made on: 2013-01-26 19:55:46 Restore point made on: 2013-01-28 07:37:11 ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 3998.27 MB Available physical RAM: 3203.44 MB Total Pagefile: 3675.47 MB Available Pagefile: 3265.25 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:453.29 GB) (Free:389.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (RECOVERY) (Fixed) (Total:12.47 GB) (Free:1.98 GB) NTFS ==>[System with boot components (obtained from reading drive)] 5 Drive g: () (Removable) (Total:3.76 GB) (Free:3.55 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 466 GB 1024 KB Disk 1 No Media 0 B 0 B Disk 2 Online 3856 MB 0 B Partitions of Disk 0: =============== Disk ID: 7E2456CC Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 453 GB 32 KB Partition 2 Primary 12 GB 453 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C NTFS Partition 453 GB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D RECOVERY NTFS Partition 12 GB Healthy ========================================================= Partitions of Disk 2: =============== Disk ID: 04DD5721 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3856 MB 32 KB ================================================================================== Disk: 2 Partition 1 Type : 0B Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G FAT32 Removable 3856 MB Healthy ========================================================= Last Boot: 2013-01-28 03:28 ==================== End Of Log ============================= Farbar Recovery Scan Tool (x64) Version: 21-01-2013 02 Ran by SYSTEM at 2013-01-28 11:24:03 Running from G:\ ================== Search: "services.exe" =================== C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe [2011-05-20 11:38] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe [2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe [2011-05-20 11:39] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3 C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe [2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719 C:\WINDOWS\SysWOW64\services.exe [2011-05-20 11:38] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B C:\WINDOWS\System32\services.exe [2011-05-20 11:39] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3 ====== End Of Search ====== [/QUOTE]
Insert quotes…
Verification
Post reply
Top