Jump to content

zbot detected and MSE says removed but more problems


Recommended Posts

Hi any help would be greatly appreciated!

 

2 weeks ago I visited a baseball website (gotembaseball.com) for my son that we visit regularly and saw that the website was acting funny and wouldn't load. Within minutes Microsoft Security Essentials detected and quarantined a zbot. I went to the quarantine and deleted the file. Not thinking the two were connected we went back to the website a while later to see if it was up and MSE detected the zbot again and I deleted it again.

 

Shortly after that Firefox started running funny and then would freeze. I uninstalled Firefox v22 and re-installed. As soon as it tried to open it froze and I had to use Task Manager to kill it. I uninstalled and tried to re-install with no success. I tried installing a beta of v23 and same problem. I then tried to get into my Firefox profile to back-up my bookmarks but explorer would freeze as soon as I opened my profile folder and I had to kill it in task manager. I tried to delete the folder and explorer froze and I had to kill the process in task manager. I find it really strange that windows will not allow me to open, copy or delete anything in this folder. It seems like it is protecting itself and might be infected. I'm wondering if (gotembaseball.com) was highjacked and used to upload something into my firefox profile files.

 

Since this happened 2 weeks ago my computer runs ALOT slower, too.

 

I've tried doing some of the things suggested in the forums here, but I think it would be better to start over step-by-step with an expert rather than assume I did anything correctly.

 

Thanks

 

 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by Chris (administrator) on 31-07-2013 22:13:16
Running from C:\Users\Chris\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Cincinnati Fan) C:\Program Files (x86)\Cincinnati Fan\FanQuote\CinFanUpdaterService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Acresso Software Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\windows\SysWOW64\NOTEPAD.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
(Microsoft Corporation) C:\windows\SysWOW64\NOTEPAD.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] -  [x]
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon [x]
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [intelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-14] (SUPERAntiSpyware.com)
MountPoints2: {325d4ed8-49ff-11e2-b57e-dc0ea147e0c4} - E:\VZW_Software_upgrade_assistant_installer.exe
MountPoints2: {93081a63-4c95-11e2-a1f8-4025c2b00fbc} - E:\TL-Bootstrap.exe
HKLM-x32\...\Run: [sVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624056 2011-08-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [DelayTSS] - C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe [2153328 2011-11-21] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Chris\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 CinFanUpdater; C:\Program Files (x86)\Cincinnati Fan\FanQuote\CinFanUpdaterService.exe [15872 2011-10-31] (Cincinnati Fan)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-05-01] (SlySoft, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-31 22:12 - 2013-07-31 22:12 - 01781589 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2013-07-31 21:04 - 2013-07-31 21:04 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-07-31 21:04 - 2013-07-31 21:04 - 00000000 ____D C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
2013-07-31 21:04 - 2013-07-31 21:04 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-07-31 21:04 - 2013-07-31 21:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-31 21:02 - 2013-07-31 21:04 - 26785808 _____ (SUPERAntiSpyware) C:\Users\Chris\Desktop\SUPERAntiSpyware.exe
2013-07-31 20:59 - 2013-07-31 21:04 - 00002383 _____ C:\Users\Chris\Desktop\FSS.txt
2013-07-31 20:58 - 2013-07-31 20:59 - 00357145 _____ (Farbar) C:\Users\Chris\Downloads\FSS.exe
2013-07-31 19:28 - 2013-07-31 19:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-31 19:28 - 2013-07-31 19:28 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-31 19:28 - 2013-07-31 19:28 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2013-07-31 19:28 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2013-07-31 19:27 - 2013-07-31 19:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-31 16:54 - 2013-07-31 16:55 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\Chris\Desktop\spybotsd-2.1.21-SR2.exe
2013-07-31 16:48 - 2013-07-31 16:48 - 00000000 ____D C:\windows\system32\MRT
2013-07-31 16:40 - 2013-07-31 16:40 - 01402880 _____ C:\Users\Chris\Desktop\HiJackThis.msi
2013-07-31 16:40 - 2013-07-31 16:40 - 00002975 _____ C:\Users\Chris\Desktop\HiJackThis.lnk
2013-07-31 16:40 - 2013-07-31 16:40 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-07-31 16:40 - 2013-07-31 16:40 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-07-31 16:31 - 2013-07-31 16:32 - 00891098 _____ C:\Users\Chris\Downloads\SecurityCheck.exe
2013-07-31 08:27 - 2013-07-31 08:27 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-29 16:33 - 2013-07-29 16:33 - 00000000 ____D C:\windows\pss
2013-07-27 07:40 - 2013-07-27 07:40 - 00000000 ____D C:\Users\Chris\Desktop\ProcessExplorer
2013-07-27 07:39 - 2013-07-27 07:39 - 01176629 _____ C:\Users\Chris\Desktop\ProcessExplorer.zip
2013-07-27 07:04 - 2013-06-24 00:57 - 78277128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-26 18:10 - 2013-07-30 21:17 - 00007607 _____ C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
2013-07-22 21:21 - 2012-05-11 13:34 - 00157472 _____ (Sun Microsystems, Inc.) C:\windows\SysWOW64\javaws.exe
2013-07-22 21:21 - 2012-05-11 13:34 - 00145184 _____ (Sun Microsystems, Inc.) C:\windows\SysWOW64\javaw.exe
2013-07-22 21:21 - 2012-05-11 13:34 - 00145184 _____ (Sun Microsystems, Inc.) C:\windows\SysWOW64\java.exe
2013-07-22 21:20 - 2013-07-22 21:20 - 00000000 ____D C:\ProgramData\McAfee
2013-07-22 21:19 - 2013-07-22 21:19 - 00903080 _____ (Oracle Corporation) C:\Users\Chris\Downloads\jxpiinstall(1).exe
2013-07-22 16:20 - 2013-07-22 16:20 - 00000000 ____D C:\Users\Chris\AppData\Local\{DC2574B1-E196-40B9-BDB9-2521849A8E59}
2013-07-21 23:01 - 2013-07-21 23:01 - 00000000 ____D C:\ProgramData\APN
2013-07-21 22:57 - 2013-07-21 22:57 - 01035696 _____ (Ask.com) C:\Users\Chris\Downloads\OffercastInstaller_AVR_U-0087-01-PlateauLines-0805-01-en_.exe
2013-07-21 19:09 - 2013-07-21 19:09 - 00000000 ____D C:\Users\Chris\Documents\QBBackupTemp Sun, Jul 21 2013 07 09 26 PM
2013-07-18 22:03 - 2013-07-18 22:03 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Malwarebytes
2013-07-18 22:03 - 2013-07-18 22:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-18 22:02 - 2013-07-26 16:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-18 22:02 - 2013-07-18 22:02 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Chris\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-18 22:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-07-18 10:22 - 2013-07-18 10:22 - 01069944 _____ (Solid State Networks) C:\Users\Chris\Downloads\install_reader11_en_mssd_aaa_aih.exe
2013-07-12 15:57 - 2013-07-12 15:57 - 30360152 _____ C:\Users\Chris\Downloads\OJ4620_Basicx64_1315.exe
2013-07-12 15:57 - 2013-07-12 15:57 - 00000057 _____ C:\ProgramData\Ament.ini
2013-07-11 10:38 - 2013-07-11 10:38 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2013-07-11 06:50 - 2013-06-11 16:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-11 06:50 - 2013-06-11 16:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-11 06:50 - 2013-06-11 16:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-11 06:50 - 2013-06-11 16:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-11 06:50 - 2013-06-11 16:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-11 06:50 - 2013-06-11 16:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-11 06:50 - 2013-06-11 16:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-11 06:50 - 2013-06-11 16:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-11 06:50 - 2013-06-11 16:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-11 06:50 - 2013-06-11 16:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-11 06:50 - 2013-06-11 16:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-11 06:50 - 2013-06-11 16:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-11 06:50 - 2013-06-11 16:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-11 06:50 - 2013-06-11 16:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-11 06:50 - 2013-06-11 16:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-11 06:50 - 2013-06-11 16:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-11 06:50 - 2013-06-11 16:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-11 06:50 - 2013-06-11 15:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 06:50 - 2013-06-11 15:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-11 06:50 - 2013-06-06 20:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-11 06:50 - 2013-06-06 19:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-10 07:00 - 2013-06-04 20:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-10 07:00 - 2013-06-03 23:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-10 07:00 - 2013-06-03 21:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-10 07:00 - 2013-05-05 23:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-10 07:00 - 2013-05-05 21:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-10 07:00 - 2013-04-09 16:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-10 07:00 - 2013-04-02 15:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-09 16:48 - 2013-07-09 16:48 - 00260506 _____ C:\Users\Chris\Downloads\SSMauii Conversion XPRF Fan Quote.tiff
2013-07-07 15:16 - 2013-07-07 15:18 - 33397640 _____ (Amazon) C:\Users\Chris\Downloads\AmazonCloudPlayerInstaller332._V381017050_.exe
2013-07-06 14:45 - 2013-07-06 14:45 - 00000000 ____D C:\Users\Chris\Desktop\Old Firefox Data-1
2013-07-05 08:00 - 2013-07-05 08:00 - 00000000 _____ C:\Users\Chris\Sti_Trace.log
2013-07-03 11:46 - 2013-07-26 17:15 - 00000000 ____D C:\Users\Chris\AppData\Local\Citrix
2013-07-02 11:14 - 2013-07-26 16:46 - 00000000 ____D C:\Users\Chris\Desktop\Old Firefox Data
2013-07-01 13:35 - 2013-07-01 13:35 - 01034464 _____ (Solid State Networks) C:\Users\Chris\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
2013-07-01 07:06 - 2013-07-03 06:54 - 00000000 ____D C:\Users\Chris\Desktop\Files to delete
149

==================== One Month Modified Files and Folders =======

2013-07-31 22:13 - 2013-07-31 22:13 - 00000000 ____D C:\FRST
2013-07-31 22:12 - 2013-07-31 22:12 - 01781589 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2013-07-31 22:08 - 2009-07-13 21:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 22:08 - 2009-07-13 21:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-31 22:05 - 2012-02-23 11:31 - 01887228 _____ C:\windows\WindowsUpdate.log
2013-07-31 21:54 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-31 21:54 - 2009-07-13 21:51 - 00096209 _____ C:\windows\setupact.log
2013-07-31 21:10 - 2012-03-07 17:26 - 00000000 ____D C:\Users\Chris\AppData\Local\Google
2013-07-31 21:10 - 2012-02-23 11:54 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-31 21:04 - 2013-07-31 21:04 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-07-31 21:04 - 2013-07-31 21:04 - 00000000 ____D C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
2013-07-31 21:04 - 2013-07-31 21:04 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-07-31 21:04 - 2013-07-31 21:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-31 21:04 - 2013-07-31 21:02 - 26785808 _____ (SUPERAntiSpyware) C:\Users\Chris\Desktop\SUPERAntiSpyware.exe
2013-07-31 21:04 - 2013-07-31 20:59 - 00002383 _____ C:\Users\Chris\Desktop\FSS.txt
2013-07-31 20:59 - 2013-07-31 20:58 - 00357145 _____ (Farbar) C:\Users\Chris\Downloads\FSS.exe
2013-07-31 20:43 - 2013-06-26 07:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-31 20:43 - 2012-03-08 09:17 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Mozilla
2013-07-31 19:41 - 2009-07-13 22:13 - 00779266 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-31 19:30 - 2013-07-31 19:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-31 19:28 - 2013-07-31 19:28 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-31 19:28 - 2013-07-31 19:28 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2013-07-31 19:28 - 2013-07-31 19:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-31 19:27 - 2012-03-08 12:39 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Cincinnati Fan
2013-07-31 17:54 - 2012-03-07 16:55 - 00000000 ____D C:\Users\Chris
2013-07-31 16:55 - 2013-07-31 16:54 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\Chris\Desktop\spybotsd-2.1.21-SR2.exe
2013-07-31 16:49 - 2013-07-31 16:48 - 00000000 ____D C:\windows\system32\MRT
2013-07-31 16:40 - 2013-07-31 16:40 - 01402880 _____ C:\Users\Chris\Desktop\HiJackThis.msi
2013-07-31 16:40 - 2013-07-31 16:40 - 00002975 _____ C:\Users\Chris\Desktop\HiJackThis.lnk
2013-07-31 16:40 - 2013-07-31 16:40 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-07-31 16:40 - 2013-07-31 16:40 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-07-31 16:32 - 2013-07-31 16:31 - 00891098 _____ C:\Users\Chris\Downloads\SecurityCheck.exe
2013-07-31 08:27 - 2013-07-31 08:27 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-30 23:06 - 2010-11-20 20:47 - 00414602 _____ C:\windows\PFRO.log
2013-07-30 21:17 - 2013-07-26 18:10 - 00007607 _____ C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
2013-07-30 18:44 - 2012-10-05 14:53 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-07-30 18:44 - 2012-03-07 17:11 - 00000000 ____D C:\Users\Chris\AppData\Local\Adobe
2013-07-30 18:44 - 2011-11-21 21:31 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-29 22:03 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\NDF
2013-07-29 21:13 - 2012-07-17 18:32 - 00000125 ___SH C:\ProgramData\.zreglib
2013-07-29 20:19 - 2012-03-07 17:02 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Toshiba
2013-07-29 16:33 - 2013-07-29 16:33 - 00000000 ____D C:\windows\pss
2013-07-29 16:14 - 2012-03-08 14:17 - 13828096 ____R C:\Users\Chris\Documents\Air Handling Equipment, Inc..QBW
2013-07-29 16:14 - 2012-03-08 14:17 - 00196608 ____R C:\Users\Chris\Documents\Air Handling Equipment, Inc..QBW.TLG
2013-07-29 16:14 - 2012-03-08 14:17 - 00000359 _____ C:\Users\Chris\Documents\Air Handling Equipment, Inc..QBW.ND
2013-07-27 07:40 - 2013-07-27 07:40 - 00000000 ____D C:\Users\Chris\Desktop\ProcessExplorer
2013-07-27 07:39 - 2013-07-27 07:39 - 01176629 _____ C:\Users\Chris\Desktop\ProcessExplorer.zip
2013-07-26 18:20 - 2012-05-11 13:01 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-07-26 17:48 - 2012-05-11 13:34 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-26 17:15 - 2013-07-03 11:46 - 00000000 ____D C:\Users\Chris\AppData\Local\Citrix
2013-07-26 17:13 - 2012-06-25 06:57 - 00000000 ____D C:\Users\Chris\AppData\Local\ATT Connect
2013-07-26 17:11 - 2012-08-22 10:50 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Amazon
2013-07-26 17:11 - 2012-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-07-26 16:49 - 2009-07-13 22:08 - 00032578 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-26 16:47 - 2013-07-18 22:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-26 16:47 - 2012-05-01 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-26 16:46 - 2013-07-02 11:14 - 00000000 ____D C:\Users\Chris\Desktop\Old Firefox Data
2013-07-26 16:46 - 2012-03-08 14:08 - 00000000 ____D C:\Users\Chris\AppData\Local\Intuit
2013-07-26 16:46 - 2012-03-08 13:23 - 00000000 ____D C:\ProgramData\FLEXnet
2013-07-26 16:46 - 2012-03-08 10:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-26 16:46 - 2012-03-08 09:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-26 16:46 - 2012-03-07 16:59 - 00000000 ___RD C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-26 16:46 - 2012-03-07 16:59 - 00000000 ___RD C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-26 16:46 - 2010-11-21 00:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-26 16:46 - 2010-11-21 00:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-26 16:46 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-26 16:46 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-26 16:46 - 2009-07-13 20:20 - 00000000 ____D C:\windows\AppCompat
2013-07-26 16:46 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-26 16:45 - 2010-11-21 00:16 - 00000000 ____D C:\windows\ShellNew
2013-07-26 16:45 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2013-07-26 16:45 - 2009-07-13 20:20 - 00000000 ____D C:\windows\L2Schemas
2013-07-26 16:43 - 2009-07-13 20:20 - 00000000 ____D C:\windows\registration
2013-07-26 15:18 - 2012-03-08 10:21 - 00001945 _____ C:\windows\epplauncher.mif
2013-07-25 07:45 - 2012-10-10 07:54 - 00000000 ____D C:\Users\Chris\Desktop\Mobile files need to be saved
2013-07-22 21:21 - 2012-05-09 15:43 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll
2013-07-22 21:21 - 2011-11-21 21:31 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2013-07-22 21:20 - 2013-07-22 21:20 - 00000000 ____D C:\ProgramData\McAfee
2013-07-22 21:19 - 2013-07-22 21:19 - 00903080 _____ (Oracle Corporation) C:\Users\Chris\Downloads\jxpiinstall(1).exe
2013-07-22 21:16 - 2011-11-21 21:31 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-22 16:20 - 2013-07-22 16:20 - 00000000 ____D C:\Users\Chris\AppData\Local\{DC2574B1-E196-40B9-BDB9-2521849A8E59}
2013-07-21 23:01 - 2013-07-21 23:01 - 00000000 ____D C:\ProgramData\APN
2013-07-21 22:57 - 2013-07-21 22:57 - 01035696 _____ (Ask.com) C:\Users\Chris\Downloads\OffercastInstaller_AVR_U-0087-01-PlateauLines-0805-01-en_.exe
2013-07-21 19:33 - 2012-03-08 12:35 - 00000000 ____D C:\Program Files (x86)\Cincinnati Fan
2013-07-21 19:09 - 2013-07-21 19:09 - 00000000 ____D C:\Users\Chris\Documents\QBBackupTemp Sun, Jul 21 2013 07 09 26 PM
2013-07-20 19:48 - 2012-03-13 20:33 - 00000000 ____D C:\Users\Chris\Documents\AHE Financial
2013-07-18 22:03 - 2013-07-18 22:03 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Malwarebytes
2013-07-18 22:03 - 2013-07-18 22:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-18 22:02 - 2013-07-18 22:02 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Chris\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-18 10:22 - 2013-07-18 10:22 - 01069944 _____ (Solid State Networks) C:\Users\Chris\Downloads\install_reader11_en_mssd_aaa_aih.exe
2013-07-17 12:04 - 2012-12-12 23:39 - 00000000 ____D C:\ProgramData\HP
2013-07-17 12:04 - 2012-12-12 23:39 - 00000000 ____D C:\Program Files (x86)\HP
2013-07-17 12:04 - 2012-12-12 23:38 - 00000000 ____D C:\Program Files\HP
2013-07-12 15:59 - 2012-03-12 13:34 - 00000000 ____D C:\Users\Chris\AppData\Local\HP
2013-07-12 15:57 - 2013-07-12 15:57 - 30360152 _____ C:\Users\Chris\Downloads\OJ4620_Basicx64_1315.exe
2013-07-12 15:57 - 2013-07-12 15:57 - 00000057 _____ C:\ProgramData\Ament.ini
2013-07-11 15:20 - 2009-07-13 21:45 - 00461088 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-11 10:38 - 2013-07-11 10:38 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2013-07-09 16:48 - 2013-07-09 16:48 - 00260506 _____ C:\Users\Chris\Downloads\SSMauii Conversion XPRF Fan Quote.tiff
2013-07-07 15:18 - 2013-07-07 15:16 - 33397640 _____ (Amazon) C:\Users\Chris\Downloads\AmazonCloudPlayerInstaller332._V381017050_.exe
2013-07-06 14:45 - 2013-07-06 14:45 - 00000000 ____D C:\Users\Chris\Desktop\Old Firefox Data-1
2013-07-05 08:00 - 2013-07-05 08:00 - 00000000 _____ C:\Users\Chris\Sti_Trace.log
2013-07-03 06:54 - 2013-07-01 07:06 - 00000000 ____D C:\Users\Chris\Desktop\Files to delete
2013-07-02 07:55 - 2013-01-05 10:16 - 00000000 ____D C:\Users\Chris\Documents\My Kindle Content
2013-07-01 13:35 - 2013-07-01 13:35 - 01034464 _____ (Solid State Networks) C:\Users\Chris\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
2013-07-01 12:13 - 2012-03-13 20:33 - 00000000 ____D C:\Users\Chris\Documents\CW Personal

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-07-23 17:35

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2013 03
Ran by Chris at 2013-07-31 22:14:35
Running from C:\Users\Chris\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

  
 TrueView 2012 (Version: 18.2.51.0)
Adobe Acrobat 8 Professional (x32 Version: 8.3.1)
Adobe Acrobat 8.3.1 - CPSID_83708 (x32)
Adobe Acrobat 8.3.1 Professional (x32 Version: 8.3.1)
Adobe AIR (x32 Version: 3.5.0.880)
Adobe Customization Wizard 8 (x32 Version: 8.0.0)
Adobe Flash Player 10 ActiveX (x32 Version: 10.3.181.34)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.02)
Amazon Kindle (x32)
AnyDVD (x32 Version: 7.0.6.0)
Brother MFL-Pro Suite MFC-J825DW (x32 Version: 1.1.6.0)
Cincinnati Fan Selector and Quote (x32 Version: 8.0.5)
CloneDVD2 (x32 Version: 2.9.3.0)
Crystal Reports Basic Runtime for Visual Studio 2008 (x32 Version: 10.5.1.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Esp32 (x32)
Fanpro (x32 Version: 3.00.0000)
HiJackThis (x32 Version: 1.0.0)
HP Deskjet 1000 J110 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1000 J110 series Help (x32 Version: 140.0.65.65)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 8.15.10.2430)
Intel® PROSet/Wireless WiFi Software (Version: 14.01.1000)
Intel® Rapid Storage Technology (x32 Version: 10.1.2.1004)
Intel® WiDi (x32 Version: 2.1.42.0)
Intel® Wireless Display
Intel® PROSet/Wireless WiMAX Software (Version: 6.05.0000)
Java Auto Updater (x32 Version: 2.1.9.5)
Java 6 Update 26 (x32 Version: 6.0.260)
JMicron Flash Media Controller Driver (x32 Version: 1.0.57.2)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Nuance PaperPort 12 (x32 Version: 12.1.0000)
Nuance PDF Viewer Plus (x32 Version: 5.30.3290)
OpenOffice.org 3.4 (x32 Version: 3.4.9590)
PaperPort Image Printer 64-bit (Version: 1.00.0001)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
QuickBooks (x32 Version: 19.0.4014.705)
QuickBooks Pro 2009 (x32 Version: 19.0.4014.705)
Realtek Ethernet Controller Driver (x32 Version: 7.38.113.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6305)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (x32 Version: 13.0.4.705)
Scansoft PDF Professional (x32)
SolidWorks eDrawings 2012 (x32 Version: 12.4.108)
Spybot - Search & Destroy (x32 Version: 2.1.21)
SUPERAntiSpyware (Version: 5.6.1020)
SupportSoft Assisted Service (x32 Version: 15)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
TeamViewer 7 (x32 Version: 7.0.14563)
TOSHIBA Application Installer (x32 Version: 9.0.1.2)
TOSHIBA Assist (x32 Version: 4.2.3.0)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA eco Utility (Version: 1.3.5.64)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C)
TOSHIBA Hardware Setup (x32 Version: 1.63.1.37C)
TOSHIBA HDD Protection (Version: 2.2.2.15)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.9)
TOSHIBA Media Controller (x32 Version: 1.0.87.4)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.7.5)
TOSHIBA PC Health Monitor (Version: 1.7.9.64)
TOSHIBA Quality Application (x32 Version: 1.0.4)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.5.5109a)
TOSHIBA ReelTime (Version: 1.7.21.64)
TOSHIBA ReelTime (x32 Version: 1.7.21.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.2001)
TOSHIBA Service Station (x32 Version: 2.3.0)
TOSHIBA Sleep Utility (x32 Version: 1.4.2.8)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C)
TOSHIBA Value Added Package (Version: 1.6.1.64)
TOSHIBA Value Added Package (x32 Version: 1.6.1.64)
TOSHIBA VIDEO PLAYER (x32 Version: 4.00.7.06-A)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3)
TOSHIBA Wireless Display Monitor (x32 Version: 1.0.1)
TOSHIBARegistration (x32 Version: 1.0.9)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Utility Common Driver (x32 Version: 1.0.52.3C)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WModem Driver Installer (x32 Version: 2.0.6.9)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0DF386D2-643B-46E9-8BC8-DF1D617B7D7A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe No File
Task: {37447877-A1F3-4B2E-943E-8045547CBC04} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {4BD45516-CABA-42E8-B33B-0652A90816F6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {53649796-EDCB-4F42-8CDB-C52C2CE6E51D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe No File
Task: {58DCE1B0-759E-475A-A857-93F6168ADE1E} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {7B3DDCEB-66F8-4A25-AF3C-9EC97DCE2D15} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe No File
Task: {D2D6EE34-AD78-41BA-A6CD-E4AFF5470B6F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {F9EC569E-7619-4C25-BE9B-63BBC0EFA5FF} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2013 09:57:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 09:45:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 08:19:41 PM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 930

Start Time: 01ce8e653a6c9886

Termination Time: 16300

Application Path: C:\windows\explorer.exe

Report Id: 244fdebb-fa59-11e2-898a-dc0ea147e0c4

Error: (07/31/2013 07:46:27 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12c8

Start Time: 01ce8e51a7bb2dcd

Termination Time: 16

Application Path: C:\windows\Explorer.EXE

Report Id: 627017e9-fa54-11e2-898a-dc0ea147e0c4

Error: (07/31/2013 05:17:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 02:13:03 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (07/31/2013 02:03:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 08:31:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 08:27:30 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Student 2010; Error = 0x8007043c).

Error: (07/31/2013 07:58:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (07/31/2013 09:59:18 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error:
%%1053

Error: (07/31/2013 09:59:18 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.

Error: (07/31/2013 09:57:33 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/31/2013 09:57:19 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (07/31/2013 09:54:50 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (07/31/2013 09:54:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (07/31/2013 09:54:16 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:51:35 PM on ‎7/‎31/‎2013 was unexpected.

Error: (07/31/2013 09:51:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/31/2013 09:51:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/31/2013 09:51:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (07/31/2013 09:57:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 09:45:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 08:19:41 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.1.7601.1756793001ce8e653a6c988616300C:\windows\explorer.exe244fdebb-fa59-11e2-898a-dc0ea147e0c4

Error: (07/31/2013 07:46:27 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.1756712c801ce8e51a7bb2dcd16C:\windows\Explorer.EXE627017e9-fa54-11e2-898a-dc0ea147e0c4

Error: (07/31/2013 05:17:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 02:13:03 PM) (Source: Windows Backup)(User: )
Description: G:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (07/31/2013 02:03:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 08:31:54 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 08:27:30 AM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Student 20100x8007043c

Error: (07/31/2013 07:58:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 8099.77 MB
Available physical RAM: 5285.12 MB
Total Pagefile: 16197.71 MB
Available Pagefile: 12647.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI106332W0C) (Fixed) (Total:682.11 GB) (Free:607.91 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 27058636)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=682 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=17)

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

 

Yes, best not to run some of these tools without someone assisting you.

Please run the following steps and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.
Please don't put logs in code or quote tags or copy/paste them into your reply unless you're unable to attach them.
Please enable your system to show hidden files: How to see hidden files in Windows

P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

Good morning Ron,

 

I am going to get start going through the instructions you have provided and will begin posting the requested attachments.

 

Regarding the pricacy P2P/ Piracy warning, I believe the only P2P I have on this computer is TeamViewer 7, which is used to allow me to access my office files with the computer when I am on the road. If this is the program please let me know annd I will remove it. Both my sons have access to this computer, so if there are any other programs that voilate your terms please specifically let me know so I can remove them.

 

Your help is appreciated.

Link to post
Share on other sites

Question about Step 3:

 

How long does it typically take to run the MBAR scan? In the past sometimes when any scan scan gets to the folders where my Firefox profile is things have slowed way down or completely stopped. Last night I ran the HJT root kit scan and it ran from midnight and was frozen at 630am while scanning these folders. I had to manually shutdown and start over this morning with your instructions. Which leads me to believe these folders are infected and somehow are protecting themselves.

Link to post
Share on other sites

Step 4 - Junkware Removal Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows 7 Home Premium x64
Ran by Chris on Thu 08/01/2013 at 13:13:18.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{0905919E-0FD3-42DA-B978-D12869EB5E98}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{1B863C8D-58A6-4082-967C-E719DD84A7B1}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{24363266-D5EB-49FD-8873-E935547FB97A}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{2E8169C4-D82C-4B71-95A6-C7F59EC69972}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{38DFB49C-0135-4ED6-99DF-CD07C4823412}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{41771421-54EB-4151-B57A-8693DE0B2617}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{5976539F-8863-4927-AA94-B0B580EDD692}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{5E89FD26-E8FF-40D1-A75A-55D487B862FF}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{663B9998-1C6C-4077-80E6-004528277B6F}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{6AE86B42-ADDE-4038-997B-A067659685F1}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{78950EE9-8109-423B-A721-D6F5ABF2645B}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{7DCBEFCE-B10D-47B6-A73D-0C16E10E6560}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{84A3DF04-C5E3-4394-AF9A-B47E1AC9B0AB}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{892C192B-860F-45A1-818E-B71E977D1EFC}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{93A50C6B-94B5-4CC2-907A-33006DAF5A12}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{9755C012-F901-48AB-A100-ACFCEF1ACAF0}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{AFCF18B9-D425-4BD3-B593-08CB95E9BB4D}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{CCCDBAB4-79FD-44D5-96CC-3C9D2AB214A2}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{D9DD187F-C8B0-4322-8CE9-325351F5B699}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{DC2574B1-E196-40B9-BDB9-2521849A8E59}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{DF721803-6702-43BB-AC85-DD1D2FEBB7EB}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{E3AA4394-ADBC-42D6-839A-43B154F0D4CD}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{E7ACA049-4A26-41AE-8A92-23A3240E6F63}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{F40F4210-3155-4FAC-A701-205A436DC8DB}
Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{FC4ADF31-F009-40E0-8031-4E269568F530}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/01/2013 at 13:17:44.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Step 5 - AdwCleaner log

 

# AdwCleaner v2.306 - Logfile created 08/01/2013 at 13:27:02
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Chris - CHRIS-SATELLITE
# Boot Mode : Normal
# Running from : C:\Users\Chris\Desktop\AdwCleaner.exe
# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Chris\AppData\Local\Temp\APN

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Software

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [811 octets] - [31/07/2013 23:39:36]
AdwCleaner[s1].txt - [325 octets] - [31/07/2013 23:42:46]
AdwCleaner[s2].txt - [737 octets] - [01/08/2013 13:27:02]

########## EOF - C:\AdwCleaner[s2].txt - [796 octets] ##########

Link to post
Share on other sites

Step 6 - ESET Online Scanner - List of Threats

 

C:\$Recycle.Bin\S-1-5-21-4215904919-944863326-3642754217-1001\$RXXP4BN.exe Win32/SoftonicDownloader.D application
C:\Users\Chris\Downloads\OffercastInstaller_AVR_U-0087-01-PlateauLines-0805-01-en_.exe a variant of Win32/Bundled.Toolbar.Ask.D application

Link to post
Share on other sites

Step 7- Farbar Recovery log

 

can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013
Ran by Chris (administrator) on 01-08-2013 15:21:07
Running from C:\Users\Chris\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Cincinnati Fan) C:\Program Files (x86)\Cincinnati Fan\FanQuote\CinFanUpdaterService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Acresso Software Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] -  [x]
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon [x]
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [intelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
MountPoints2: {325d4ed8-49ff-11e2-b57e-dc0ea147e0c4} - E:\VZW_Software_upgrade_assistant_installer.exe
MountPoints2: {93081a63-4c95-11e2-a1f8-4025c2b00fbc} - E:\TL-Bootstrap.exe
HKLM-x32\...\Run: [sVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624056 2011-08-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [DelayTSS] - C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe [2153328 2011-11-21] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Chris\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 CinFanUpdater; C:\Program Files (x86)\Cincinnati Fan\FanQuote\CinFanUpdaterService.exe [15872 2011-10-31] (Cincinnati Fan)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-05-01] (SlySoft, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-01 15:15 - 2013-08-01 15:15 - 00000256 _____ C:\Users\Chris\Desktop\ESET online scanner - list of threats.txt
2013-08-01 13:56 - 2013-08-01 13:56 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-01 13:27 - 2013-08-01 13:27 - 00000862 _____ C:\AdwCleaner[s2].txt
2013-08-01 13:17 - 2013-08-01 13:17 - 00003414 _____ C:\Users\Chris\Desktop\JRT.txt
2013-08-01 13:13 - 2013-08-01 13:13 - 00000000 ____D C:\windows\ERUNT
2013-08-01 13:06 - 2013-08-01 13:06 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Chris\Desktop\JRT.exe
2013-08-01 11:53 - 2013-08-01 13:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-01 11:51 - 2013-08-01 11:51 - 00000000 ____D C:\Users\Chris\Desktop\mbar-1.06.0.1004
2013-08-01 11:49 - 2013-08-01 11:49 - 13399154 _____ C:\Users\Chris\Desktop\mbar-1.06.0.1004.zip
2013-08-01 11:44 - 2013-08-01 11:44 - 00001847 _____ C:\Users\Chris\Desktop\RKreport[0]_S_08012013_114408.txt
2013-08-01 11:40 - 2013-08-01 11:44 - 00000000 ____D C:\Users\Chris\Desktop\RK_Quarantine
2013-08-01 11:40 - 2013-08-01 11:40 - 03782656 _____ C:\Users\Chris\Desktop\RogueKillerX64.exe
2013-08-01 11:34 - 2013-08-01 11:34 - 00000935 _____ C:\Users\Chris\Desktop\NTREGOPT.lnk
2013-08-01 11:34 - 2013-08-01 11:34 - 00000916 _____ C:\Users\Chris\Desktop\ERUNT.lnk
2013-08-01 11:34 - 2013-08-01 11:34 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-08-01 11:20 - 2013-08-01 11:20 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Chris\Desktop\erunt-setup.exe
2013-07-31 23:42 - 2013-07-31 23:42 - 00000325 _____ C:\AdwCleaner[s1].txt
2013-07-31 23:39 - 2013-07-31 23:39 - 00666633 _____ C:\Users\Chris\Desktop\AdwCleaner.exe
2013-07-31 23:39 - 2013-07-31 23:39 - 00000811 _____ C:\AdwCleaner[R1].txt
2013-07-31 22:56 - 2013-07-31 22:56 - 00688992 _____ (Swearware) C:\Users\Chris\Desktop\dds.scr
2013-07-31 22:56 - 2013-07-31 22:56 - 00688992 _____ (Swearware) C:\Users\Chris\Desktop\dds.com
2013-07-31 22:14 - 2013-07-31 22:14 - 00021796 _____ C:\Users\Chris\Desktop\Addition.txt
2013-07-31 22:13 - 2013-07-31 22:13 - 00000000 ____D C:\FRST
2013-07-31 21:04 - 2013-07-31 21:04 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-07-31 21:04 - 2013-07-31 21:04 - 00000000 ____D C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
2013-07-31 21:04 - 2013-07-31 21:04 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-07-31 21:04 - 2013-07-31 21:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-31 21:02 - 2013-07-31 21:04 - 26785808 _____ (SUPERAntiSpyware) C:\Users\Chris\Desktop\SUPERAntiSpyware.exe
2013-07-31 20:59 - 2013-07-31 21:04 - 00002383 _____ C:\Users\Chris\Desktop\FSS.txt
2013-07-31 20:58 - 2013-07-31 20:59 - 00357145 _____ (Farbar) C:\Users\Chris\Downloads\FSS.exe
2013-07-31 19:28 - 2013-07-31 19:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-31 19:28 - 2013-07-31 19:28 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-31 19:28 - 2013-07-31 19:28 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2013-07-31 19:28 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2013-07-31 19:27 - 2013-07-31 19:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-31 16:54 - 2013-07-31 16:55 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\Chris\Desktop\spybotsd-2.1.21-SR2.exe
2013-07-31 16:48 - 2013-07-31 16:49 - 00000000 ____D C:\windows\system32\MRT
2013-07-31 16:40 - 2013-07-31 16:40 - 01402880 _____ C:\Users\Chris\Desktop\HiJackThis.msi
2013-07-31 16:40 - 2013-07-31 16:40 - 00002975 _____ C:\Users\Chris\Desktop\HiJackThis.lnk
2013-07-31 16:40 - 2013-07-31 16:40 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-07-31 16:40 - 2013-07-31 16:40 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-07-31 16:31 - 2013-07-31 16:32 - 00891098 _____ C:\Users\Chris\Downloads\SecurityCheck.exe
2013-07-31 08:27 - 2013-07-31 08:27 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-29 16:33 - 2013-07-29 16:33 - 00000000 ____D C:\windows\pss
2013-07-27 07:40 - 2013-07-27 07:40 - 00000000 ____D C:\Users\Chris\Desktop\ProcessExplorer
2013-07-27 07:39 - 2013-07-27 07:39 - 01176629 _____ C:\Users\Chris\Desktop\ProcessExplorer.zip
2013-07-27 07:04 - 2013-06-24 00:57 - 78277128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-26 18:10 - 2013-07-30 21:17 - 00007607 _____ C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
2013-07-22 21:21 - 2012-05-11 13:34 - 00157472 _____ (Sun Microsystems, Inc.) C:\windows\SysWOW64\javaws.exe
2013-07-22 21:21 - 2012-05-11 13:34 - 00145184 _____ (Sun Microsystems, Inc.) C:\windows\SysWOW64\javaw.exe
2013-07-22 21:21 - 2012-05-11 13:34 - 00145184 _____ (Sun Microsystems, Inc.) C:\windows\SysWOW64\java.exe
2013-07-22 21:20 - 2013-07-22 21:20 - 00000000 ____D C:\ProgramData\McAfee
2013-07-22 21:19 - 2013-07-22 21:19 - 00903080 _____ (Oracle Corporation) C:\Users\Chris\Downloads\jxpiinstall(1).exe
2013-07-21 22:57 - 2013-07-21 22:57 - 01035696 _____ (Ask.com) C:\Users\Chris\Downloads\OffercastInstaller_AVR_U-0087-01-PlateauLines-0805-01-en_.exe
2013-07-21 19:09 - 2013-07-21 19:09 - 00000000 ____D C:\Users\Chris\Documents\QBBackupTemp Sun, Jul 21 2013 07 09 26 PM
2013-07-18 22:03 - 2013-07-18 22:03 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Malwarebytes
2013-07-18 22:03 - 2013-07-18 22:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-18 22:02 - 2013-07-26 16:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-18 22:02 - 2013-07-18 22:02 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Chris\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-18 22:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-07-18 10:22 - 2013-07-18 10:22 - 01069944 _____ (Solid State Networks) C:\Users\Chris\Downloads\install_reader11_en_mssd_aaa_aih.exe
2013-07-12 15:57 - 2013-07-12 15:57 - 30360152 _____ C:\Users\Chris\Downloads\OJ4620_Basicx64_1315.exe
2013-07-12 15:57 - 2013-07-12 15:57 - 00000057 _____ C:\ProgramData\Ament.ini
2013-07-11 10:38 - 2013-07-11 10:38 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2013-07-11 06:50 - 2013-06-11 16:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-11 06:50 - 2013-06-11 16:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-11 06:50 - 2013-06-11 16:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-11 06:50 - 2013-06-11 16:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-11 06:50 - 2013-06-11 16:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-11 06:50 - 2013-06-11 16:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-11 06:50 - 2013-06-11 16:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-11 06:50 - 2013-06-11 16:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-11 06:50 - 2013-06-11 16:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-11 06:50 - 2013-06-11 16:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-11 06:50 - 2013-06-11 16:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-11 06:50 - 2013-06-11 16:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-11 06:50 - 2013-06-11 16:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-11 06:50 - 2013-06-11 16:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-11 06:50 - 2013-06-11 16:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-11 06:50 - 2013-06-11 16:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-11 06:50 - 2013-06-11 16:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-11 06:50 - 2013-06-11 15:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 06:50 - 2013-06-11 15:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-11 06:50 - 2013-06-06 20:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-11 06:50 - 2013-06-06 19:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-10 07:00 - 2013-06-04 20:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-10 07:00 - 2013-06-03 23:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-10 07:00 - 2013-06-03 21:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-10 07:00 - 2013-05-05 23:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-10 07:00 - 2013-05-05 21:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-10 07:00 - 2013-04-09 16:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-10 07:00 - 2013-04-02 15:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-09 16:48 - 2013-07-09 16:48 - 00260506 _____ C:\Users\Chris\Downloads\SSMauii Conversion XPRF Fan Quote.tiff
2013-07-07 15:16 - 2013-07-07 15:18 - 33397640 _____ (Amazon) C:\Users\Chris\Downloads\AmazonCloudPlayerInstaller332._V381017050_.exe
2013-07-06 14:45 - 2013-07-06 14:45 - 00000000 ____D C:\Users\Chris\Desktop\Old Firefox Data-1
2013-07-05 08:00 - 2013-07-05 08:00 - 00000000 _____ C:\Users\Chris\Sti_Trace.log
2013-07-03 11:46 - 2013-07-26 17:15 - 00000000 ____D C:\Users\Chris\AppData\Local\Citrix
2013-07-02 11:14 - 2013-07-26 16:46 - 00000000 ____D C:\Users\Chris\Desktop\Old Firefox Data
164

==================== One Month Modified Files and Folders =======

2013-08-01 15:20 - 2013-08-01 15:19 - 01781485 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2013-08-01 15:15 - 2013-08-01 15:15 - 00000256 _____ C:\Users\Chris\Desktop\ESET online scanner - list of threats.txt
2013-08-01 13:56 - 2013-08-01 13:56 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-01 13:43 - 2009-07-13 21:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-01 13:43 - 2009-07-13 21:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-01 13:39 - 2012-02-23 11:31 - 01953656 _____ C:\windows\WindowsUpdate.log
2013-08-01 13:29 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-01 13:29 - 2009-07-13 21:51 - 00096321 _____ C:\windows\setupact.log
2013-08-01 13:27 - 2013-08-01 13:27 - 00000862 _____ C:\AdwCleaner[s2].txt
2013-08-01 13:17 - 2013-08-01 13:17 - 00003414 _____ C:\Users\Chris\Desktop\JRT.txt
2013-08-01 13:13 - 2013-08-01 13:13 - 00000000 ____D C:\windows\ERUNT
2013-08-01 13:06 - 2013-08-01 13:06 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Chris\Desktop\JRT.exe
2013-08-01 13:01 - 2013-08-01 11:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-01 11:51 - 2013-08-01 11:51 - 00000000 ____D C:\Users\Chris\Desktop\mbar-1.06.0.1004
2013-08-01 11:49 - 2013-08-01 11:49 - 13399154 _____ C:\Users\Chris\Desktop\mbar-1.06.0.1004.zip
2013-08-01 11:44 - 2013-08-01 11:44 - 00001847 _____ C:\Users\Chris\Desktop\RKreport[0]_S_08012013_114408.txt
2013-08-01 11:44 - 2013-08-01 11:40 - 00000000 ____D C:\Users\Chris\Desktop\RK_Quarantine
2013-08-01 11:40 - 2013-08-01 11:40 - 03782656 _____ C:\Users\Chris\Desktop\RogueKillerX64.exe
2013-08-01 11:38 - 2009-07-13 22:13 - 00779266 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-01 11:34 - 2013-08-01 11:34 - 00000935 _____ C:\Users\Chris\Desktop\NTREGOPT.lnk
2013-08-01 11:34 - 2013-08-01 11:34 - 00000916 _____ C:\Users\Chris\Desktop\ERUNT.lnk
2013-08-01 11:34 - 2013-08-01 11:34 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-08-01 11:20 - 2013-08-01 11:20 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Chris\Desktop\erunt-setup.exe
2013-08-01 07:48 - 2012-03-08 12:39 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Cincinnati Fan
2013-07-31 23:42 - 2013-07-31 23:42 - 00000325 _____ C:\AdwCleaner[s1].txt
2013-07-31 23:39 - 2013-07-31 23:39 - 00666633 _____ C:\Users\Chris\Desktop\AdwCleaner.exe
2013-07-31 23:39 - 2013-07-31 23:39 - 00000811 _____ C:\AdwCleaner[R1].txt
2013-07-31 22:56 - 2013-07-31 22:56 - 00688992 _____ (Swearware) C:\Users\Chris\Desktop\dds.scr
2013-07-31 22:56 - 2013-07-31 22:56 - 00688992 _____ (Swearware) C:\Users\Chris\Desktop\dds.com
2013-07-31 22:14 - 2013-07-31 22:14 - 00021796 _____ C:\Users\Chris\Desktop\Addition.txt
2013-07-31 22:13 - 2013-07-31 22:13 - 00000000 ____D C:\FRST
2013-07-31 21:10 - 2012-03-07 17:26 - 00000000 ____D C:\Users\Chris\AppData\Local\Google
2013-07-31 21:10 - 2012-02-23 11:54 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-31 21:04 - 2013-07-31 21:04 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-07-31 21:04 - 2013-07-31 21:04 - 00000000 ____D C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
2013-07-31 21:04 - 2013-07-31 21:04 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-07-31 21:04 - 2013-07-31 21:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-31 21:04 - 2013-07-31 21:02 - 26785808 _____ (SUPERAntiSpyware) C:\Users\Chris\Desktop\SUPERAntiSpyware.exe
2013-07-31 21:04 - 2013-07-31 20:59 - 00002383 _____ C:\Users\Chris\Desktop\FSS.txt
2013-07-31 20:59 - 2013-07-31 20:58 - 00357145 _____ (Farbar) C:\Users\Chris\Downloads\FSS.exe
2013-07-31 20:43 - 2013-06-26 07:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-31 20:43 - 2012-03-08 09:17 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Mozilla
2013-07-31 19:30 - 2013-07-31 19:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-31 19:28 - 2013-07-31 19:28 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-31 19:28 - 2013-07-31 19:28 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2013-07-31 19:28 - 2013-07-31 19:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-31 17:54 - 2012-03-07 16:55 - 00000000 ____D C:\Users\Chris
2013-07-31 16:55 - 2013-07-31 16:54 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\Chris\Desktop\spybotsd-2.1.21-SR2.exe
2013-07-31 16:49 - 2013-07-31 16:48 - 00000000 ____D C:\windows\system32\MRT
2013-07-31 16:40 - 2013-07-31 16:40 - 01402880 _____ C:\Users\Chris\Desktop\HiJackThis.msi
2013-07-31 16:40 - 2013-07-31 16:40 - 00002975 _____ C:\Users\Chris\Desktop\HiJackThis.lnk
2013-07-31 16:40 - 2013-07-31 16:40 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-07-31 16:40 - 2013-07-31 16:40 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-07-31 16:32 - 2013-07-31 16:31 - 00891098 _____ C:\Users\Chris\Downloads\SecurityCheck.exe
2013-07-31 08:27 - 2013-07-31 08:27 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-30 23:06 - 2010-11-20 20:47 - 00414602 _____ C:\windows\PFRO.log
2013-07-30 21:17 - 2013-07-26 18:10 - 00007607 _____ C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
2013-07-30 18:44 - 2012-10-05 14:53 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-07-30 18:44 - 2012-03-07 17:11 - 00000000 ____D C:\Users\Chris\AppData\Local\Adobe
2013-07-30 18:44 - 2011-11-21 21:31 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-29 22:03 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\NDF
2013-07-29 21:13 - 2012-07-17 18:32 - 00000125 ___SH C:\ProgramData\.zreglib
2013-07-29 20:19 - 2012-03-07 17:02 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Toshiba
2013-07-29 16:33 - 2013-07-29 16:33 - 00000000 ____D C:\windows\pss
2013-07-29 16:14 - 2012-03-08 14:17 - 13828096 ____R C:\Users\Chris\Documents\Air Handling Equipment, Inc..QBW
2013-07-29 16:14 - 2012-03-08 14:17 - 00196608 ____R C:\Users\Chris\Documents\Air Handling Equipment, Inc..QBW.TLG
2013-07-29 16:14 - 2012-03-08 14:17 - 00000359 _____ C:\Users\Chris\Documents\Air Handling Equipment, Inc..QBW.ND
2013-07-27 07:40 - 2013-07-27 07:40 - 00000000 ____D C:\Users\Chris\Desktop\ProcessExplorer
2013-07-27 07:39 - 2013-07-27 07:39 - 01176629 _____ C:\Users\Chris\Desktop\ProcessExplorer.zip
2013-07-26 18:20 - 2012-05-11 13:01 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-07-26 17:48 - 2012-05-11 13:34 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-26 17:15 - 2013-07-03 11:46 - 00000000 ____D C:\Users\Chris\AppData\Local\Citrix
2013-07-26 17:13 - 2012-06-25 06:57 - 00000000 ____D C:\Users\Chris\AppData\Local\ATT Connect
2013-07-26 17:11 - 2012-08-22 10:50 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Amazon
2013-07-26 17:11 - 2012-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-07-26 16:49 - 2009-07-13 22:08 - 00032578 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-26 16:47 - 2013-07-18 22:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-26 16:47 - 2012-05-01 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-26 16:46 - 2013-07-02 11:14 - 00000000 ____D C:\Users\Chris\Desktop\Old Firefox Data
2013-07-26 16:46 - 2012-03-08 14:08 - 00000000 ____D C:\Users\Chris\AppData\Local\Intuit
2013-07-26 16:46 - 2012-03-08 13:23 - 00000000 ____D C:\ProgramData\FLEXnet
2013-07-26 16:46 - 2012-03-08 10:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-26 16:46 - 2012-03-08 09:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-26 16:46 - 2012-03-07 16:59 - 00000000 ___RD C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-26 16:46 - 2012-03-07 16:59 - 00000000 ___RD C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-26 16:46 - 2010-11-21 00:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-26 16:46 - 2010-11-21 00:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-26 16:46 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-26 16:46 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-26 16:46 - 2009-07-13 20:20 - 00000000 ____D C:\windows\AppCompat
2013-07-26 16:46 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-26 16:45 - 2010-11-21 00:16 - 00000000 ____D C:\windows\ShellNew
2013-07-26 16:45 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2013-07-26 16:45 - 2009-07-13 20:20 - 00000000 ____D C:\windows\L2Schemas
2013-07-26 16:43 - 2009-07-13 20:20 - 00000000 ____D C:\windows\registration
2013-07-26 15:18 - 2012-03-08 10:21 - 00001945 _____ C:\windows\epplauncher.mif
2013-07-25 07:45 - 2012-10-10 07:54 - 00000000 ____D C:\Users\Chris\Desktop\Mobile files need to be saved
2013-07-22 21:21 - 2012-05-09 15:43 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll
2013-07-22 21:21 - 2011-11-21 21:31 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2013-07-22 21:20 - 2013-07-22 21:20 - 00000000 ____D C:\ProgramData\McAfee
2013-07-22 21:19 - 2013-07-22 21:19 - 00903080 _____ (Oracle Corporation) C:\Users\Chris\Downloads\jxpiinstall(1).exe
2013-07-22 21:16 - 2011-11-21 21:31 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-21 22:57 - 2013-07-21 22:57 - 01035696 _____ (Ask.com) C:\Users\Chris\Downloads\OffercastInstaller_AVR_U-0087-01-PlateauLines-0805-01-en_.exe
2013-07-21 19:33 - 2012-03-08 12:35 - 00000000 ____D C:\Program Files (x86)\Cincinnati Fan
2013-07-21 19:09 - 2013-07-21 19:09 - 00000000 ____D C:\Users\Chris\Documents\QBBackupTemp Sun, Jul 21 2013 07 09 26 PM
2013-07-20 19:48 - 2012-03-13 20:33 - 00000000 ____D C:\Users\Chris\Documents\AHE Financial
2013-07-18 22:03 - 2013-07-18 22:03 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Malwarebytes
2013-07-18 22:03 - 2013-07-18 22:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-18 22:02 - 2013-07-18 22:02 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Chris\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-18 10:22 - 2013-07-18 10:22 - 01069944 _____ (Solid State Networks) C:\Users\Chris\Downloads\install_reader11_en_mssd_aaa_aih.exe
2013-07-17 12:04 - 2012-12-12 23:39 - 00000000 ____D C:\ProgramData\HP
2013-07-17 12:04 - 2012-12-12 23:39 - 00000000 ____D C:\Program Files (x86)\HP
2013-07-17 12:04 - 2012-12-12 23:38 - 00000000 ____D C:\Program Files\HP
2013-07-12 15:59 - 2012-03-12 13:34 - 00000000 ____D C:\Users\Chris\AppData\Local\HP
2013-07-12 15:57 - 2013-07-12 15:57 - 30360152 _____ C:\Users\Chris\Downloads\OJ4620_Basicx64_1315.exe
2013-07-12 15:57 - 2013-07-12 15:57 - 00000057 _____ C:\ProgramData\Ament.ini
2013-07-11 15:20 - 2009-07-13 21:45 - 00461088 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-11 10:38 - 2013-07-11 10:38 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2013-07-09 16:48 - 2013-07-09 16:48 - 00260506 _____ C:\Users\Chris\Downloads\SSMauii Conversion XPRF Fan Quote.tiff
2013-07-07 15:18 - 2013-07-07 15:16 - 33397640 _____ (Amazon) C:\Users\Chris\Downloads\AmazonCloudPlayerInstaller332._V381017050_.exe
2013-07-06 14:45 - 2013-07-06 14:45 - 00000000 ____D C:\Users\Chris\Desktop\Old Firefox Data-1
2013-07-05 08:00 - 2013-07-05 08:00 - 00000000 _____ C:\Users\Chris\Sti_Trace.log
2013-07-03 06:54 - 2013-07-01 07:06 - 00000000 ____D C:\Users\Chris\Desktop\Files to delete
2013-07-02 07:55 - 2013-01-05 10:16 - 00000000 ____D C:\Users\Chris\Documents\My Kindle Content

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-07-23 17:35

==================== End Of Log ============================

Link to post
Share on other sites

Step 7 - FRST Additional log

(I ran FRST last night - sorry for getting ahead of myself, log dated 2013-07-31 22:14:35)

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2013 03
Ran by Chris at 2013-07-31 22:14:35
Running from C:\Users\Chris\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

  
 TrueView 2012 (Version: 18.2.51.0)
Adobe Acrobat 8 Professional (x32 Version: 8.3.1)
Adobe Acrobat 8.3.1 - CPSID_83708 (x32)
Adobe Acrobat 8.3.1 Professional (x32 Version: 8.3.1)
Adobe AIR (x32 Version: 3.5.0.880)
Adobe Customization Wizard 8 (x32 Version: 8.0.0)
Adobe Flash Player 10 ActiveX (x32 Version: 10.3.181.34)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.02)
Amazon Kindle (x32)
AnyDVD (x32 Version: 7.0.6.0)
Brother MFL-Pro Suite MFC-J825DW (x32 Version: 1.1.6.0)
Cincinnati Fan Selector and Quote (x32 Version: 8.0.5)
CloneDVD2 (x32 Version: 2.9.3.0)
Crystal Reports Basic Runtime for Visual Studio 2008 (x32 Version: 10.5.1.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Esp32 (x32)
Fanpro (x32 Version: 3.00.0000)
HiJackThis (x32 Version: 1.0.0)
HP Deskjet 1000 J110 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1000 J110 series Help (x32 Version: 140.0.65.65)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 8.15.10.2430)
Intel® PROSet/Wireless WiFi Software (Version: 14.01.1000)
Intel® Rapid Storage Technology (x32 Version: 10.1.2.1004)
Intel® WiDi (x32 Version: 2.1.42.0)
Intel® Wireless Display
Intel® PROSet/Wireless WiMAX Software (Version: 6.05.0000)
Java Auto Updater (x32 Version: 2.1.9.5)
Java™ 6 Update 26 (x32 Version: 6.0.260)
JMicron Flash Media Controller Driver (x32 Version: 1.0.57.2)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Nuance PaperPort 12 (x32 Version: 12.1.0000)
Nuance PDF Viewer Plus (x32 Version: 5.30.3290)
OpenOffice.org 3.4 (x32 Version: 3.4.9590)
PaperPort Image Printer 64-bit (Version: 1.00.0001)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
QuickBooks (x32 Version: 19.0.4014.705)
QuickBooks Pro 2009 (x32 Version: 19.0.4014.705)
Realtek Ethernet Controller Driver (x32 Version: 7.38.113.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6305)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (x32 Version: 13.0.4.705)
Scansoft PDF Professional (x32)
SolidWorks eDrawings 2012 (x32 Version: 12.4.108)
Spybot - Search & Destroy (x32 Version: 2.1.21)
SUPERAntiSpyware (Version: 5.6.1020)
SupportSoft Assisted Service (x32 Version: 15)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
TeamViewer 7 (x32 Version: 7.0.14563)
TOSHIBA Application Installer (x32 Version: 9.0.1.2)
TOSHIBA Assist (x32 Version: 4.2.3.0)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA eco Utility (Version: 1.3.5.64)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C)
TOSHIBA Hardware Setup (x32 Version: 1.63.1.37C)
TOSHIBA HDD Protection (Version: 2.2.2.15)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.9)
TOSHIBA Media Controller (x32 Version: 1.0.87.4)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.7.5)
TOSHIBA PC Health Monitor (Version: 1.7.9.64)
TOSHIBA Quality Application (x32 Version: 1.0.4)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.5.5109a)
TOSHIBA ReelTime (Version: 1.7.21.64)
TOSHIBA ReelTime (x32 Version: 1.7.21.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.2001)
TOSHIBA Service Station (x32 Version: 2.3.0)
TOSHIBA Sleep Utility (x32 Version: 1.4.2.8)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C)
TOSHIBA Value Added Package (Version: 1.6.1.64)
TOSHIBA Value Added Package (x32 Version: 1.6.1.64)
TOSHIBA VIDEO PLAYER (x32 Version: 4.00.7.06-A)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3)
TOSHIBA Wireless Display Monitor (x32 Version: 1.0.1)
TOSHIBARegistration (x32 Version: 1.0.9)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Utility Common Driver (x32 Version: 1.0.52.3C)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WModem Driver Installer (x32 Version: 2.0.6.9)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0DF386D2-643B-46E9-8BC8-DF1D617B7D7A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe No File
Task: {37447877-A1F3-4B2E-943E-8045547CBC04} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {4BD45516-CABA-42E8-B33B-0652A90816F6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {53649796-EDCB-4F42-8CDB-C52C2CE6E51D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe No File
Task: {58DCE1B0-759E-475A-A857-93F6168ADE1E} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {7B3DDCEB-66F8-4A25-AF3C-9EC97DCE2D15} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe No File
Task: {D2D6EE34-AD78-41BA-A6CD-E4AFF5470B6F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {F9EC569E-7619-4C25-BE9B-63BBC0EFA5FF} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2013 09:57:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 09:45:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 08:19:41 PM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 930

Start Time: 01ce8e653a6c9886

Termination Time: 16300

Application Path: C:\windows\explorer.exe

Report Id: 244fdebb-fa59-11e2-898a-dc0ea147e0c4

Error: (07/31/2013 07:46:27 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12c8

Start Time: 01ce8e51a7bb2dcd

Termination Time: 16

Application Path: C:\windows\Explorer.EXE

Report Id: 627017e9-fa54-11e2-898a-dc0ea147e0c4

Error: (07/31/2013 05:17:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 02:13:03 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (07/31/2013 02:03:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 08:31:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 08:27:30 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Student 2010; Error = 0x8007043c).

Error: (07/31/2013 07:58:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (07/31/2013 09:59:18 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error:
%%1053

Error: (07/31/2013 09:59:18 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.

Error: (07/31/2013 09:57:33 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/31/2013 09:57:19 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (07/31/2013 09:54:50 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (07/31/2013 09:54:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (07/31/2013 09:54:16 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:51:35 PM on ‎7/‎31/‎2013 was unexpected.

Error: (07/31/2013 09:51:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/31/2013 09:51:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/31/2013 09:51:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (07/31/2013 09:57:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 09:45:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 08:19:41 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.1.7601.1756793001ce8e653a6c988616300C:\windows\explorer.exe244fdebb-fa59-11e2-898a-dc0ea147e0c4

Error: (07/31/2013 07:46:27 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.1756712c801ce8e51a7bb2dcd16C:\windows\Explorer.EXE627017e9-fa54-11e2-898a-dc0ea147e0c4

Error: (07/31/2013 05:17:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 02:13:03 PM) (Source: Windows Backup)(User: )
Description: G:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (07/31/2013 02:03:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 08:31:54 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 08:27:30 AM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Student 20100x8007043c

Error: (07/31/2013 07:58:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 8099.77 MB
Available physical RAM: 5285.12 MB
Total Pagefile: 16197.71 MB
Available Pagefile: 12647.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI106332W0C) (Fixed) (Total:682.11 GB) (Free:607.91 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 27058636)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=682 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=17)

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Great that has removed a lot of junk.  Let me have you run the following.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

  • Root Admin

This computer still has some really screwed up entries on it.  We'll continue to try and clean it but please make sure you have your data backed up in case of issues removing or fixing things.

 

 

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.



If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.
 
Link to post
Share on other sites

In the PC Winvids video under change parameters which boxes do you want me to check. The narrator says, "if someone on the forums is helping you, only check the options and features they tell you to check."

 

Objects to scan: System memory, Services and drivers, boot sectors, loaded modules.

Additional options: Verify file digital signatures, detect TDLFS file system

Link to post
Share on other sites

  • Root Admin

Please also run the following

 

 

Please download SystemLook (64-bit) and save it to your desktop.

Then copy and paste the following into the big open window.
 

:filefindsdnclean64.exe

Then click on the Look button.


When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
 

 

 

Link to post
Share on other sites

Sorry for the delay. When you reminded me to back-up data I remembered a photos folder I forgot to back-up. When I backed it up there was one folder that was stubborn and reacted the same way my Firefox profile folder did. I was able to back up about half the photos from that individual folder but the other half kept freezing windows explorer when it reached a particular photo in the photo, so I was unable to back-up the photo's in the numerical sequence after that. I spend some time a few different ways trying to get around that identified photo but finally gave up.

 

TDSSkiller log attached (I kept getting an error that the post was too long if I pasted it into my post)

 

 

TDSSKiller.2.8.18.0_02.08.2013_21.56.07_log.txt

Link to post
Share on other sites

  • Root Admin

Let me have you run this again

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013
Ran by Chris (administrator) on 03-08-2013 07:03:52
Running from C:\Users\Chris\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Cincinnati Fan) C:\Program Files (x86)\Cincinnati Fan\FanQuote\CinFanUpdaterService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Acresso Software Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\windows\System32\MsSpellCheckingFacility.exe
() C:\Users\Chris\Desktop\SystemLook_x64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon [x]
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [intelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM-x32\...\Run: [sVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624056 2011-08-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [DelayTSS] - C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe [2153328 2011-11-21] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Chris\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 CinFanUpdater; C:\Program Files (x86)\Cincinnati Fan\FanQuote\CinFanUpdaterService.exe [15872 2011-10-31] (Cincinnati Fan)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-05-01] (SlySoft, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-02 22:25 - 2013-08-02 22:28 - 00000432 _____ C:\Users\Chris\Desktop\SystemLook.txt
2013-08-02 22:25 - 2013-08-02 22:25 - 00165376 _____ C:\Users\Chris\Desktop\SystemLook_x64.exe
2013-08-02 19:16 - 2013-07-31 20:43 - 00000000 ____D C:\Users\Chris\Documents\zkgg0xyt.default-1373147129970
2013-08-01 23:17 - 2013-08-01 23:17 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Chris\Desktop\tdsskiller.exe
2013-08-01 22:45 - 2013-08-01 22:45 - 00019866 _____ C:\ComboFix.txt
2013-08-01 22:30 - 2011-06-25 23:45 - 00256000 _____ C:\windows\PEV.exe
2013-08-01 22:30 - 2010-11-07 10:20 - 00208896 _____ C:\windows\MBR.exe
2013-08-01 22:30 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-08-01 22:30 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-08-01 22:30 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-08-01 22:30 - 2000-08-30 17:00 - 00098816 _____ C:\windows\sed.exe
2013-08-01 22:30 - 2000-08-30 17:00 - 00080412 _____ C:\windows\grep.exe
2013-08-01 22:30 - 2000-08-30 17:00 - 00068096 _____ C:\windows\zip.exe
2013-08-01 22:24 - 2013-08-01 22:24 - 00000000 ____D C:\Users\Chris\Documents\ProcAlyzer Dumps
2013-08-01 22:18 - 2013-08-01 22:45 - 00000000 ____D C:\Qoobox
2013-08-01 22:18 - 2013-08-01 22:43 - 00000000 ____D C:\windows\erdnt
2013-08-01 22:00 - 2013-08-01 22:00 - 05097176 ____R (Swearware) C:\Users\Chris\Desktop\ComboFix.exe
2013-08-01 15:19 - 2013-08-01 15:20 - 01781485 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2013-08-01 15:15 - 2013-08-01 15:15 - 00000256 _____ C:\Users\Chris\Desktop\ESET online scanner - list of threats.txt
2013-08-01 13:27 - 2013-08-01 13:27 - 00000862 _____ C:\AdwCleaner[s2].txt
2013-08-01 13:17 - 2013-08-01 13:17 - 00003414 _____ C:\Users\Chris\Desktop\JRT.txt
2013-08-01 13:13 - 2013-08-01 13:13 - 00000000 ____D C:\windows\ERUNT
2013-08-01 13:06 - 2013-08-01 13:06 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Chris\Desktop\JRT.exe
2013-08-01 11:53 - 2013-08-01 13:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-01 11:51 - 2013-08-01 11:51 - 00000000 ____D C:\Users\Chris\Desktop\mbar-1.06.0.1004
2013-08-01 11:49 - 2013-08-01 11:49 - 13399154 _____ C:\Users\Chris\Desktop\mbar-1.06.0.1004.zip
2013-08-01 11:44 - 2013-08-01 11:44 - 00001847 _____ C:\Users\Chris\Desktop\RKreport[0]_S_08012013_114408.txt
2013-08-01 11:40 - 2013-08-01 11:44 - 00000000 ____D C:\Users\Chris\Desktop\RK_Quarantine
2013-08-01 11:40 - 2013-08-01 11:40 - 03782656 _____ C:\Users\Chris\Desktop\RogueKillerX64.exe
2013-08-01 11:34 - 2013-08-01 11:34 - 00000935 _____ C:\Users\Chris\Desktop\NTREGOPT.lnk
2013-08-01 11:34 - 2013-08-01 11:34 - 00000916 _____ C:\Users\Chris\Desktop\ERUNT.lnk
2013-08-01 11:34 - 2013-08-01 11:34 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-08-01 11:20 - 2013-08-01 11:20 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Chris\Desktop\erunt-setup.exe
2013-07-31 23:42 - 2013-07-31 23:42 - 00000325 _____ C:\AdwCleaner[s1].txt
2013-07-31 23:39 - 2013-07-31 23:39 - 00666633 _____ C:\Users\Chris\Desktop\AdwCleaner.exe
2013-07-31 23:39 - 2013-07-31 23:39 - 00000811 _____ C:\AdwCleaner[R1].txt
2013-07-31 22:56 - 2013-07-31 22:56 - 00688992 _____ (Swearware) C:\Users\Chris\Desktop\dds.scr
2013-07-31 22:56 - 2013-07-31 22:56 - 00688992 _____ (Swearware) C:\Users\Chris\Desktop\dds.com
2013-07-31 22:14 - 2013-07-31 22:14 - 00021796 _____ C:\Users\Chris\Desktop\Addition.txt
2013-07-31 22:13 - 2013-07-31 22:13 - 00000000 ____D C:\FRST
2013-07-31 21:04 - 2013-07-31 21:04 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-07-31 21:04 - 2013-07-31 21:04 - 00000000 ____D C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
2013-07-31 21:04 - 2013-07-31 21:04 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-07-31 21:04 - 2013-07-31 21:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-31 21:02 - 2013-07-31 21:04 - 26785808 _____ (SUPERAntiSpyware) C:\Users\Chris\Desktop\SUPERAntiSpyware.exe
2013-07-31 20:59 - 2013-07-31 21:04 - 00002383 _____ C:\Users\Chris\Desktop\FSS.txt
2013-07-31 20:58 - 2013-07-31 20:59 - 00357145 _____ (Farbar) C:\Users\Chris\Downloads\FSS.exe
2013-07-31 19:28 - 2013-08-01 22:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-31 19:28 - 2013-07-31 19:28 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2013-07-31 16:54 - 2013-07-31 16:55 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\Chris\Desktop\spybotsd-2.1.21-SR2.exe
2013-07-31 16:48 - 2013-07-31 16:49 - 00000000 ____D C:\windows\system32\MRT
2013-07-31 16:40 - 2013-07-31 16:40 - 01402880 _____ C:\Users\Chris\Desktop\HiJackThis.msi
2013-07-31 16:40 - 2013-07-31 16:40 - 00002975 _____ C:\Users\Chris\Desktop\HiJackThis.lnk
2013-07-31 16:40 - 2013-07-31 16:40 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-07-31 16:40 - 2013-07-31 16:40 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-07-31 16:31 - 2013-07-31 16:32 - 00891098 _____ C:\Users\Chris\Downloads\SecurityCheck.exe
2013-07-31 08:27 - 2013-07-31 08:27 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-29 16:33 - 2013-07-29 16:33 - 00000000 ____D C:\windows\pss
2013-07-27 07:40 - 2013-07-27 07:40 - 00000000 ____D C:\Users\Chris\Desktop\ProcessExplorer
2013-07-27 07:39 - 2013-07-27 07:39 - 01176629 _____ C:\Users\Chris\Desktop\ProcessExplorer.zip
2013-07-27 07:04 - 2013-06-24 00:57 - 78277128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-26 18:10 - 2013-07-30 21:17 - 00007607 _____ C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
2013-07-22 21:21 - 2012-05-11 13:34 - 00157472 _____ (Sun Microsystems, Inc.) C:\windows\SysWOW64\javaws.exe
2013-07-22 21:21 - 2012-05-11 13:34 - 00145184 _____ (Sun Microsystems, Inc.) C:\windows\SysWOW64\javaw.exe
2013-07-22 21:21 - 2012-05-11 13:34 - 00145184 _____ (Sun Microsystems, Inc.) C:\windows\SysWOW64\java.exe
2013-07-22 21:20 - 2013-07-22 21:20 - 00000000 ____D C:\ProgramData\McAfee
2013-07-22 21:19 - 2013-07-22 21:19 - 00903080 _____ (Oracle Corporation) C:\Users\Chris\Downloads\jxpiinstall(1).exe
2013-07-21 22:57 - 2013-07-21 22:57 - 01035696 _____ (Ask.com) C:\Users\Chris\Downloads\OffercastInstaller_AVR_U-0087-01-PlateauLines-0805-01-en_.exe
2013-07-21 19:09 - 2013-07-21 19:09 - 00000000 ____D C:\Users\Chris\Documents\QBBackupTemp Sun, Jul 21 2013 07 09 26 PM
2013-07-18 22:03 - 2013-07-18 22:03 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Malwarebytes
2013-07-18 22:03 - 2013-07-18 22:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-18 22:02 - 2013-07-26 16:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-18 22:02 - 2013-07-18 22:02 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Chris\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-18 22:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-07-18 10:22 - 2013-07-18 10:22 - 01069944 _____ (Solid State Networks) C:\Users\Chris\Downloads\install_reader11_en_mssd_aaa_aih.exe
2013-07-12 15:57 - 2013-07-12 15:57 - 30360152 _____ C:\Users\Chris\Downloads\OJ4620_Basicx64_1315.exe
2013-07-12 15:57 - 2013-07-12 15:57 - 00000057 _____ C:\ProgramData\Ament.ini
2013-07-11 10:38 - 2013-07-11 10:38 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2013-07-11 06:50 - 2013-06-11 16:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-11 06:50 - 2013-06-11 16:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-11 06:50 - 2013-06-11 16:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-11 06:50 - 2013-06-11 16:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-11 06:50 - 2013-06-11 16:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-11 06:50 - 2013-06-11 16:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-11 06:50 - 2013-06-11 16:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-11 06:50 - 2013-06-11 16:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-11 06:50 - 2013-06-11 16:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-11 06:50 - 2013-06-11 16:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-11 06:50 - 2013-06-11 16:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-11 06:50 - 2013-06-11 16:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-11 06:50 - 2013-06-11 16:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-11 06:50 - 2013-06-11 16:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-11 06:50 - 2013-06-11 16:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-11 06:50 - 2013-06-11 16:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-11 06:50 - 2013-06-11 16:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-11 06:50 - 2013-06-11 16:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-11 06:50 - 2013-06-11 15:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 06:50 - 2013-06-11 15:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-11 06:50 - 2013-06-06 20:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-11 06:50 - 2013-06-06 19:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-10 07:00 - 2013-06-04 20:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-10 07:00 - 2013-06-03 23:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-10 07:00 - 2013-06-03 21:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-10 07:00 - 2013-05-05 23:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-10 07:00 - 2013-05-05 21:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-10 07:00 - 2013-04-09 16:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-10 07:00 - 2013-04-02 15:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-09 16:48 - 2013-07-09 16:48 - 00260506 _____ C:\Users\Chris\Downloads\SSMauii Conversion XPRF Fan Quote.tiff
2013-07-07 15:16 - 2013-07-07 15:18 - 33397640 _____ (Amazon) C:\Users\Chris\Downloads\AmazonCloudPlayerInstaller332._V381017050_.exe
2013-07-06 14:45 - 2013-07-06 14:45 - 00000000 ____D C:\Users\Chris\Desktop\Old Firefox Data-1
2013-07-05 08:00 - 2013-07-05 08:00 - 00000000 _____ C:\Users\Chris\Sti_Trace.log
183

==================== One Month Modified Files and Folders =======

2013-08-02 22:48 - 2012-02-23 11:31 - 01242088 _____ C:\windows\WindowsUpdate.log
2013-08-02 22:28 - 2013-08-02 22:25 - 00000432 _____ C:\Users\Chris\Desktop\SystemLook.txt
2013-08-02 22:25 - 2013-08-02 22:25 - 00165376 _____ C:\Users\Chris\Desktop\SystemLook_x64.exe
2013-08-02 22:03 - 2009-07-13 21:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-02 22:03 - 2009-07-13 21:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-02 21:59 - 2009-07-13 22:13 - 00779266 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-02 21:54 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-02 21:54 - 2009-07-13 21:51 - 00096601 _____ C:\windows\setupact.log
2013-08-02 18:35 - 2012-03-08 12:39 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Cincinnati Fan
2013-08-02 18:21 - 2013-02-13 12:59 - 00011264 ___SH C:\Users\Chris\Documents\Thumbs.db
2013-08-02 18:17 - 2012-12-12 13:47 - 00000000 ____D C:\Users\Chris\Documents\Solberg
2013-08-02 17:00 - 2012-03-08 14:17 - 14225408 _____ C:\Users\Chris\Documents\Air Handling Equipment, Inc..QBW
2013-08-02 16:41 - 2012-03-08 14:17 - 00196608 _____ C:\Users\Chris\Documents\Air Handling Equipment, Inc..QBW.TLG
2013-08-02 10:40 - 2012-03-08 14:17 - 00000391 _____ C:\Users\Chris\Documents\Air Handling Equipment, Inc..QBW.ND
2013-08-02 09:33 - 2010-11-20 20:47 - 00417558 _____ C:\windows\PFRO.log
2013-08-01 23:17 - 2013-08-01 23:17 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Chris\Desktop\tdsskiller.exe
2013-08-01 22:45 - 2013-08-01 22:45 - 00019866 _____ C:\ComboFix.txt
2013-08-01 22:45 - 2013-08-01 22:18 - 00000000 ____D C:\Qoobox
2013-08-01 22:43 - 2013-08-01 22:18 - 00000000 ____D C:\windows\erdnt
2013-08-01 22:43 - 2009-07-13 19:34 - 00000215 _____ C:\windows\system.ini
2013-08-01 22:41 - 2012-03-07 16:55 - 00000000 ____D C:\Users\Chris
2013-08-01 22:28 - 2013-07-31 19:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-01 22:24 - 2013-08-01 22:24 - 00000000 ____D C:\Users\Chris\Documents\ProcAlyzer Dumps
2013-08-01 22:00 - 2013-08-01 22:00 - 05097176 ____R (Swearware) C:\Users\Chris\Desktop\ComboFix.exe
2013-08-01 15:20 - 2013-08-01 15:19 - 01781485 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2013-08-01 15:15 - 2013-08-01 15:15 - 00000256 _____ C:\Users\Chris\Desktop\ESET online scanner - list of threats.txt
2013-08-01 13:27 - 2013-08-01 13:27 - 00000862 _____ C:\AdwCleaner[s2].txt
2013-08-01 13:17 - 2013-08-01 13:17 - 00003414 _____ C:\Users\Chris\Desktop\JRT.txt
2013-08-01 13:13 - 2013-08-01 13:13 - 00000000 ____D C:\windows\ERUNT
2013-08-01 13:06 - 2013-08-01 13:06 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Chris\Desktop\JRT.exe
2013-08-01 13:01 - 2013-08-01 11:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-01 11:51 - 2013-08-01 11:51 - 00000000 ____D C:\Users\Chris\Desktop\mbar-1.06.0.1004
2013-08-01 11:49 - 2013-08-01 11:49 - 13399154 _____ C:\Users\Chris\Desktop\mbar-1.06.0.1004.zip
2013-08-01 11:44 - 2013-08-01 11:44 - 00001847 _____ C:\Users\Chris\Desktop\RKreport[0]_S_08012013_114408.txt
2013-08-01 11:44 - 2013-08-01 11:40 - 00000000 ____D C:\Users\Chris\Desktop\RK_Quarantine
2013-08-01 11:40 - 2013-08-01 11:40 - 03782656 _____ C:\Users\Chris\Desktop\RogueKillerX64.exe
2013-08-01 11:34 - 2013-08-01 11:34 - 00000935 _____ C:\Users\Chris\Desktop\NTREGOPT.lnk
2013-08-01 11:34 - 2013-08-01 11:34 - 00000916 _____ C:\Users\Chris\Desktop\ERUNT.lnk
2013-08-01 11:34 - 2013-08-01 11:34 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-08-01 11:20 - 2013-08-01 11:20 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Chris\Desktop\erunt-setup.exe
2013-07-31 23:42 - 2013-07-31 23:42 - 00000325 _____ C:\AdwCleaner[s1].txt
2013-07-31 23:39 - 2013-07-31 23:39 - 00666633 _____ C:\Users\Chris\Desktop\AdwCleaner.exe
2013-07-31 23:39 - 2013-07-31 23:39 - 00000811 _____ C:\AdwCleaner[R1].txt
2013-07-31 22:56 - 2013-07-31 22:56 - 00688992 _____ (Swearware) C:\Users\Chris\Desktop\dds.scr
2013-07-31 22:56 - 2013-07-31 22:56 - 00688992 _____ (Swearware) C:\Users\Chris\Desktop\dds.com
2013-07-31 22:14 - 2013-07-31 22:14 - 00021796 _____ C:\Users\Chris\Desktop\Addition.txt
2013-07-31 22:13 - 2013-07-31 22:13 - 00000000 ____D C:\FRST
2013-07-31 21:10 - 2012-03-07 17:26 - 00000000 ____D C:\Users\Chris\AppData\Local\Google
2013-07-31 21:10 - 2012-02-23 11:54 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-31 21:04 - 2013-07-31 21:04 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-07-31 21:04 - 2013-07-31 21:04 - 00000000 ____D C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
2013-07-31 21:04 - 2013-07-31 21:04 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-07-31 21:04 - 2013-07-31 21:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-31 21:04 - 2013-07-31 21:02 - 26785808 _____ (SUPERAntiSpyware) C:\Users\Chris\Desktop\SUPERAntiSpyware.exe
2013-07-31 21:04 - 2013-07-31 20:59 - 00002383 _____ C:\Users\Chris\Desktop\FSS.txt
2013-07-31 20:59 - 2013-07-31 20:58 - 00357145 _____ (Farbar) C:\Users\Chris\Downloads\FSS.exe
2013-07-31 20:43 - 2013-08-02 19:16 - 00000000 ____D C:\Users\Chris\Documents\zkgg0xyt.default-1373147129970
2013-07-31 20:43 - 2013-06-26 07:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-31 20:43 - 2012-03-08 09:17 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Mozilla
2013-07-31 19:28 - 2013-07-31 19:28 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2013-07-31 16:55 - 2013-07-31 16:54 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\Chris\Desktop\spybotsd-2.1.21-SR2.exe
2013-07-31 16:49 - 2013-07-31 16:48 - 00000000 ____D C:\windows\system32\MRT
2013-07-31 16:40 - 2013-07-31 16:40 - 01402880 _____ C:\Users\Chris\Desktop\HiJackThis.msi
2013-07-31 16:40 - 2013-07-31 16:40 - 00002975 _____ C:\Users\Chris\Desktop\HiJackThis.lnk
2013-07-31 16:40 - 2013-07-31 16:40 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-07-31 16:40 - 2013-07-31 16:40 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-07-31 16:32 - 2013-07-31 16:31 - 00891098 _____ C:\Users\Chris\Downloads\SecurityCheck.exe
2013-07-31 08:27 - 2013-07-31 08:27 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-30 21:17 - 2013-07-26 18:10 - 00007607 _____ C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
2013-07-30 18:44 - 2012-10-05 14:53 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-07-30 18:44 - 2012-03-07 17:11 - 00000000 ____D C:\Users\Chris\AppData\Local\Adobe
2013-07-30 18:44 - 2011-11-21 21:31 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-29 22:03 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\NDF
2013-07-29 21:13 - 2012-07-17 18:32 - 00000125 ___SH C:\ProgramData\.zreglib
2013-07-29 20:19 - 2012-03-07 17:02 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Toshiba
2013-07-29 16:33 - 2013-07-29 16:33 - 00000000 ____D C:\windows\pss
2013-07-27 07:40 - 2013-07-27 07:40 - 00000000 ____D C:\Users\Chris\Desktop\ProcessExplorer
2013-07-27 07:39 - 2013-07-27 07:39 - 01176629 _____ C:\Users\Chris\Desktop\ProcessExplorer.zip
2013-07-26 18:20 - 2012-05-11 13:01 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-07-26 17:48 - 2012-05-11 13:34 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-26 17:15 - 2013-07-03 11:46 - 00000000 ____D C:\Users\Chris\AppData\Local\Citrix
2013-07-26 17:13 - 2012-06-25 06:57 - 00000000 ____D C:\Users\Chris\AppData\Local\ATT Connect
2013-07-26 17:11 - 2012-08-22 10:50 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Amazon
2013-07-26 17:11 - 2012-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-07-26 16:49 - 2009-07-13 22:08 - 00032578 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-26 16:47 - 2013-07-18 22:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-26 16:47 - 2012-05-01 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-26 16:46 - 2013-07-02 11:14 - 00000000 ____D C:\Users\Chris\Desktop\Old Firefox Data
2013-07-26 16:46 - 2012-03-08 14:08 - 00000000 ____D C:\Users\Chris\AppData\Local\Intuit
2013-07-26 16:46 - 2012-03-08 13:23 - 00000000 ____D C:\ProgramData\FLEXnet
2013-07-26 16:46 - 2012-03-08 10:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-26 16:46 - 2012-03-08 09:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-26 16:46 - 2012-03-07 16:59 - 00000000 ___RD C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-26 16:46 - 2012-03-07 16:59 - 00000000 ___RD C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-26 16:46 - 2010-11-21 00:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-26 16:46 - 2010-11-21 00:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-26 16:46 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-26 16:46 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-26 16:46 - 2009-07-13 20:20 - 00000000 ____D C:\windows\AppCompat
2013-07-26 16:46 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-26 16:45 - 2010-11-21 00:16 - 00000000 ____D C:\windows\ShellNew
2013-07-26 16:45 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2013-07-26 16:45 - 2009-07-13 20:20 - 00000000 ____D C:\windows\L2Schemas
2013-07-26 16:43 - 2009-07-13 20:20 - 00000000 ____D C:\windows\registration
2013-07-26 15:18 - 2012-03-08 10:21 - 00001945 _____ C:\windows\epplauncher.mif
2013-07-25 07:45 - 2012-10-10 07:54 - 00000000 ____D C:\Users\Chris\Desktop\Mobile files need to be saved
2013-07-22 21:21 - 2012-05-09 15:43 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll
2013-07-22 21:21 - 2011-11-21 21:31 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2013-07-22 21:20 - 2013-07-22 21:20 - 00000000 ____D C:\ProgramData\McAfee
2013-07-22 21:19 - 2013-07-22 21:19 - 00903080 _____ (Oracle Corporation) C:\Users\Chris\Downloads\jxpiinstall(1).exe
2013-07-22 21:16 - 2011-11-21 21:31 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-21 22:57 - 2013-07-21 22:57 - 01035696 _____ (Ask.com) C:\Users\Chris\Downloads\OffercastInstaller_AVR_U-0087-01-PlateauLines-0805-01-en_.exe
2013-07-21 19:33 - 2012-03-08 12:35 - 00000000 ____D C:\Program Files (x86)\Cincinnati Fan
2013-07-21 19:09 - 2013-07-21 19:09 - 00000000 ____D C:\Users\Chris\Documents\QBBackupTemp Sun, Jul 21 2013 07 09 26 PM
2013-07-20 19:48 - 2012-03-13 20:33 - 00000000 ____D C:\Users\Chris\Documents\AHE Financial
2013-07-18 22:03 - 2013-07-18 22:03 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Malwarebytes
2013-07-18 22:03 - 2013-07-18 22:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-18 22:02 - 2013-07-18 22:02 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Chris\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-18 10:22 - 2013-07-18 10:22 - 01069944 _____ (Solid State Networks) C:\Users\Chris\Downloads\install_reader11_en_mssd_aaa_aih.exe
2013-07-17 12:04 - 2012-12-12 23:39 - 00000000 ____D C:\ProgramData\HP
2013-07-17 12:04 - 2012-12-12 23:39 - 00000000 ____D C:\Program Files (x86)\HP
2013-07-17 12:04 - 2012-12-12 23:38 - 00000000 ____D C:\Program Files\HP
2013-07-12 15:59 - 2012-03-12 13:34 - 00000000 ____D C:\Users\Chris\AppData\Local\HP
2013-07-12 15:57 - 2013-07-12 15:57 - 30360152 _____ C:\Users\Chris\Downloads\OJ4620_Basicx64_1315.exe
2013-07-12 15:57 - 2013-07-12 15:57 - 00000057 _____ C:\ProgramData\Ament.ini
2013-07-11 15:20 - 2009-07-13 21:45 - 00461088 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-11 10:38 - 2013-07-11 10:38 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2013-07-09 16:48 - 2013-07-09 16:48 - 00260506 _____ C:\Users\Chris\Downloads\SSMauii Conversion XPRF Fan Quote.tiff
2013-07-07 15:18 - 2013-07-07 15:16 - 33397640 _____ (Amazon) C:\Users\Chris\Downloads\AmazonCloudPlayerInstaller332._V381017050_.exe
2013-07-06 14:45 - 2013-07-06 14:45 - 00000000 ____D C:\Users\Chris\Desktop\Old Firefox Data-1
2013-07-05 08:00 - 2013-07-05 08:00 - 00000000 _____ C:\Users\Chris\Sti_Trace.log

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-07-23 17:35

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.