Jump to content

Recommended Posts

I tried to help remove some malware off a friend's computer. I downloaded a couple of scanners and was able to identify that there was a trojan (Zekos) on the computer. I thought that if I replaced the rpcss.dll file with a clean one the problem would go away. The constant attack pop-ups from Norton Anti-Virus have stopped and the computer does not shutdown after 10 minutes anymore. To be sure I ran all of my scanners again to try and see if there were any remnants of malware left on the computer. Of the ones I've used, (Hitman Pro, Adwcleaner, JRT, RogueKiller, and TDSSKiller) Malwarebytes is the only one unable to finish a complete scan.

 

Malwarebytes seems to get stuck on

 

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat

 

and another file. I forget the name of the file, but I am unable to see it or find a pathway to it. I know it comes up in another set of hidden, hidden (I already checked to find hidden folder with file options, no luck) folders that come up after this pathway.

 

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Microsoft

 

I dont know the rest after the invisible "Microsoft" folder. Around 1 hour in and the programs scanning seems to halt, despite the UI still being active. Canceling/pausing the scan just doesn't do a thing. Lastly, I don't want exclude the folder from the scan, in case their is more malware hiding.

 

So, can anyone help me out?

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin....

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014

Ran by Thomas (administrator) on MORRISON-PC on 11-07-2014 20:06:30
Running from C:\Users\Thomas\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe
( ) C:\Windows\System32\lxducoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Policies\system: [LogonHoursAction] 2
HKU\.DEFAULT\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-655699869-1434057433-2690572627-1006\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-655699869-1434057433-2690572627-1006\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-sgm&type=20140326,140
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-sgm&type=20140326,140
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = 
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-11]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-03-24]
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-11]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-11]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-11]
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-11]
CHR Extension: (Norton Identity Protection) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-07-11]
CHR Extension: (Google Wallet) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-11]
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\Exts\Chrome.crx [2014-06-06]
 
==================== Services (Whitelisted) =================
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-20] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 lxduCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
R2 lxdu_device; C:\windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 lxdu_device; C:\windows\SysWOW64\lxducoms.exe [589824 2009-10-16] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [265040 2014-05-23] (Symantec Corporation)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe [123320 2014-03-18] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [126392 2011-11-30] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50464 2014-06-02] (AVG Technologies)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140710.002\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140710.024\ENG64.SYS [126040 2014-03-24] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140710.024\EX64.SYS [2099288 2014-03-24] (Symantec Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2011-12-22] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-11 20:06 - 2014-07-11 20:07 - 00016428 _____ () C:\Users\Thomas\Desktop\FRST.txt
2014-07-11 20:06 - 2014-07-11 20:06 - 00000000 ____D () C:\FRST
2014-07-11 20:05 - 2014-07-11 01:43 - 02084864 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2014-07-11 16:46 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-07-11 16:46 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-07-11 13:31 - 2014-07-11 13:40 - 00002360 _____ () C:\Users\Thomas\Desktop\Rkill.txt
2014-07-11 13:16 - 2014-07-11 13:16 - 00060352 _____ () C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-11 11:56 - 2014-07-11 20:04 - 00000224 _____ () C:\windows\setupact.log
2014-07-11 11:56 - 2014-07-11 11:56 - 00272432 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 11:56 - 2014-07-11 11:56 - 00000000 _____ () C:\windows\setuperr.log
2014-07-11 03:03 - 2014-07-11 03:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-11 03:03 - 2014-07-11 03:02 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-07-11 03:02 - 2014-07-11 03:02 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-07-11 03:02 - 2014-07-11 03:02 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-07-11 03:02 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 03:02 - 2014-07-11 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-11 03:02 - 2014-07-11 03:02 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-11 03:01 - 2014-07-11 03:01 - 00918952 _____ (Oracle Corporation) C:\Users\Thomas\Downloads\chromeinstall-7u60.exe
2014-07-11 02:45 - 2014-07-11 02:45 - 01348263 _____ () C:\Users\Thomas\Downloads\adwcleaner_3.215.exe
2014-07-11 00:25 - 2014-07-11 00:25 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-07-11 00:25 - 2014-07-11 00:25 - 00000000 ____D () C:\Users\Thomas\AppData\Local\VS Revo Group
2014-07-11 00:25 - 2014-07-11 00:25 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-07-11 00:25 - 2014-07-11 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-07-11 00:25 - 2014-07-11 00:25 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-07-11 00:25 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2014-07-11 00:23 - 2014-07-11 00:23 - 10619688 _____ (VS Revo Group ) C:\Users\Thomas\Downloads\RevoUninProSetup.exe
2014-07-10 19:32 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-07-10 19:32 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-10 19:32 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-10 19:32 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-07-10 19:32 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-07-10 19:32 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-07-10 19:32 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-07-10 19:32 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-07-10 19:32 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-07-10 19:32 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-07-10 19:32 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-07-10 19:32 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-07-10 19:32 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-07-10 19:32 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-07-10 19:32 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-07-10 19:32 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-07-10 19:27 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-07-10 19:27 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-07-10 19:18 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-10 19:18 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-10 19:17 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-10 19:17 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-10 19:17 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-10 19:17 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-10 19:17 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-10 19:17 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-10 19:17 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-10 19:17 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-10 19:17 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-10 19:17 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-10 19:17 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-10 19:17 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-10 19:17 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-10 19:17 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-10 19:17 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-10 19:17 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-10 19:17 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-10 19:17 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-10 19:17 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-10 19:17 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 19:17 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-10 19:17 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-10 19:17 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-10 19:17 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-10 19:17 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-10 19:17 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-10 19:17 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-10 19:17 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-10 19:17 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-10 19:17 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-10 19:17 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-10 19:17 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-10 19:17 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-10 19:17 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-10 19:17 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-10 19:17 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-10 19:17 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-10 19:17 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-10 19:17 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-10 19:17 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-10 19:17 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 19:17 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-10 19:17 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-10 19:17 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-10 19:17 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-10 19:17 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-10 19:17 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-10 19:17 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-10 19:17 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-10 19:17 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-10 19:17 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-10 19:17 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-10 19:17 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-10 19:17 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-10 19:17 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-10 19:17 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-10 19:17 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-10 19:17 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-10 19:17 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-10 19:17 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-10 19:17 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-10 19:17 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-10 19:17 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-10 19:17 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-10 19:17 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-10 19:17 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-10 19:17 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-10 19:17 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-10 19:17 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-10 19:17 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-10 19:17 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-10 19:17 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-10 19:17 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-10 19:17 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-10 19:17 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-10 19:17 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-10 19:17 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-10 19:17 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-10 19:17 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-10 19:04 - 2014-07-10 19:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-10 19:04 - 2014-07-10 19:04 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-07-10 19:04 - 2014-07-10 19:04 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-10 19:04 - 2014-07-10 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-10 15:28 - 2014-07-10 15:28 - 00002762 _____ () C:\windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-07-08 23:25 - 2014-07-08 23:25 - 00000992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2014-07-08 23:25 - 2014-07-08 23:25 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\WinRAR
2014-07-08 23:25 - 2014-07-08 23:25 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 23:25 - 2014-07-08 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 23:25 - 2014-07-08 23:25 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-08 13:14 - 2014-07-11 01:53 - 00029696 _____ () C:\windows\SysWOW64\Drivers\TrueSight.sys
2014-07-08 11:47 - 2014-07-08 11:47 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Desktop\rkill.exe
2014-07-07 22:52 - 2014-07-10 15:59 - 00000000 ____D () C:\windows\Minidump
2014-07-07 21:15 - 2014-07-07 21:15 - 00000000 ____D () C:\windows\ERUNT
2014-07-07 20:52 - 2014-07-11 02:46 - 00000000 ____D () C:\AdwCleaner
2014-07-07 20:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-07-07 19:45 - 2014-07-11 01:55 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-07-06 15:28 - 2014-07-06 15:28 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-06 15:15 - 2014-07-06 15:15 - 00052340 _____ () C:\windows\system32\.crusader
2014-07-06 15:08 - 2014-07-11 02:06 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-06 14:32 - 2014-07-11 20:05 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-06 14:32 - 2014-07-10 20:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-06 14:32 - 2014-07-06 14:32 - 00001073 _____ () C:\Users\Thomas\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-06 14:32 - 2014-07-06 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-06 14:32 - 2014-07-06 14:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-06 14:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-06 14:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-06 14:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-06 14:31 - 2014-07-06 14:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-06 14:09 - 2014-07-06 14:10 - 00000000 ____D () C:\Users\Thomas\AppData\Local\NPE
2014-07-05 22:07 - 2014-07-05 22:07 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-05 21:31 - 2014-07-05 21:31 - 00003224 ____N () C:\bootsqm.dat
2014-07-05 19:46 - 2014-07-05 19:46 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieUserList
2014-07-05 19:46 - 2014-07-05 19:46 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieSiteList
2014-07-05 19:35 - 2014-07-05 19:35 - 00321220 ____S () C:\windows\system32\eiqn.vzk
2014-07-03 23:03 - 2014-06-27 14:50 - 00464160 _____ (Sendori) C:\windows\system32\plsapp64.dll
2014-07-03 22:59 - 2014-07-05 21:49 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DVDVideoSoft
2014-06-22 02:04 - 2014-06-22 02:04 - 00001424 _____ () C:\Users\Public\Desktop\Norton Security Scan.LNK
2014-06-22 02:04 - 2014-06-22 02:04 - 00000000 ____D () C:\windows\system32\Drivers\NSSx64
2014-06-22 02:04 - 2014-06-22 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2014-06-22 02:04 - 2014-06-22 02:04 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan
2014-06-14 08:55 - 2014-03-22 22:09 - 00029496 _____ (AVG) C:\windows\system32\authuitu.dll
2014-06-14 08:55 - 2014-03-22 22:09 - 00025400 _____ (AVG) C:\windows\SysWOW64\authuitu.dll
2014-06-14 08:54 - 2014-06-14 08:54 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\AVG
2014-06-14 08:54 - 2014-06-14 08:54 - 00000000 ____D () C:\Users\Thomas\AppData\Local\AVG
2014-06-14 08:53 - 2014-06-26 00:13 - 00000000 ____D () C:\ProgramData\AVG
2014-06-14 08:53 - 2014-06-14 08:53 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-06-14 08:52 - 2014-06-14 08:52 - 00002011 _____ () C:\Users\Thomas\Desktop\FL Studio 11.lnk
2014-06-14 08:52 - 2014-06-14 08:52 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\FlowStone
2014-06-14 08:52 - 2014-06-14 08:52 - 00000000 ____D () C:\Program Files\Image-Line
2014-06-14 08:52 - 2014-06-14 08:52 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2014-06-14 08:38 - 2014-06-14 08:47 - 314810096 _____ (Image-Line) C:\Users\Thomas\Downloads\flstudio_11.0.4.exe
2014-06-13 17:06 - 2014-06-13 17:06 - 00000000 ____D () C:\windows\System32\Tasks\Norton Security Suite
2014-06-13 17:01 - 2014-06-13 17:01 - 00003228 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-06-12 18:07 - 2014-06-22 01:35 - 00000000 ____D () C:\Program Files (x86)\Spotydl
2014-06-12 18:07 - 2014-06-12 18:09 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Spotydl
2014-06-12 18:07 - 2014-06-12 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotydl
2014-06-12 18:06 - 2014-06-12 18:06 - 28675667 _____ (spotydl.com ) C:\Users\Thomas\Downloads\spotydl_setup (1).exe
2014-06-12 17:09 - 2014-07-08 11:26 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Spotify
2014-06-12 17:08 - 2014-06-12 17:08 - 00001824 _____ () C:\Users\Thomas\Desktop\Spotify.lnk
2014-06-12 17:08 - 2014-06-12 17:08 - 00001810 _____ () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-06-12 17:07 - 2014-07-08 11:26 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Spotify
2014-06-12 17:06 - 2014-06-12 17:06 - 00126112 _____ (Spotify Ltd) C:\Users\Thomas\Downloads\SpotifySetup.exe
 
==================== One Month Modified Files and Folders =======
 
2014-07-11 20:07 - 2014-07-11 20:06 - 00016428 _____ () C:\Users\Thomas\Desktop\FRST.txt
2014-07-11 20:06 - 2014-07-11 20:06 - 00000000 ____D () C:\FRST
2014-07-11 20:05 - 2014-07-06 14:32 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 20:04 - 2014-07-11 11:56 - 00000224 _____ () C:\windows\setupact.log
2014-07-11 20:04 - 2012-09-27 20:35 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-11 20:04 - 2012-08-25 16:03 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-07-11 20:04 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-11 16:59 - 2012-08-25 15:58 - 01335424 _____ () C:\windows\WindowsUpdate.log
2014-07-11 16:04 - 2012-08-25 17:04 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-11 16:00 - 2012-09-27 20:35 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-11 15:26 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-11 15:26 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-11 14:34 - 2012-08-25 16:03 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-07-11 13:40 - 2014-07-11 13:31 - 00002360 _____ () C:\Users\Thomas\Desktop\Rkill.txt
2014-07-11 13:16 - 2014-07-11 13:16 - 00060352 _____ () C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-11 11:56 - 2014-07-11 11:56 - 00272432 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 11:56 - 2014-07-11 11:56 - 00000000 _____ () C:\windows\setuperr.log
2014-07-11 03:03 - 2014-07-11 03:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-11 03:02 - 2014-07-11 03:03 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-07-11 03:02 - 2014-07-11 03:02 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-07-11 03:02 - 2014-07-11 03:02 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-07-11 03:02 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 03:02 - 2014-07-11 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-11 03:02 - 2014-07-11 03:02 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-11 03:01 - 2014-07-11 03:01 - 00918952 _____ (Oracle Corporation) C:\Users\Thomas\Downloads\chromeinstall-7u60.exe
2014-07-11 02:46 - 2014-07-07 20:52 - 00000000 ____D () C:\AdwCleaner
2014-07-11 02:45 - 2014-07-11 02:45 - 01348263 _____ () C:\Users\Thomas\Downloads\adwcleaner_3.215.exe
2014-07-11 02:06 - 2014-07-06 15:08 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-11 01:55 - 2014-07-07 19:45 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-07-11 01:53 - 2014-07-08 13:14 - 00029696 _____ () C:\windows\SysWOW64\Drivers\TrueSight.sys
2014-07-11 01:43 - 2014-07-11 20:05 - 02084864 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2014-07-11 00:25 - 2014-07-11 00:25 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-07-11 00:25 - 2014-07-11 00:25 - 00000000 ____D () C:\Users\Thomas\AppData\Local\VS Revo Group
2014-07-11 00:25 - 2014-07-11 00:25 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-07-11 00:25 - 2014-07-11 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-07-11 00:25 - 2014-07-11 00:25 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-07-11 00:23 - 2014-07-11 00:23 - 10619688 _____ (VS Revo Group ) C:\Users\Thomas\Downloads\RevoUninProSetup.exe
2014-07-10 20:34 - 2014-07-06 14:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-10 19:34 - 2014-05-09 03:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-10 19:34 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 19:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-10 19:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-10 19:31 - 2013-08-15 12:59 - 00000000 ____D () C:\windows\system32\MRT
2014-07-10 19:29 - 2012-08-25 19:00 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-10 19:17 - 2012-03-22 17:32 - 00000000 ____D () C:\windows\Panther
2014-07-10 19:16 - 2012-09-03 15:42 - 00000000 ____D () C:\Users\Thomas\AppData\Local\CrashDumps
2014-07-10 19:05 - 2014-07-10 19:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-10 19:04 - 2014-07-10 19:04 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-07-10 19:04 - 2014-07-10 19:04 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-10 19:04 - 2014-07-10 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-10 15:59 - 2014-07-07 22:52 - 00000000 ____D () C:\windows\Minidump
2014-07-10 15:41 - 2012-08-25 16:45 - 00000000 ____D () C:\Program Files\Google
2014-07-10 15:40 - 2012-08-26 20:16 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\SoftGrid Client
2014-07-10 15:40 - 2012-08-25 16:44 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-10 15:28 - 2014-07-10 15:28 - 00002762 _____ () C:\windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-07-10 15:23 - 2012-08-30 18:21 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Google
2014-07-10 14:30 - 2009-07-14 01:13 - 00784248 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-09 22:04 - 2012-08-25 17:04 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 22:04 - 2012-08-25 17:04 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 22:04 - 2012-03-22 17:34 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 23:25 - 2014-07-08 23:25 - 00000992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2014-07-08 23:25 - 2014-07-08 23:25 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\WinRAR
2014-07-08 23:25 - 2014-07-08 23:25 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 23:25 - 2014-07-08 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 23:25 - 2014-07-08 23:25 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-08 22:59 - 2014-05-31 11:37 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Audacity
2014-07-08 11:52 - 2009-07-14 01:08 - 00032542 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-07-08 11:47 - 2014-07-08 11:47 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Desktop\rkill.exe
2014-07-08 11:26 - 2014-06-12 17:09 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Spotify
2014-07-08 11:26 - 2014-06-12 17:07 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Spotify
2014-07-07 21:15 - 2014-07-07 21:15 - 00000000 ____D () C:\windows\ERUNT
2014-07-07 20:54 - 2012-08-25 22:50 - 00000000 ____D () C:\Users\Thomas
2014-07-06 15:28 - 2014-07-06 15:28 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-06 15:15 - 2014-07-06 15:15 - 00052340 _____ () C:\windows\system32\.crusader
2014-07-06 15:15 - 2013-09-20 12:34 - 00000000 ____D () C:\windows\SysWOW64\lasld
2014-07-06 14:32 - 2014-07-06 14:32 - 00001073 _____ () C:\Users\Thomas\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-06 14:32 - 2014-07-06 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-06 14:32 - 2014-07-06 14:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-06 14:31 - 2014-07-06 14:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-06 14:10 - 2014-07-06 14:09 - 00000000 ____D () C:\Users\Thomas\AppData\Local\NPE
2014-07-05 22:07 - 2014-07-05 22:07 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-05 21:49 - 2014-07-03 22:59 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DVDVideoSoft
2014-07-05 21:40 - 2014-06-02 23:31 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-05 21:40 - 2012-08-26 00:29 - 00000000 ____D () C:\Program Files (x86)\Lexmark 5600-6600 Series
2014-07-05 21:31 - 2014-07-05 21:31 - 00003224 ____N () C:\bootsqm.dat
2014-07-05 20:25 - 2012-08-26 22:49 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Skype
2014-07-05 19:46 - 2014-07-05 19:46 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieUserList
2014-07-05 19:46 - 2014-07-05 19:46 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieSiteList
2014-07-05 19:35 - 2014-07-05 19:35 - 00321220 ____S () C:\windows\system32\eiqn.vzk
2014-07-05 19:35 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Sysprep
2014-07-04 02:16 - 2014-03-26 00:55 - 00000454 ____H () C:\windows\Tasks\Norton Security Scan for Thomas.job
2014-07-03 13:31 - 2014-03-10 13:29 - 00000000 ____D () C:\Users\Thomas\Desktop\RESUME STUFF
2014-06-29 22:09 - 2014-07-10 19:18 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-10 19:18 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-27 14:50 - 2014-07-03 23:03 - 00464160 _____ (Sendori) C:\windows\system32\plsapp64.dll
2014-06-26 00:13 - 2014-06-14 08:53 - 00000000 ____D () C:\ProgramData\AVG
2014-06-22 02:04 - 2014-06-22 02:04 - 00001424 _____ () C:\Users\Public\Desktop\Norton Security Scan.LNK
2014-06-22 02:04 - 2014-06-22 02:04 - 00000000 ____D () C:\windows\system32\Drivers\NSSx64
2014-06-22 02:04 - 2014-06-22 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2014-06-22 02:04 - 2014-06-22 02:04 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan
2014-06-22 02:04 - 2014-03-26 00:55 - 00003618 _____ () C:\windows\System32\Tasks\Norton Security Scan for Thomas
2014-06-22 02:04 - 2012-03-22 17:40 - 00000000 ____D () C:\ProgramData\Norton
2014-06-22 01:35 - 2014-06-12 18:07 - 00000000 ____D () C:\Program Files (x86)\Spotydl
2014-06-20 16:14 - 2014-07-10 19:17 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-10 19:17 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-18 21:39 - 2014-07-10 19:17 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-18 21:06 - 2014-07-10 19:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-18 21:06 - 2014-07-10 19:17 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-18 20:48 - 2014-07-10 19:17 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-18 20:42 - 2014-07-10 19:17 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-18 20:42 - 2014-07-10 19:17 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-18 20:41 - 2014-07-10 19:17 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-18 20:41 - 2014-07-10 19:17 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-18 20:32 - 2014-07-10 19:17 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-18 20:31 - 2014-07-10 19:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-18 20:26 - 2014-07-10 19:17 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-18 20:24 - 2014-07-10 19:17 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-18 20:24 - 2014-07-10 19:17 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-18 20:23 - 2014-07-10 19:17 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-18 20:16 - 2014-07-10 19:17 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-18 20:14 - 2014-07-10 19:17 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 20:09 - 2014-07-10 19:17 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-18 19:59 - 2014-07-10 19:17 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 19:56 - 2014-07-10 19:17 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-18 19:53 - 2014-07-10 19:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-18 19:51 - 2014-07-10 19:17 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-18 19:50 - 2014-07-10 19:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-18 19:48 - 2014-07-10 19:17 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-18 19:39 - 2014-07-10 19:17 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-18 19:38 - 2014-07-10 19:17 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-18 19:37 - 2014-07-10 19:17 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-18 19:36 - 2014-07-10 19:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-18 19:35 - 2014-07-10 19:17 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-18 19:33 - 2014-07-10 19:17 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-18 19:32 - 2014-07-10 19:17 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-18 19:28 - 2014-07-10 19:17 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-18 19:28 - 2014-07-10 19:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-18 19:27 - 2014-07-10 19:17 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-18 19:27 - 2014-07-10 19:17 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-18 19:25 - 2014-07-10 19:17 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-18 19:23 - 2014-07-10 19:17 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-18 19:22 - 2014-07-10 19:17 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-18 19:12 - 2014-07-10 19:17 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-18 19:06 - 2014-07-10 19:17 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 19:01 - 2014-07-10 19:17 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-18 18:59 - 2014-07-10 19:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-18 18:58 - 2014-07-10 19:17 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-18 18:58 - 2014-07-10 19:17 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-18 18:52 - 2014-07-10 19:17 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-18 18:51 - 2014-07-10 19:17 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-18 18:49 - 2014-07-10 19:17 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-18 18:46 - 2014-07-10 19:17 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-18 18:45 - 2014-07-10 19:17 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-18 18:35 - 2014-07-10 19:17 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-18 18:34 - 2014-07-10 19:17 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-18 18:15 - 2014-07-10 19:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-18 18:13 - 2014-07-10 19:17 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-18 18:09 - 2014-07-10 19:17 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-18 18:07 - 2014-07-10 19:17 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-18 00:55 - 2012-09-27 20:35 - 00003892 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 00:55 - 2012-09-27 20:35 - 00003640 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 22:18 - 2014-07-10 19:17 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-17 21:51 - 2014-07-10 19:17 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-17 21:10 - 2014-07-10 19:17 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-14 10:16 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-06-14 09:50 - 2012-08-25 22:50 - 00000000 ____D () C:\Users\Thomas\AppData\Local\VirtualStore
2014-06-14 08:54 - 2014-06-14 08:54 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\AVG
2014-06-14 08:54 - 2014-06-14 08:54 - 00000000 ____D () C:\Users\Thomas\AppData\Local\AVG
2014-06-14 08:53 - 2014-06-14 08:53 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-06-14 08:52 - 2014-06-14 08:52 - 00002011 _____ () C:\Users\Thomas\Desktop\FL Studio 11.lnk
2014-06-14 08:52 - 2014-06-14 08:52 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\FlowStone
2014-06-14 08:52 - 2014-06-14 08:52 - 00000000 ____D () C:\Program Files\Image-Line
2014-06-14 08:52 - 2014-06-14 08:52 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2014-06-14 08:52 - 2014-03-26 00:36 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-06-14 08:49 - 2012-08-28 15:17 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-06-14 08:47 - 2014-06-14 08:38 - 314810096 _____ (Image-Line) C:\Users\Thomas\Downloads\flstudio_11.0.4.exe
2014-06-13 17:06 - 2014-06-13 17:06 - 00000000 ____D () C:\windows\System32\Tasks\Norton Security Suite
2014-06-13 17:01 - 2014-06-13 17:01 - 00003228 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-06-13 16:58 - 2012-08-25 21:27 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
2014-06-13 16:57 - 2014-03-24 02:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-06-13 16:57 - 2012-08-25 21:28 - 00002411 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2014-06-12 18:09 - 2014-06-12 18:07 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Spotydl
2014-06-12 18:07 - 2014-06-12 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotydl
2014-06-12 18:06 - 2014-06-12 18:06 - 28675667 _____ (spotydl.com ) C:\Users\Thomas\Downloads\spotydl_setup (1).exe
2014-06-12 17:08 - 2014-06-12 17:08 - 00001824 _____ () C:\Users\Thomas\Desktop\Spotify.lnk
2014-06-12 17:08 - 2014-06-12 17:08 - 00001810 _____ () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-06-12 17:06 - 2014-06-12 17:06 - 00126112 _____ (Spotify Ltd) C:\Users\Thomas\Downloads\SpotifySetup.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-29 00:51
 
==================== End Of Log ============================
Hi, Kevin! Is this good?

Addition.txt

Link to post
Share on other sites

The computer won't let me. When I search through the browse function, on virustotal, the file does not appear. When I look through the regular explore windows I am able to see the file. If I try to copy the file to another location a message pops-up saying that I "need to provide administrator permission to copy this file." I click the continue button with the little shield and then another windows comes up and says I "require permission from Administrators to make changes to this file." I tried the "Try Again" button, but it just pops up again.

 

I'm not sure what to do.

Link to post
Share on other sites

I'm sorry, this might be a little frustrating.

 

The box above "Scan it" and to the left of "Choose File" is not a box that I am able to type text into. It's like it's a button because I can only click it. It opens the explorer to find "Open" a file that I select. If I type C:\windows\system32\eiqn.vzk into the explorer search box, that virustotal's "Choose File" box opened up because I does not register as a text box to type in, at least not in my browser, the result is another small windows telling me the file cannot be found.

 

Should I try using a different browser?

Link to post
Share on other sites

I followed your instructions.

 

When I select "Open" after, copying and pasting "C:\windows\system32\eiqn.vzk" into the "File name" box, the explorer background changes at the top to "Windows\System32\. A small pop up appears with a sound. "Choose File to Upload is in the header.

 

"eiqn.vzk

File not found.

Check the file name and try again."

 

When I search for the file in a different explorer window, other than the one virustotal opens automatically, I can locate the file in "windows\system32\"

 

I checked the permissions on the file via properties and it is limited only to "SYSTEM."

 

Does that make sense at all?

Link to post
Share on other sites

I know it says not to reply to yourself and all, but I have the results of a scan.

 

I went to the file in windows\system32\ and changed the permissions by adding Thomas. I then copy and pasted the file to the desktop, went to virustotal, was able to locate and upload the desktop copy. These are the results of what I could copy and paste.

 

 

SHA256: ffd2155a2b4ad9239c78e1368de190f05148b10779ab4749bb14444a01b6bab4
File name: eiqn.vzk
Detection ratio: 0 / 54
Analysis date: 2014-07-12 01:56:35 UTC ( 0 minutes ago )
 
Do you need the "additional information" from the scan results?
Link to post
Share on other sites

Thanks for the update, no need for additional information. No obvious malware/infection in logs up to now... Just one more scan to run..

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Thanks,

 

Kevin

Link to post
Share on other sites

Here are the results of the scan.

 

C:\$Recycle.Bin\S-1-5-21-655699869-1434057433-2690572627-1006\$RQDRCUK\Quarantine\C\Users\Thomas\Uncompressor\Uninstall\Uninstall.exe.vir a variant of Win32/InstallCore.AG potentially unwanted application
C:\Users\Thomas\Downloads\FL Studio_download.exe Win32/DownWare.Y potentially unwanted application
C:\Users\Thomas\Downloads\flstudio_10.0.9c.exe Win32/OpenCandy potentially unsafe application
C:\Users\Thomas\Downloads\flstudio_11.0.4.exe Win32/OpenCandy potentially unsafe application
C:\Users\Thomas\Downloads\spotydl_setup (1).exe Win32/InstallMonetizer.AF potentially unwanted application

 

Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :Filesipconfig /flushdns /cC:\$Recycle.Bin\S-1-5-21-655699869-1434057433-2690572627-1006\$RQDRCUK\Quarantine\C\Users\Thomas\Uncompressor\Uninstall\Uninstall.exe.virC:\Users\Thomas\Downloads\FL Studio_download.exeC:\Users\Thomas\Downloads\flstudio_10.0.9c.exeC:\Users\Thomas\Downloads\flstudio_11.0.4.exeC:\Users\Thomas\Downloads\spotydl_setup (1).exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Let me see that log, also let me know if there are any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

 

Files moved on Reboot...

 

C:\Users\Thomas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

 

C:\Users\Thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

 

 

 

Registry entries deleted on Reboot...

 

Does this log appear good? My original problem was with Malwarebytes never being able to complete a full scan. I'm going to try to run a full scan with Malwarebytes and hope that it doesn't get stuck. If it still does get stuck I'll let you know. Shouldn't be more than 3 hours.
Link to post
Share on other sites

Scan still gets stuck around 1 hour and 5 minutes. This time it is at.

 

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini

 

When I ran OTM a small window popped up and said it encountered an error and would shutdown. The program still ran behind the small window and the area under the green header "Results' became filled with text. I could not copy and paste the results to a file. I assumed this was normal and the computer restarted on its own. When it started up again, Notepad, was open with the above "partial log." The folder you specified, to locate the log in, contains a file with the size of 1kb and reads as "07122014_194236," type "Text Document." Above it, in the same folder, is a folder with the same name and it is filled with the moved items in the partial log I gave you above, plus the ones mentioned in the text you told me to copy and paste into OTM.

 

I'm not sure where the full log is. What should I do?

Link to post
Share on other sites

I`m not too concerned about the OTM log, the entries to move were not malicious per se. The main concern is Mawarebytes failure to complete a scan, obviously we need to find the cause....

 

Uninstall this program AVG PC TuneUp Re-boot the system to Safe Mode with Networking...

 

Next,

 

Open Malwarebytes 2.0, run a Threat Scan

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

.

 

Next,

 

Boot to normal mode, run FRST one more time. Ensure "addition" is check marked under "Optional scans" post the two fresh logs....

 

Kevin

Link to post
Share on other sites

I was unable to find AVG PC TuneUp as a program to uninstall. I looked through explorer and through the control panel "Uninstall Programs." If I view explorer with hidden folders visible, I am able to find a folder named AVG in "Programs" and also in "Thomas\AppData\Local." Further viewing the folders shows no applications, but smaller folders.

 

Please, advise.

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Re-boot to safe mode with networking...

 

Open Malwarebytes 2.0, run a Threat Scan

 

 

  •  

  • On the Dashboard, click the 'Update Now >>' link

     

  • After the update completes, click the 'Scan Now >>' button.

     

  • Or, on the Dashboard, click the Scan Now >> button.

     

  • If an update is available, click the Update Now button.

     

  • A Threat Scan will begin.

     

  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

     

  • In most cases, a restart will be required.

     

  • Wait for the prompt to restart the computer to appear, then click on Yes.

     

 

Post log:

 

 

  •  

  • After the restart once you are back at your desktop, open MBAM once more.

     

  • Click on the History tab > Application Logs.

     

  • Double click on the scan log which shows the Date and time of the scan just performed.

     

  • Click 'Copy to Clipboard'

     

  • Paste the contents of the clipboard into your reply.

     

.

 

Next,

 

Boot to normal mode, run FRST one more time. Ensure "addition" is check marked under "Optional scans" post the two fresh logs....

 

Kevin

fixlist.txt

Link to post
Share on other sites

I ran the fixlist.txt in FRST, pressed Fix once, and was told the computer would shutdown. I did see a log created on the desktop, but the computer restarted. It appears as a black screen with the mouse visible, but everything else is black. I tried to restart in Safe Mode, but it is the same result. A black screen with the only the mouse visible. Rebooting to normal gives the same result. Any fix to this?

Link to post
Share on other sites

None of the entries removed in FRST.fix would cause a issue as you describe, not sure what has happened...

 

Can you run FRST as follows...

 

Please download Farbar Recovery Scan Tool from here:                                                                  

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Plug the flash drive into the infected PC.

 

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

 

If you are using Vista or Windows 7 enter System Recovery Options.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options I give two methods, use whichever is convenient for you.

 

To enter System Recovery Options from the Advanced Boot Options:


Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

 

To enter System Recovery Options by using Windows installation disc:


Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

 

On the System Recovery Options menu you may get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

 


Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

Kevin

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2014

Ran by SYSTEM on MININT-8CVUM0L on 13-07-2014 13:21:30

Running from f:\

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Recovery

 

The current controlset is ControlSet002

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

 

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [] => [X]

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\Thomas\...\Policies\system: [LogonHoursAction] 2

HKU\Thomas\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers-x32: EnhancedStorageShell -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} =>  No File

ShellIconOverlayIdentifiers-x32: SharingPrivate -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} =>  No File

BootExecute: autocheck autochk * bootdelete

 

==================== Services (Whitelisted) =================

 

S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)

S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)

S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-20] ()

S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)

S2 lxduCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)

S2 lxdu_device; C:\windows\system32\lxducoms.exe [1039360 2009-10-16] ( )

S2 lxdu_device; C:\windows\SysWOW64\lxducoms.exe [589824 2009-10-16] ( )

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [265040 2014-05-23] (Symantec Corporation)

S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe [123320 2014-03-17] (Symantec Corporation)

S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [126392 2011-11-30] (Symantec Corporation)

 

==================== Drivers (Whitelisted) ====================

 

S1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50464 2014-06-02] (AVG Technologies)

S1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)

S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)

S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)

S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)

S1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140711.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)

S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-13] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

S3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140711.018\ENG64.SYS [126040 2014-03-24] (Symantec Corporation)

S3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140711.018\EX64.SYS [2099288 2014-03-24] (Symantec Corporation)

S3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )

S3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2011-12-22] (Synaptics Incorporated)

S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)

S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)

S0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)

S0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)

S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-19] (Symantec Corporation)

S1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)

S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-07-13 07:44 - 2014-07-13 07:44 - 00000000 ____D () C:\Users\Thomas\Desktop\FRST-OlderVersion

2014-07-12 15:42 - 2014-07-12 15:42 - 00000000 ____D () C:\_OTM

2014-07-12 15:39 - 2012-08-03 18:37 - 00522240 _____ (OldTimer Tools) C:\Users\Thomas\Desktop\OTM.exe

2014-07-12 11:52 - 2014-07-12 11:52 - 00010438 _____ () C:\Users\Thomas\Desktop\ESET SCAN.txt

2014-07-11 19:09 - 2014-07-13 07:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2014-07-11 19:09 - 2014-07-11 19:09 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-11 19:09 - 2014-07-11 19:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-11 19:09 - 2014-05-12 03:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys

2014-07-11 19:09 - 2014-05-12 03:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys

2014-07-11 19:09 - 2014-05-12 03:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2014-07-11 17:52 - 2014-07-05 15:35 - 00321220 ____S () C:\Users\Thomas\Desktop\eiqn.vzk

2014-07-11 16:07 - 2014-07-11 16:07 - 00033937 _____ () C:\Users\Thomas\Desktop\Addition.txt

2014-07-11 16:06 - 2014-07-13 13:21 - 00000000 ____D () C:\FRST

2014-07-11 16:06 - 2014-07-11 16:07 - 00057147 _____ () C:\Users\Thomas\Desktop\FRST.txt

2014-07-11 16:05 - 2014-07-13 07:44 - 02086912 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe

2014-07-11 12:46 - 2014-01-08 18:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-07-11 12:46 - 2014-01-03 14:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll

2014-07-11 09:31 - 2014-07-11 09:40 - 00002360 _____ () C:\Users\Thomas\Desktop\Rkill.txt

2014-07-11 09:16 - 2014-07-11 09:16 - 00060352 _____ () C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-11 07:56 - 2014-07-13 07:49 - 00000672 _____ () C:\Windows\setupact.log

2014-07-11 07:56 - 2014-07-11 07:56 - 00272432 _____ () C:\Windows\System32\FNTCACHE.DAT

2014-07-11 07:56 - 2014-07-11 07:56 - 00000000 _____ () C:\Windows\setuperr.log

2014-07-10 23:03 - 2014-07-10 23:03 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-10 23:03 - 2014-07-10 23:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-07-10 23:02 - 2014-07-10 23:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-07-10 23:02 - 2014-07-10 23:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-07-10 23:02 - 2014-07-10 23:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-07-10 23:02 - 2014-07-10 23:02 - 00000000 ____D () C:\Program Files (x86)\Java

2014-07-10 23:01 - 2014-07-10 23:01 - 00918952 _____ (Oracle Corporation) C:\Users\Thomas\Downloads\chromeinstall-7u60.exe

2014-07-10 22:45 - 2014-07-10 22:45 - 01348263 _____ () C:\Users\Thomas\Downloads\adwcleaner_3.215.exe

2014-07-10 20:25 - 2014-07-10 20:25 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

2014-07-10 20:25 - 2014-07-10 20:25 - 00000000 ____D () C:\Users\Thomas\AppData\Local\VS Revo Group

2014-07-10 20:25 - 2014-07-10 20:25 - 00000000 ____D () C:\ProgramData\VS Revo Group

2014-07-10 20:25 - 2014-07-10 20:25 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-07-10 20:25 - 2009-12-30 06:21 - 00031800 _____ (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys

2014-07-10 20:23 - 2014-07-10 20:23 - 10619688 _____ (VS Revo Group ) C:\Users\Thomas\Downloads\RevoUninProSetup.exe

2014-07-10 15:32 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys

2014-07-10 15:32 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

2014-07-10 15:32 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2014-07-10 15:32 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll

2014-07-10 15:32 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll

2014-07-10 15:32 - 2013-10-01 17:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll

2014-07-10 15:32 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll

2014-07-10 15:32 - 2013-10-01 16:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\System32\rdvidcrl.dll

2014-07-10 15:32 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll

2014-07-10 15:32 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll

2014-07-10 15:32 - 2013-10-01 16:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe

2014-07-10 15:32 - 2013-10-01 16:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\wksprt.exe

2014-07-10 15:32 - 2013-10-01 15:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2014-07-10 15:32 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe

2014-07-10 15:32 - 2013-10-01 15:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll

2014-07-10 15:32 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-07-10 15:27 - 2013-09-24 18:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\System32\TSWorkspace.dll

2014-07-10 15:27 - 2013-09-24 17:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-07-10 15:18 - 2014-06-29 18:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll

2014-07-10 15:18 - 2014-06-29 18:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll

2014-07-10 15:17 - 2014-06-20 12:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2014-07-10 15:17 - 2014-06-20 11:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-07-10 15:17 - 2014-06-18 17:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2014-07-10 15:17 - 2014-06-18 17:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2014-07-10 15:17 - 2014-06-18 17:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll

2014-07-10 15:17 - 2014-06-18 16:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2014-07-10 15:17 - 2014-06-18 16:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2014-07-10 15:17 - 2014-06-18 16:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2014-07-10 15:17 - 2014-06-18 16:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll

2014-07-10 15:17 - 2014-06-18 16:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll

2014-07-10 15:17 - 2014-06-18 16:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2014-07-10 15:17 - 2014-06-18 16:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2014-07-10 15:17 - 2014-06-18 16:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2014-07-10 15:17 - 2014-06-18 16:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2014-07-10 15:17 - 2014-06-18 16:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe

2014-07-10 15:17 - 2014-06-18 16:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll

2014-07-10 15:17 - 2014-06-18 16:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-07-10 15:17 - 2014-06-18 16:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2014-07-10 15:17 - 2014-06-18 16:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2014-07-10 15:17 - 2014-06-18 15:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll

2014-07-10 15:17 - 2014-06-18 15:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-07-10 15:17 - 2014-06-18 15:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll

2014-07-10 15:17 - 2014-06-18 15:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2014-07-10 15:17 - 2014-06-18 15:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2014-07-10 15:17 - 2014-06-18 15:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2014-07-10 15:17 - 2014-06-18 15:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2014-07-10 15:17 - 2014-06-18 15:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-07-10 15:17 - 2014-06-18 15:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-07-10 15:17 - 2014-06-18 15:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-07-10 15:17 - 2014-06-18 15:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-07-10 15:17 - 2014-06-18 15:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2014-07-10 15:17 - 2014-06-18 15:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-07-10 15:17 - 2014-06-18 15:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-07-10 15:17 - 2014-06-18 15:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-07-10 15:17 - 2014-06-18 15:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2014-07-10 15:17 - 2014-06-18 15:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2014-07-10 15:17 - 2014-06-18 15:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-07-10 15:17 - 2014-06-18 15:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-07-10 15:17 - 2014-06-18 15:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-07-10 15:17 - 2014-06-18 15:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-07-10 15:17 - 2014-06-18 15:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-07-10 15:17 - 2014-06-18 15:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-07-10 15:17 - 2014-06-18 14:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-07-10 15:17 - 2014-06-18 14:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2014-07-10 15:17 - 2014-06-18 14:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-07-10 15:17 - 2014-06-18 14:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-07-10 15:17 - 2014-06-18 14:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2014-07-10 15:17 - 2014-06-18 14:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-07-10 15:17 - 2014-06-18 14:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-07-10 15:17 - 2014-06-18 14:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-07-10 15:17 - 2014-06-18 14:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-07-10 15:17 - 2014-06-18 14:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2014-07-10 15:17 - 2014-06-18 14:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2014-07-10 15:17 - 2014-06-18 14:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-07-10 15:17 - 2014-06-18 14:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-07-10 15:17 - 2014-06-18 14:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-07-10 15:17 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe

2014-07-10 15:17 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe

2014-07-10 15:17 - 2014-06-17 17:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys

2014-07-10 15:17 - 2014-06-06 02:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll

2014-07-10 15:17 - 2014-06-06 01:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-07-10 15:17 - 2014-06-05 06:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll

2014-07-10 15:17 - 2014-06-05 06:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-07-10 15:17 - 2014-06-05 06:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-07-10 15:17 - 2014-05-30 00:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll

2014-07-10 15:17 - 2014-05-30 00:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll

2014-07-10 15:17 - 2014-05-30 00:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll

2014-07-10 15:17 - 2014-05-30 00:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2014-07-10 15:17 - 2014-05-30 00:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll

2014-07-10 15:17 - 2014-05-30 00:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll

2014-07-10 15:17 - 2014-05-30 00:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll

2014-07-10 15:17 - 2014-05-29 23:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-07-10 15:17 - 2014-05-29 23:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-07-10 15:17 - 2014-05-29 23:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-07-10 15:17 - 2014-05-29 23:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2014-07-10 15:17 - 2014-05-29 23:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-07-10 15:17 - 2014-05-29 23:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-07-10 15:17 - 2014-05-29 23:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-07-10 15:17 - 2014-05-29 22:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys

2014-07-10 15:04 - 2014-07-10 15:05 - 00000000 ____D () C:\Program Files\CCleaner

2014-07-10 15:04 - 2014-07-10 15:04 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-07-10 15:04 - 2014-07-10 15:04 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-07-10 11:28 - 2014-07-10 11:28 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013

2014-07-08 19:25 - 2014-07-08 19:25 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\WinRAR

2014-07-08 19:25 - 2014-07-08 19:25 - 00000000 ____D () C:\Program Files\WinRAR

2014-07-08 09:14 - 2014-07-10 21:53 - 00029696 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys

2014-07-08 07:47 - 2014-07-08 07:47 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Desktop\rkill.exe

2014-07-07 18:52 - 2014-07-10 11:59 - 00000000 ____D () C:\Windows\Minidump

2014-07-07 17:15 - 2014-07-07 17:15 - 00000000 ____D () C:\Windows\ERUNT

2014-07-07 16:52 - 2010-08-30 04:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-07-07 15:45 - 2014-07-10 21:55 - 00030312 _____ () C:\Windows\System32\Drivers\TrueSight.sys

2014-07-06 11:28 - 2014-07-06 11:28 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-07-06 11:15 - 2014-07-06 11:15 - 00052340 _____ () C:\Windows\System32\.crusader

2014-07-06 11:08 - 2014-07-10 22:06 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-07-06 10:32 - 2014-07-06 10:32 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-06 10:31 - 2014-07-06 10:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-06 10:09 - 2014-07-06 10:10 - 00000000 ____D () C:\Users\Thomas\AppData\Local\NPE

2014-07-05 18:07 - 2014-07-05 18:07 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-07-05 15:46 - 2014-07-05 15:46 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieUserList

2014-07-05 15:46 - 2014-07-05 15:46 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieSiteList

2014-07-05 15:35 - 2014-07-05 15:35 - 00321220 ____S () C:\Windows\System32\eiqn.vzk

2014-07-03 19:03 - 2014-06-27 10:50 - 00464160 _____ (Sendori) C:\Windows\System32\plsapp64.dll

2014-07-03 18:59 - 2014-07-05 17:49 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DVDVideoSoft

2014-06-21 22:04 - 2014-06-21 22:04 - 00001424 _____ () C:\Users\Public\Desktop\Norton Security Scan.LNK

2014-06-21 22:04 - 2014-06-21 22:04 - 00000000 ____D () C:\Windows\System32\Drivers\NSSx64

2014-06-21 22:04 - 2014-06-21 22:04 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan

2014-06-14 04:52 - 2014-06-14 04:52 - 00002011 _____ () C:\Users\Thomas\Desktop\FL Studio 11.lnk

2014-06-14 04:52 - 2014-06-14 04:52 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\FlowStone

2014-06-14 04:52 - 2014-06-14 04:52 - 00000000 ____D () C:\Program Files\Image-Line

2014-06-14 04:52 - 2014-06-14 04:52 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics

2014-06-13 13:06 - 2014-06-13 13:06 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite

2014-06-13 13:01 - 2014-06-13 13:01 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration

 

==================== One Month Modified Files and Folders =======

 

2014-07-13 13:21 - 2014-07-11 16:06 - 00000000 ____D () C:\FRST

2014-07-13 07:49 - 2014-07-11 07:56 - 00000672 _____ () C:\Windows\setupact.log

2014-07-13 07:49 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-13 07:44 - 2014-07-13 07:44 - 00000000 ____D () C:\Users\Thomas\Desktop\FRST-OlderVersion

2014-07-13 07:44 - 2014-07-11 16:05 - 02086912 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe

2014-07-13 07:44 - 2012-08-25 11:58 - 01399981 _____ () C:\Windows\WindowsUpdate.log

2014-07-13 07:41 - 2014-07-11 19:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2014-07-13 07:40 - 2012-09-27 16:35 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-13 07:40 - 2012-08-25 12:03 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

2014-07-13 05:52 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-13 05:52 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-12 17:04 - 2012-08-25 13:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-12 17:00 - 2012-09-27 16:35 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-12 15:42 - 2014-07-12 15:42 - 00000000 ____D () C:\_OTM

2014-07-12 15:39 - 2012-08-26 16:16 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\SoftGrid Client

2014-07-12 15:32 - 2014-03-25 20:55 - 00000454 ____H () C:\Windows\Tasks\Norton Security Scan for Thomas.job

2014-07-12 11:52 - 2014-07-12 11:52 - 00010438 _____ () C:\Users\Thomas\Desktop\ESET SCAN.txt

2014-07-12 10:34 - 2012-08-25 12:03 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

2014-07-11 19:09 - 2014-07-11 19:09 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-11 19:09 - 2014-07-11 19:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-11 19:09 - 2009-07-13 21:13 - 00784248 _____ () C:\Windows\System32\PerfStringBackup.INI

2014-07-11 16:07 - 2014-07-11 16:07 - 00033937 _____ () C:\Users\Thomas\Desktop\Addition.txt

2014-07-11 16:07 - 2014-07-11 16:06 - 00057147 _____ () C:\Users\Thomas\Desktop\FRST.txt

2014-07-11 09:40 - 2014-07-11 09:31 - 00002360 _____ () C:\Users\Thomas\Desktop\Rkill.txt

2014-07-11 09:16 - 2014-07-11 09:16 - 00060352 _____ () C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-11 07:56 - 2014-07-11 07:56 - 00272432 _____ () C:\Windows\System32\FNTCACHE.DAT

2014-07-11 07:56 - 2014-07-11 07:56 - 00000000 _____ () C:\Windows\setuperr.log

2014-07-10 23:03 - 2014-07-10 23:03 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-10 23:02 - 2014-07-10 23:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-07-10 23:02 - 2014-07-10 23:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-07-10 23:02 - 2014-07-10 23:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-07-10 23:02 - 2014-07-10 23:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-07-10 23:02 - 2014-07-10 23:02 - 00000000 ____D () C:\Program Files (x86)\Java

2014-07-10 23:01 - 2014-07-10 23:01 - 00918952 _____ (Oracle Corporation) C:\Users\Thomas\Downloads\chromeinstall-7u60.exe

2014-07-10 22:45 - 2014-07-10 22:45 - 01348263 _____ () C:\Users\Thomas\Downloads\adwcleaner_3.215.exe

2014-07-10 22:06 - 2014-07-06 11:08 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-07-10 21:55 - 2014-07-07 15:45 - 00030312 _____ () C:\Windows\System32\Drivers\TrueSight.sys

2014-07-10 21:53 - 2014-07-08 09:14 - 00029696 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys

2014-07-10 20:25 - 2014-07-10 20:25 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

2014-07-10 20:25 - 2014-07-10 20:25 - 00000000 ____D () C:\Users\Thomas\AppData\Local\VS Revo Group

2014-07-10 20:25 - 2014-07-10 20:25 - 00000000 ____D () C:\ProgramData\VS Revo Group

2014-07-10 20:25 - 2014-07-10 20:25 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-07-10 20:23 - 2014-07-10 20:23 - 10619688 _____ (VS Revo Group ) C:\Users\Thomas\Downloads\RevoUninProSetup.exe

2014-07-10 15:34 - 2014-05-08 23:00 - 00000000 ___SD () C:\Windows\System32\CompatTel

2014-07-10 15:34 - 2010-11-20 23:17 - 00000000 ____D () C:\Program Files\Windows Journal

2014-07-10 15:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2014-07-10 15:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism

2014-07-10 15:31 - 2013-08-15 08:59 - 00000000 ____D () C:\Windows\System32\MRT

2014-07-10 15:29 - 2012-08-25 15:00 - 96441528 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

2014-07-10 15:17 - 2012-03-22 13:32 - 00000000 ____D () C:\Windows\Panther

2014-07-10 15:16 - 2012-09-03 11:42 - 00000000 ____D () C:\Users\Thomas\AppData\Local\CrashDumps

2014-07-10 15:05 - 2014-07-10 15:04 - 00000000 ____D () C:\Program Files\CCleaner

2014-07-10 15:04 - 2014-07-10 15:04 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-07-10 15:04 - 2014-07-10 15:04 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-07-10 11:59 - 2014-07-07 18:52 - 00000000 ____D () C:\Windows\Minidump

2014-07-10 11:41 - 2012-08-25 12:45 - 00000000 ____D () C:\Program Files\Google

2014-07-10 11:40 - 2012-08-25 12:44 - 00000000 ____D () C:\Program Files (x86)\Google

2014-07-10 11:28 - 2014-07-10 11:28 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013

2014-07-10 11:23 - 2012-08-30 14:21 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Google

2014-07-09 18:04 - 2012-08-25 13:04 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-07-09 18:04 - 2012-08-25 13:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-07-09 18:04 - 2012-03-22 13:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-07-08 19:25 - 2014-07-08 19:25 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\WinRAR

2014-07-08 19:25 - 2014-07-08 19:25 - 00000000 ____D () C:\Program Files\WinRAR

2014-07-08 18:59 - 2014-05-31 07:37 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Audacity

2014-07-08 07:52 - 2009-07-13 21:08 - 00032542 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-07-08 07:47 - 2014-07-08 07:47 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Thomas\Desktop\rkill.exe

2014-07-08 07:26 - 2014-06-12 13:09 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Spotify

2014-07-08 07:26 - 2014-06-12 13:07 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Spotify

2014-07-07 17:15 - 2014-07-07 17:15 - 00000000 ____D () C:\Windows\ERUNT

2014-07-07 16:54 - 2012-08-25 18:50 - 00000000 ____D () C:\users\Thomas

2014-07-06 11:28 - 2014-07-06 11:28 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-07-06 11:15 - 2014-07-06 11:15 - 00052340 _____ () C:\Windows\System32\.crusader

2014-07-06 11:15 - 2013-09-20 08:34 - 00000000 ____D () C:\Windows\SysWOW64\lasld

2014-07-06 10:32 - 2014-07-06 10:32 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-06 10:31 - 2014-07-06 10:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-06 10:10 - 2014-07-06 10:09 - 00000000 ____D () C:\Users\Thomas\AppData\Local\NPE

2014-07-05 18:07 - 2014-07-05 18:07 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-07-05 17:49 - 2014-07-03 18:59 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DVDVideoSoft

2014-07-05 17:40 - 2014-06-02 19:31 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-07-05 17:40 - 2012-08-25 20:29 - 00000000 ____D () C:\Program Files (x86)\Lexmark 5600-6600 Series

2014-07-05 16:25 - 2012-08-26 18:49 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Skype

2014-07-05 15:46 - 2014-07-05 15:46 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieUserList

2014-07-05 15:46 - 2014-07-05 15:46 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieSiteList

2014-07-05 15:35 - 2014-07-11 17:52 - 00321220 ____S () C:\Users\Thomas\Desktop\eiqn.vzk

2014-07-05 15:35 - 2014-07-05 15:35 - 00321220 ____S () C:\Windows\System32\eiqn.vzk

2014-07-05 15:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Sysprep

2014-07-03 09:31 - 2014-03-10 09:29 - 00000000 ____D () C:\Users\Thomas\Desktop\RESUME STUFF

2014-06-29 18:09 - 2014-07-10 15:18 - 00519168 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll

2014-06-29 18:04 - 2014-07-10 15:18 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll

2014-06-27 10:50 - 2014-07-03 19:03 - 00464160 _____ (Sendori) C:\Windows\System32\plsapp64.dll

2014-06-21 22:04 - 2014-06-21 22:04 - 00001424 _____ () C:\Users\Public\Desktop\Norton Security Scan.LNK

2014-06-21 22:04 - 2014-06-21 22:04 - 00000000 ____D () C:\Windows\System32\Drivers\NSSx64

2014-06-21 22:04 - 2014-06-21 22:04 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan

2014-06-21 22:04 - 2014-03-25 20:55 - 00003618 _____ () C:\Windows\System32\Tasks\Norton Security Scan for Thomas

2014-06-21 22:04 - 2012-03-22 13:40 - 00000000 ____D () C:\ProgramData\Norton

2014-06-21 21:35 - 2014-06-12 14:07 - 00000000 ____D () C:\Program Files (x86)\Spotydl

2014-06-20 12:14 - 2014-07-10 15:17 - 00266424 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2014-06-20 11:39 - 2014-07-10 15:17 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-06-18 17:39 - 2014-07-10 15:17 - 23464448 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2014-06-18 17:06 - 2014-07-10 15:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2014-06-18 17:06 - 2014-07-10 15:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll

2014-06-18 16:48 - 2014-07-10 15:17 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2014-06-18 16:42 - 2014-07-10 15:17 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2014-06-18 16:42 - 2014-07-10 15:17 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2014-06-18 16:41 - 2014-07-10 15:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll

2014-06-18 16:41 - 2014-07-10 15:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll

2014-06-18 16:32 - 2014-07-10 15:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2014-06-18 16:31 - 2014-07-10 15:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2014-06-18 16:26 - 2014-07-10 15:17 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2014-06-18 16:24 - 2014-07-10 15:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2014-06-18 16:24 - 2014-07-10 15:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe

2014-06-18 16:23 - 2014-07-10 15:17 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll

2014-06-18 16:16 - 2014-07-10 15:17 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-06-18 16:14 - 2014-07-10 15:17 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2014-06-18 16:09 - 2014-07-10 15:17 - 00452608 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2014-06-18 15:59 - 2014-07-10 15:17 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll

2014-06-18 15:56 - 2014-07-10 15:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-06-18 15:53 - 2014-07-10 15:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll

2014-06-18 15:51 - 2014-07-10 15:17 - 05721088 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2014-06-18 15:50 - 2014-07-10 15:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2014-06-18 15:48 - 2014-07-10 15:17 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2014-06-18 15:39 - 2014-07-10 15:17 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2014-06-18 15:38 - 2014-07-10 15:17 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-06-18 15:37 - 2014-07-10 15:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-06-18 15:36 - 2014-07-10 15:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-06-18 15:35 - 2014-07-10 15:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-06-18 15:33 - 2014-07-10 15:17 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2014-06-18 15:32 - 2014-07-10 15:17 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-06-18 15:28 - 2014-07-10 15:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-06-18 15:28 - 2014-07-10 15:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-06-18 15:27 - 2014-07-10 15:17 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2014-06-18 15:27 - 2014-07-10 15:17 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2014-06-18 15:25 - 2014-07-10 15:17 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-06-18 15:23 - 2014-07-10 15:17 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-06-18 15:22 - 2014-07-10 15:17 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-06-18 15:12 - 2014-07-10 15:17 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-06-18 15:06 - 2014-07-10 15:17 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-06-18 15:01 - 2014-07-10 15:17 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-06-18 14:59 - 2014-07-10 15:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-06-18 14:58 - 2014-07-10 15:17 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2014-06-18 14:58 - 2014-07-10 15:17 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-06-18 14:52 - 2014-07-10 15:17 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-06-18 14:51 - 2014-07-10 15:17 - 13527040 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2014-06-18 14:49 - 2014-07-10 15:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-06-18 14:46 - 2014-07-10 15:17 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-06-18 14:45 - 2014-07-10 15:17 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-06-18 14:35 - 2014-07-10 15:17 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-06-18 14:34 - 2014-07-10 15:17 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2014-06-18 14:15 - 2014-07-10 15:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2014-06-18 14:13 - 2014-07-10 15:17 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-06-18 14:09 - 2014-07-10 15:17 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-06-18 14:07 - 2014-07-10 15:17 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-06-17 20:55 - 2012-09-27 16:35 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-06-17 20:55 - 2012-09-27 16:35 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-06-17 18:18 - 2014-07-10 15:17 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe

2014-06-17 17:51 - 2014-07-10 15:17 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe

2014-06-17 17:10 - 2014-07-10 15:17 - 03157504 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys

2014-06-14 06:16 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache

2014-06-14 05:50 - 2012-08-25 18:50 - 00000000 ____D () C:\Users\Thomas\AppData\Local\VirtualStore

2014-06-14 04:52 - 2014-06-14 04:52 - 00002011 _____ () C:\Users\Thomas\Desktop\FL Studio 11.lnk

2014-06-14 04:52 - 2014-06-14 04:52 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\FlowStone

2014-06-14 04:52 - 2014-06-14 04:52 - 00000000 ____D () C:\Program Files\Image-Line

2014-06-14 04:52 - 2014-06-14 04:52 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics

2014-06-14 04:49 - 2012-08-28 11:17 - 00000000 ____D () C:\Program Files (x86)\Image-Line

2014-06-13 13:06 - 2014-06-13 13:06 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite

2014-06-13 13:01 - 2014-06-13 13:01 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration

2014-06-13 12:58 - 2012-08-25 17:27 - 00000000 ____D () C:\Windows\System32\Drivers\N360x64

2014-06-13 12:57 - 2012-08-25 17:28 - 00002411 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk

 

==================== Known DLLs (Whitelisted) ================

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== EXE Association (whitelisted) =============

 

 

==================== Restore Points  =========================

 

Restore point made on: 2014-07-10 15:27:59

Restore point made on: 2014-07-10 20:28:31

Restore point made on: 2014-07-10 20:35:38

Restore point made on: 2014-07-10 21:39:49

Restore point made on: 2014-07-10 21:43:39

Restore point made on: 2014-07-10 21:48:35

Restore point made on: 2014-07-10 21:51:21

Restore point made on: 2014-07-10 21:52:19

Restore point made on: 2014-07-10 22:03:31

Restore point made on: 2014-07-10 22:15:54

Restore point made on: 2014-07-10 22:33:03

Restore point made on: 2014-07-10 22:35:04

Restore point made on: 2014-07-10 22:40:52

Restore point made on: 2014-07-10 22:54:48

Restore point made on: 2014-07-10 22:55:20

Restore point made on: 2014-07-10 23:02:18

Restore point made on: 2014-07-11 12:59:06

Restore point made on: 2014-07-11 18:56:16

Restore point made on: 2014-07-11 19:00:23

Restore point made on: 2014-07-13 05:51:44

 

==================== Memory info =========================== 

 

Percentage of memory in use: 11%

Total physical RAM: 6036.8 MB

Available physical RAM: 5354.26 MB

Total Pagefile: 6035 MB

Available Pagefile: 5338.64 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

 

==================== Drives ================================

 

Drive c: (TI106401W0D) (Fixed) (Total:581.42 GB) (Free:479.54 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.25 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive f: (UNTITLED) (Removable) (Total:7.52 GB) (Free:7.51 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: ABC3903B)

Partition 1: (Active) - (Size=1 GB) - (Type=27)

Partition 2: (Not Active) - (Size=581 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=13 GB) - (Type=17)

 

========================================================

Disk: 1 (Size: 8 GB) (Disk ID: 00000000)

 

Partition: GPT Partition Type.

 

 

LastRegBack: 2014-07-12 14:30

 

==================== End Of Log ============================

 

 

So...
Link to post
Share on other sites

Save the attached file fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the log.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

See if the system will boot...

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-07-2014

Ran by SYSTEM at 2014-07-13 13:52:38 Run:2

Running from f:\

Boot Mode: Recovery

==============================================

 

Content of fixlist:

*****************

Start

LastRegBack: 2014-07-12 14:30

End

*****************

 

DEFAULT hive was successfully copied to System32\config\HiveBackup

DEFAULT hive was successfully restored from registry back up.

SAM hive was successfully copied to System32\config\HiveBackup

SAM hive was successfully restored from registry back up.

SECURITY hive was successfully copied to System32\config\HiveBackup

SECURITY hive was successfully restored from registry back up.

SOFTWARE hive was successfully copied to System32\config\HiveBackup

SOFTWARE hive was successfully restored from registry back up.

SYSTEM hive was successfully copied to System32\config\HiveBackup

SYSTEM hive was successfully restored from registry back up.

 

==== End of Fixlog ====

 

No luck. Still get a black screen in both normal and safe mode.
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.