Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

need help removing audio ads malware [Closed]

Started by gyberger , May 05 2014 09:59 PM

  • This topic is locked This topic is locked

#16
Essexboy
Posted 09 May 2014 - 08:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

OK the malware has probably mutated .  I will PM the download link for the RC .

 

Download the following three programmes to your desktop :

 
1.  Rufus 

For 64bit systems  
2.  Windows Vista  64bit RC
3.  Farbar Recovery Scan Tool x64 

Insert the USB stick Then run Rufus
rufus.JPG
Select the ISO file on the desktop via the ISO icon. 

Press Start Burn
RufusISO.JPG
Then copy FRST to the same USB  
 
frstwintoboot.JPG  
 


Insert the USB into the sick computer and start the computer.  First ensuring that the system is set to boot from USB 
Note: If you are not sure how to do that follow the instructions Here

 
When you reboot you will  see this.
Click repair my computer  
RepairVista_7275.jpg 
 
Select your operating system  
RepairVista_7277202.jpg 
 
Select Command prompt 
RepairVista_7277.jpg 
 
At the command prompt type the following  :

notepad and press Enter
The notepad opens. Under File menu select Open
Select "Computer" and find your flash drive letter and close the notepad. 
In the command window type e:\frst64.exe and press Enter 
Note: Replace letter e with the drive letter of your flash drive. 
The tool will start to run. 
When the tool opens click Yes to disclaimer. 
frst.JPG
Press Scan button. 
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


  • 0

Advertisements

#17
gyberger
Posted 14 May 2014 - 07:59 PM

gyberger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

got it to run from flash drive once....here are the results on the flash drive

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2014
Ran by SYSTEM on MINWINPC on 14-05-2014 19:40:26
Running from F:\
Platform: Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52560 2007-12-06] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1216808 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\RunOnce: [*FRST] - "C:\Users\Admin\Desktop\FRST64.exe" [2063872 2014-05-07] (Farbar)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [260608 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-04-24] (TOSHIBA)

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-03] (Advanced Micro Devices, Inc.)
S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
S2 slsvc; C:\Windows\SysWOW64\SLsvc.exe [0 2012-12-23] ()
S2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2012-12-23] ()
S2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
S2 TNaviSrv; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-04-10] (TOSHIBA Corporation)
S2 TODDSrv; C:\Windows\SysWOW64\TODDSrv.exe [0 2012-12-23] ()
S2 XAudioService; C:\Windows\SysWOW64\DRIVERS\xaudio64.exe [0 2012-12-23] ()

==================== Drivers (Whitelisted) ====================

S5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
S0 BootDefragDriver; C:\Windows\SysWOW64\drivers\BootDefragDriver.sys [16640 2013-04-23] (<Glarysoft Ltd>)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-11] (Brother Industries Ltd.)
S3 IpInIp; No ImagePath
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-24] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [62040 2008-04-15] (O2Micro )
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2007-10-12] (Printing Communications Assoc., Inc. (PCAUSA))
S3 ssrangdr; C:\Windows\System32\DRIVERS\ssrangdr.sys [4608 2009-01-19] (SupportSoft Inc.)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [28808 2008-03-05] ()
S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [195584 2008-03-05] (Sierra Wireless Inc.)
S3 Tosrfcom; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 MpKsl4856fa72; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{45AA6195-6478-485C-8D42-DD786CABF017}\MpKsl4856fa72.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-08 14:15 - 2014-05-07 09:08 - 00222283 _____ () C:\Users\Admin\Desktop\rpcss.ZIP
2014-05-08 10:33 - 2014-05-08 10:33 - 00000000 ____D () C:\Users\Admin\Desktop\live mail account info
2014-05-08 09:26 - 2014-05-08 09:43 - 00000000 ____D () C:\Users\Admin\Desktop\Live mail export
2014-05-08 04:45 - 2014-05-08 04:47 - 00618462 _____ () C:\Windows\dd_vcredistMSI082E.txt
2014-05-08 04:45 - 2014-05-08 04:47 - 00012420 _____ () C:\Windows\dd_vcredistUI082E.txt
2014-05-08 04:41 - 2014-05-08 04:42 - 00000000 ____D () C:\Users\Admin\AppData\Local\{0811B200-5869-44F8-A115-B0373A938C0E}
2014-05-07 14:23 - 2014-05-07 14:23 - 00545792 _____ (Microsoft Corporation) C:\rpcss.dll
2014-05-07 08:56 - 2014-05-07 08:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\{E8BADBF3-2C55-4294-81C9-EFA673617B20}
2014-05-07 07:46 - 2014-05-07 07:49 - 00616462 _____ () C:\Windows\dd_vcredistMSI4491.txt
2014-05-07 07:46 - 2014-05-07 07:49 - 00012328 _____ () C:\Windows\dd_vcredistUI4491.txt
2014-05-07 07:00 - 2014-05-07 07:00 - 00049101 _____ () C:\Users\Admin\Desktop\Shortcut.txt
2014-05-07 06:59 - 2014-05-07 07:00 - 00043031 _____ () C:\Users\Admin\Desktop\Addition.txt
2014-05-07 06:57 - 2014-05-07 07:00 - 00047939 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-05-07 06:56 - 2014-05-08 14:25 - 00000000 ____D () C:\FRST
2014-05-07 06:55 - 2014-05-07 06:55 - 00017216 _____ () C:\ComboFix.txt
2014-05-07 06:43 - 2014-05-07 06:43 - 00000534 _____ () C:\Windows\PFRO.log
2014-05-07 06:24 - 2014-05-07 06:50 - 00000000 ____D () C:\Windows\erdnt
2014-05-07 06:21 - 2014-05-07 06:21 - 02063872 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-05-07 06:18 - 2014-05-07 06:19 - 05200039 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2014-05-07 05:59 - 2014-05-07 06:00 - 00616110 _____ () C:\Windows\dd_vcredistMSI72D3.txt
2014-05-07 05:59 - 2014-05-07 06:00 - 00012324 _____ () C:\Windows\dd_vcredistUI72D3.txt
2014-05-07 05:56 - 2014-05-08 14:15 - 00003975 _____ () C:\Windows\setupact.log
2014-05-07 05:56 - 2014-05-07 05:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-06 20:54 - 2014-05-06 20:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\{8E84BAEF-CC35-4C1F-868F-E2A62CF5FC52}
2014-05-06 07:48 - 2014-05-06 07:49 - 00000000 ____D () C:\Users\Admin\AppData\Local\{283E8E63-7F27-4DF5-B0D5-FE934A10A6AF}
2014-05-06 07:29 - 2014-05-06 07:30 - 00618014 _____ () C:\Windows\dd_vcredistMSI69BA.txt
2014-05-06 07:29 - 2014-05-06 07:30 - 00012392 _____ () C:\Windows\dd_vcredistUI69BA.txt
2014-05-05 17:12 - 2014-05-05 18:09 - 00060022 _____ () C:\Users\Admin\Desktop\Extras.Txt
2014-05-05 17:12 - 2014-05-05 17:12 - 00094936 _____ () C:\Users\Admin\Desktop\OTL.Txt
2014-05-05 16:52 - 2014-05-05 16:55 - 00618424 _____ () C:\Windows\dd_vcredistMSI4A79.txt
2014-05-05 16:52 - 2014-05-05 16:55 - 00012408 _____ () C:\Windows\dd_vcredistUI4A79.txt
2014-05-05 16:50 - 2014-05-05 16:50 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2014-05-05 16:18 - 2014-05-05 16:18 - 00116160 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-05 16:18 - 2014-05-05 16:18 - 00000000 ____D () C:\Program Files\Microsoft ATS
2014-05-05 16:06 - 2014-05-05 16:06 - 00408608 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-05-05 15:56 - 2014-05-08 14:26 - 00428297 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 08:44 - 2014-05-05 08:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\{33D267A4-C44D-48DB-895D-62B457C96273}
2014-05-05 05:58 - 2014-05-05 05:59 - 00011642 _____ () C:\Windows\dd_vcredistUI55F2.txt
2014-05-05 05:58 - 2014-05-05 05:59 - 00006360 _____ () C:\Windows\dd_vcredistMSI55F2.txt
2014-05-04 20:42 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\{FA441080-7521-49F9-9049-195CE559DF52}
2014-05-02 21:08 - 2014-05-02 21:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\{C66CC789-D624-47DA-A7BF-A958B5834A3B}
2014-05-02 20:12 - 2014-05-02 20:12 - 00000000 ____D () C:\Users\Admin\AppData\Local\{0D392007-C0C0-4FAC-9596-5CE194BE0231}
2014-05-02 08:11 - 2014-05-02 08:11 - 00000000 ____D () C:\Users\Admin\AppData\Local\{01A509CF-47B9-4306-A212-9AA8159A86BF}
2014-05-02 07:42 - 2014-05-02 07:44 - 00617624 _____ () C:\Windows\dd_vcredistMSI3AE4.txt
2014-05-02 07:42 - 2014-05-02 07:44 - 00012376 _____ () C:\Windows\dd_vcredistUI3AE4.txt
2014-05-02 06:49 - 2014-05-02 06:50 - 00617566 _____ () C:\Windows\dd_vcredistMSI11FB.txt
2014-05-02 06:49 - 2014-05-02 06:50 - 00012388 _____ () C:\Windows\dd_vcredistUI11FB.txt
2014-05-02 06:41 - 2014-05-02 06:46 - 00616784 _____ () C:\Windows\dd_vcredistMSI0C1D.txt
2014-05-02 06:41 - 2014-05-02 06:46 - 00012356 _____ () C:\Windows\dd_vcredistUI0C1D.txt
2014-05-02 06:33 - 2014-05-02 06:34 - 00616126 _____ () C:\Windows\dd_vcredistMSI05C3.txt
2014-05-02 06:33 - 2014-05-02 06:34 - 00012324 _____ () C:\Windows\dd_vcredistUI05C3.txt
2014-05-02 06:29 - 2014-05-02 06:31 - 00618478 _____ () C:\Windows\dd_vcredistMSI02FB.txt
2014-05-02 06:29 - 2014-05-02 06:31 - 00012420 _____ () C:\Windows\dd_vcredistUI02FB.txt
2014-05-02 04:37 - 2014-05-08 04:39 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-05-02 04:37 - 2014-05-07 05:59 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-05-02 04:37 - 2014-05-02 04:37 - 00002972 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-05-02 04:37 - 2014-05-02 04:37 - 00002628 _____ () C:\Windows\System32\Tasks\GlaryInitialize 4
2014-05-02 04:37 - 2014-05-02 04:37 - 00000930 _____ () C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-05-01 19:46 - 2014-05-01 19:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\{AB52C7BB-9A02-41D8-8F09-88C70726F842}
2014-05-01 09:43 - 2014-05-05 16:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2014-05-01 07:44 - 2014-05-01 07:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\{4EF0DC02-6131-4074-9501-4D8E7FB08DB2}
2014-04-30 18:54 - 2014-04-30 18:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\{A53D3469-123A-4B77-9AF4-96A5D2B34092}
2014-04-30 06:53 - 2014-04-30 06:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\{6F467159-964D-4523-B8CB-DE8CE2AF33D6}
2014-04-29 16:39 - 2014-05-05 16:11 - 00000000 ____D () C:\Users\Admin\Documents\RK_Quarantine
2014-04-29 15:54 - 2014-04-29 15:54 - 00001743 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-04-29 15:54 - 2014-04-29 15:54 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-29 10:33 - 2014-04-29 10:33 - 00000000 ____D () C:\Users\Admin\AppData\Local\{AB7C8C88-0B90-4DE8-B659-0636C53242E3}
2014-04-29 06:32 - 2014-04-29 15:48 - 00000000 ____D () C:\Users\Admin\Downloads\mbar
2014-04-29 05:01 - 2014-04-29 05:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2014-04-29 05:00 - 2014-04-29 05:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-28 22:31 - 2014-04-28 22:32 - 00000000 ____D () C:\Users\Admin\AppData\Local\{E4631447-CB9D-4C74-B841-7643278AC083}
2014-04-28 19:33 - 2014-04-29 05:16 - 00017475 _____ () C:\Users\Admin\Documents\SLC Sandestin condo rooming list.eml
2014-04-28 17:33 - 2014-04-28 17:33 - 00001933 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-04-28 17:04 - 2014-04-28 17:04 - 00000000 ____D () C:\ProgramData\Licenses
2014-04-28 14:11 - 2014-04-28 14:11 - 00000000 ___DC () C:\ProgramData\{52AC600B-5800-407E-99FF-83CD0669760B}
2014-04-27 09:35 - 2014-04-27 09:35 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Admin\Downloads\iExplore64.exe
2014-04-26 08:04 - 2014-04-26 08:05 - 00000000 ____D () C:\Users\Admin\Desktop\Test
2014-04-25 09:23 - 2014-04-25 09:23 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-25 09:23 - 2014-04-25 09:23 - 00000781 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-25 09:23 - 2014-04-25 09:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-25 08:37 - 2014-04-25 08:38 - 10971424 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\HitmanPro_x64.exe
2014-04-25 08:13 - 2014-04-25 08:13 - 00000644 _____ () C:\Windows\System32\.crusader
2014-04-25 08:04 - 2014-04-25 08:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-25 07:54 - 2014-04-25 07:55 - 04527616 _____ () C:\Users\Admin\Downloads\RogueKillerX64.exe
2014-04-25 05:49 - 2014-04-25 05:50 - 00223392 _____ () C:\Windows\dd_ATL90SP1_KB973924MSI41B4.txt
2014-04-25 05:49 - 2014-04-25 05:50 - 00013656 _____ () C:\Windows\dd_ATL90SP1_KB973924UI41B4.txt
2014-04-25 04:38 - 2014-04-29 15:48 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-25 04:35 - 2014-04-25 04:37 - 00618080 _____ () C:\Windows\dd_vcredistMSI08D6.txt
2014-04-25 04:35 - 2014-04-25 04:37 - 00012404 _____ () C:\Windows\dd_vcredistUI08D6.txt
2014-04-25 03:50 - 2014-04-25 03:50 - 00000010 _____ () C:\Users\Admin\AppData\Local\sponge.last.runtime.cache
2014-04-25 03:39 - 2014-04-25 03:41 - 00618472 _____ () C:\Windows\dd_vcredistMSI5E21.txt
2014-04-25 03:39 - 2014-04-25 03:41 - 00012420 _____ () C:\Windows\dd_vcredistUI5E21.txt
2014-04-25 02:13 - 2014-04-25 02:17 - 00618786 _____ () C:\Windows\dd_vcredistMSI1C6F.txt
2014-04-25 02:13 - 2014-04-25 02:17 - 00013888 _____ () C:\Windows\dd_vcredistUI1C6F.txt
2014-04-25 01:55 - 2014-04-25 01:57 - 00616434 _____ () C:\Windows\dd_vcredistMSI0E5A.txt
2014-04-25 01:55 - 2014-04-25 01:57 - 00013792 _____ () C:\Windows\dd_vcredistUI0E5A.txt
2014-04-25 00:30 - 2014-04-25 00:30 - 00000000 ____D () C:\Users\Admin\Documents\ProcAlyzer Dumps
2014-04-25 00:21 - 2014-04-25 04:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-25 00:21 - 2014-04-25 04:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-25 00:16 - 2014-04-25 00:18 - 00616042 _____ () C:\Windows\dd_vcredistMSI42BF.txt
2014-04-25 00:16 - 2014-04-25 00:18 - 00013776 _____ () C:\Windows\dd_vcredistUI42BF.txt
2014-04-24 23:55 - 2014-04-24 23:57 - 00618378 _____ () C:\Windows\dd_vcredistMSI3229.txt
2014-04-24 23:55 - 2014-04-24 23:57 - 00013872 _____ () C:\Windows\dd_vcredistUI3229.txt
2014-04-24 22:56 - 2014-04-24 22:58 - 00616042 _____ () C:\Windows\dd_vcredistMSI0528.txt
2014-04-24 22:56 - 2014-04-24 22:58 - 00013776 _____ () C:\Windows\dd_vcredistUI0528.txt
2014-04-24 22:44 - 2014-04-24 22:46 - 00617610 _____ () C:\Windows\dd_vcredistMSI7BC2.txt
2014-04-24 22:43 - 2014-04-24 22:46 - 00013840 _____ () C:\Windows\dd_vcredistUI7BC2.txt
2014-04-24 21:47 - 2014-04-24 21:49 - 00615538 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI50CB.txt
2014-04-24 21:47 - 2014-04-24 21:49 - 00012384 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI50CB.txt
2014-04-24 21:42 - 2014-04-24 21:44 - 00616714 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI4C8F.txt
2014-04-24 21:42 - 2014-04-24 21:44 - 00012432 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI4C8F.txt
2014-04-24 21:37 - 2014-04-24 21:39 - 00616322 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI4900.txt
2014-04-24 21:37 - 2014-04-24 21:39 - 00012416 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI4900.txt
2014-04-24 21:30 - 2014-04-24 21:33 - 00618282 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI4384.txt
2014-04-24 21:30 - 2014-04-24 21:33 - 00012496 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI4384.txt
2014-04-24 21:10 - 2014-04-29 15:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-24 19:22 - 2014-04-24 19:23 - 00615838 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI613E.txt
2014-04-24 19:22 - 2014-04-24 19:23 - 00014036 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI613E.txt
2014-04-24 18:11 - 2014-04-24 18:13 - 00615832 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI2B3E.txt
2014-04-24 18:11 - 2014-04-24 18:13 - 00015392 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI2B3E.txt
2014-04-24 17:44 - 2014-04-24 17:46 - 00617390 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI1694.txt
2014-04-24 17:44 - 2014-04-24 17:46 - 00013408 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI1694.txt
2014-04-24 17:13 - 2014-04-24 17:19 - 00615838 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI7E8C.txt
2014-04-24 17:13 - 2014-04-24 17:19 - 00016672 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI7E8C.txt
2014-04-24 13:35 - 2014-04-24 13:35 - 00200660 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-04-23 21:41 - 2014-04-23 21:43 - 00435404 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI7E18.txt
2014-04-23 21:41 - 2014-04-23 21:43 - 00013304 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI7E18.txt

==================== One Month Modified Files and Folders =======

2014-05-14 06:33 - 2013-07-09 06:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DiskDefrag
2014-05-08 14:26 - 2014-05-05 15:56 - 00428297 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 14:26 - 2006-11-02 07:42 - 00032656 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-08 14:26 - 2006-11-02 07:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-08 14:26 - 2006-11-02 07:22 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-08 14:26 - 2006-11-02 07:22 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-08 14:25 - 2014-05-07 06:56 - 00000000 ____D () C:\FRST
2014-05-08 14:25 - 2009-03-09 12:33 - 00000000 ____D () C:\users\Admin
2014-05-08 14:24 - 2013-01-16 21:25 - 00000000 ____D () C:\AMD
2014-05-08 14:17 - 2006-11-02 04:46 - 00795200 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-05-08 14:15 - 2014-05-07 05:56 - 00003975 _____ () C:\Windows\setupact.log
2014-05-08 10:33 - 2014-05-08 10:33 - 00000000 ____D () C:\Users\Admin\Desktop\live mail account info
2014-05-08 09:43 - 2014-05-08 09:26 - 00000000 ____D () C:\Users\Admin\Desktop\Live mail export
2014-05-08 04:50 - 2013-12-10 19:48 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 04:50 - 2013-12-10 19:48 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 04:50 - 2013-12-10 19:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-08 04:50 - 2013-12-04 21:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-08 04:47 - 2014-05-08 04:45 - 00618462 _____ () C:\Windows\dd_vcredistMSI082E.txt
2014-05-08 04:47 - 2014-05-08 04:45 - 00012420 _____ () C:\Windows\dd_vcredistUI082E.txt
2014-05-08 04:42 - 2014-05-08 04:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\{0811B200-5869-44F8-A115-B0373A938C0E}
2014-05-08 04:39 - 2014-05-02 04:37 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-05-07 14:23 - 2014-05-07 14:23 - 00545792 _____ (Microsoft Corporation) C:\rpcss.dll
2014-05-07 14:23 - 2009-05-30 03:43 - 00545792 _____ (Microsoft Corporation) C:\Windows\System32\rpcss.dll
2014-05-07 09:08 - 2014-05-08 14:15 - 00222283 _____ () C:\Users\Admin\Desktop\rpcss.ZIP
2014-05-07 08:56 - 2014-05-07 08:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\{E8BADBF3-2C55-4294-81C9-EFA673617B20}
2014-05-07 07:49 - 2014-05-07 07:46 - 00616462 _____ () C:\Windows\dd_vcredistMSI4491.txt
2014-05-07 07:49 - 2014-05-07 07:46 - 00012328 _____ () C:\Windows\dd_vcredistUI4491.txt
2014-05-07 07:00 - 2014-05-07 07:00 - 00049101 _____ () C:\Users\Admin\Desktop\Shortcut.txt
2014-05-07 07:00 - 2014-05-07 06:59 - 00043031 _____ () C:\Users\Admin\Desktop\Addition.txt
2014-05-07 07:00 - 2014-05-07 06:57 - 00047939 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-05-07 06:55 - 2014-05-07 06:55 - 00017216 _____ () C:\ComboFix.txt
2014-05-07 06:55 - 2011-10-01 18:10 - 00000000 ____D () C:\Qoobox
2014-05-07 06:50 - 2014-05-07 06:24 - 00000000 ____D () C:\Windows\erdnt
2014-05-07 06:43 - 2014-05-07 06:43 - 00000534 _____ () C:\Windows\PFRO.log
2014-05-07 06:43 - 2006-11-02 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-07 06:21 - 2014-05-07 06:21 - 02063872 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-05-07 06:19 - 2014-05-07 06:18 - 05200039 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2014-05-07 06:00 - 2014-05-07 05:59 - 00616110 _____ () C:\Windows\dd_vcredistMSI72D3.txt
2014-05-07 06:00 - 2014-05-07 05:59 - 00012324 _____ () C:\Windows\dd_vcredistUI72D3.txt
2014-05-07 05:59 - 2014-05-02 04:37 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-05-07 05:56 - 2014-05-07 05:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-06 20:54 - 2014-05-06 20:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\{8E84BAEF-CC35-4C1F-868F-E2A62CF5FC52}
2014-05-06 07:49 - 2014-05-06 07:48 - 00000000 ____D () C:\Users\Admin\AppData\Local\{283E8E63-7F27-4DF5-B0D5-FE934A10A6AF}
2014-05-06 07:30 - 2014-05-06 07:29 - 00618014 _____ () C:\Windows\dd_vcredistMSI69BA.txt
2014-05-06 07:30 - 2014-05-06 07:29 - 00012392 _____ () C:\Windows\dd_vcredistUI69BA.txt
2014-05-05 18:09 - 2014-05-05 17:12 - 00060022 _____ () C:\Users\Admin\Desktop\Extras.Txt
2014-05-05 17:12 - 2014-05-05 17:12 - 00094936 _____ () C:\Users\Admin\Desktop\OTL.Txt
2014-05-05 16:55 - 2014-05-05 16:52 - 00618424 _____ () C:\Windows\dd_vcredistMSI4A79.txt
2014-05-05 16:55 - 2014-05-05 16:52 - 00012408 _____ () C:\Windows\dd_vcredistUI4A79.txt
2014-05-05 16:50 - 2014-05-05 16:50 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2014-05-05 16:18 - 2014-05-05 16:18 - 00116160 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-05 16:18 - 2014-05-05 16:18 - 00000000 ____D () C:\Program Files\Microsoft ATS
2014-05-05 16:11 - 2014-04-29 16:39 - 00000000 ____D () C:\Users\Admin\Documents\RK_Quarantine
2014-05-05 16:06 - 2014-05-05 16:06 - 00408608 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-05-05 16:03 - 2014-05-01 09:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2014-05-05 15:51 - 2010-10-16 13:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Disk Cleaner
2014-05-05 08:44 - 2014-05-05 08:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\{33D267A4-C44D-48DB-895D-62B457C96273}
2014-05-05 05:59 - 2014-05-05 05:58 - 00011642 _____ () C:\Windows\dd_vcredistUI55F2.txt
2014-05-05 05:59 - 2014-05-05 05:58 - 00006360 _____ () C:\Windows\dd_vcredistMSI55F2.txt
2014-05-04 20:43 - 2014-05-04 20:42 - 00000000 ____D () C:\Users\Admin\AppData\Local\{FA441080-7521-49F9-9049-195CE559DF52}
2014-05-02 21:09 - 2014-05-02 21:08 - 00000000 ____D () C:\Users\Admin\AppData\Local\{C66CC789-D624-47DA-A7BF-A958B5834A3B}
2014-05-02 20:12 - 2014-05-02 20:12 - 00000000 ____D () C:\Users\Admin\AppData\Local\{0D392007-C0C0-4FAC-9596-5CE194BE0231}
2014-05-02 10:25 - 2009-03-10 08:35 - 00000000 ____D () C:\Users\Admin\Documents\SCA
2014-05-02 08:11 - 2014-05-02 08:11 - 00000000 ____D () C:\Users\Admin\AppData\Local\{01A509CF-47B9-4306-A212-9AA8159A86BF}
2014-05-02 07:44 - 2014-05-02 07:42 - 00617624 _____ () C:\Windows\dd_vcredistMSI3AE4.txt
2014-05-02 07:44 - 2014-05-02 07:42 - 00012376 _____ () C:\Windows\dd_vcredistUI3AE4.txt
2014-05-02 06:50 - 2014-05-02 06:49 - 00617566 _____ () C:\Windows\dd_vcredistMSI11FB.txt
2014-05-02 06:50 - 2014-05-02 06:49 - 00012388 _____ () C:\Windows\dd_vcredistUI11FB.txt
2014-05-02 06:46 - 2014-05-02 06:41 - 00616784 _____ () C:\Windows\dd_vcredistMSI0C1D.txt
2014-05-02 06:46 - 2014-05-02 06:41 - 00012356 _____ () C:\Windows\dd_vcredistUI0C1D.txt
2014-05-02 06:34 - 2014-05-02 06:33 - 00616126 _____ () C:\Windows\dd_vcredistMSI05C3.txt
2014-05-02 06:34 - 2014-05-02 06:33 - 00012324 _____ () C:\Windows\dd_vcredistUI05C3.txt
2014-05-02 06:31 - 2014-05-02 06:29 - 00618478 _____ () C:\Windows\dd_vcredistMSI02FB.txt
2014-05-02 06:31 - 2014-05-02 06:29 - 00012420 _____ () C:\Windows\dd_vcredistUI02FB.txt
2014-05-02 04:37 - 2014-05-02 04:37 - 00002972 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-05-02 04:37 - 2014-05-02 04:37 - 00002628 _____ () C:\Windows\System32\Tasks\GlaryInitialize 4
2014-05-02 04:37 - 2014-05-02 04:37 - 00000930 _____ () C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-05-02 04:37 - 2010-07-22 17:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\GlarySoft
2014-05-01 19:47 - 2014-05-01 19:46 - 00000000 ____D () C:\Users\Admin\AppData\Local\{AB52C7BB-9A02-41D8-8F09-88C70726F842}
2014-05-01 07:45 - 2014-05-01 07:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\{4EF0DC02-6131-4074-9501-4D8E7FB08DB2}
2014-04-30 18:54 - 2014-04-30 18:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\{A53D3469-123A-4B77-9AF4-96A5D2B34092}
2014-04-30 06:54 - 2014-04-30 06:53 - 00000000 ____D () C:\Users\Admin\AppData\Local\{6F467159-964D-4523-B8CB-DE8CE2AF33D6}
2014-04-29 19:52 - 2009-03-09 12:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2014-04-29 15:54 - 2014-04-29 15:54 - 00001743 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-04-29 15:54 - 2014-04-29 15:54 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-29 15:48 - 2014-04-29 06:32 - 00000000 ____D () C:\Users\Admin\Downloads\mbar
2014-04-29 15:48 - 2014-04-25 04:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-29 15:04 - 2014-04-24 21:10 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-29 10:33 - 2014-04-29 10:33 - 00000000 ____D () C:\Users\Admin\AppData\Local\{AB7C8C88-0B90-4DE8-B659-0636C53242E3}
2014-04-29 05:16 - 2014-04-28 19:33 - 00017475 _____ () C:\Users\Admin\Documents\SLC Sandestin condo rooming list.eml
2014-04-29 05:01 - 2014-04-29 05:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2014-04-29 05:00 - 2014-04-29 05:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-29 04:53 - 2008-05-13 18:26 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-28 22:32 - 2014-04-28 22:31 - 00000000 ____D () C:\Users\Admin\AppData\Local\{E4631447-CB9D-4C74-B841-7643278AC083}
2014-04-28 17:34 - 2012-09-05 19:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-04-28 17:34 - 2009-03-09 12:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2014-04-28 17:33 - 2014-04-28 17:33 - 00001933 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-04-28 17:32 - 2008-05-13 18:26 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-28 17:04 - 2014-04-28 17:04 - 00000000 ____D () C:\ProgramData\Licenses
2014-04-28 14:11 - 2014-04-28 14:11 - 00000000 ___DC () C:\ProgramData\{52AC600B-5800-407E-99FF-83CD0669760B}
2014-04-27 09:35 - 2014-04-27 09:35 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Admin\Downloads\iExplore64.exe
2014-04-26 08:59 - 2013-11-05 15:15 - 00000000 ____D () C:\Users\Admin\Documents\Outlook Files
2014-04-26 08:05 - 2014-04-26 08:04 - 00000000 ____D () C:\Users\Admin\Desktop\Test
2014-04-25 09:23 - 2014-04-25 09:23 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-25 09:23 - 2014-04-25 09:23 - 00000781 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-25 09:23 - 2014-04-25 09:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-25 08:38 - 2014-04-25 08:37 - 10971424 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\HitmanPro_x64.exe
2014-04-25 08:13 - 2014-04-25 08:13 - 00000644 _____ () C:\Windows\System32\.crusader
2014-04-25 08:13 - 2014-04-25 08:04 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-25 07:55 - 2014-04-25 07:54 - 04527616 _____ () C:\Users\Admin\Downloads\RogueKillerX64.exe
2014-04-25 06:36 - 2009-03-13 06:30 - 00000000 ____D () C:\Users\Admin\Documents\Ccleaner Backups
2014-04-25 05:50 - 2014-04-25 05:49 - 00223392 _____ () C:\Windows\dd_ATL90SP1_KB973924MSI41B4.txt
2014-04-25 05:50 - 2014-04-25 05:49 - 00013656 _____ () C:\Windows\dd_ATL90SP1_KB973924UI41B4.txt
2014-04-25 04:37 - 2014-04-25 04:35 - 00618080 _____ () C:\Windows\dd_vcredistMSI08D6.txt
2014-04-25 04:37 - 2014-04-25 04:35 - 00012404 _____ () C:\Windows\dd_vcredistUI08D6.txt
2014-04-25 04:27 - 2014-04-25 00:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-25 04:26 - 2014-04-25 00:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-25 03:50 - 2014-04-25 03:50 - 00000010 _____ () C:\Users\Admin\AppData\Local\sponge.last.runtime.cache
2014-04-25 03:41 - 2014-04-25 03:39 - 00618472 _____ () C:\Windows\dd_vcredistMSI5E21.txt
2014-04-25 03:41 - 2014-04-25 03:39 - 00012420 _____ () C:\Windows\dd_vcredistUI5E21.txt
2014-04-25 02:17 - 2014-04-25 02:13 - 00618786 _____ () C:\Windows\dd_vcredistMSI1C6F.txt
2014-04-25 02:17 - 2014-04-25 02:13 - 00013888 _____ () C:\Windows\dd_vcredistUI1C6F.txt
2014-04-25 01:57 - 2014-04-25 01:55 - 00616434 _____ () C:\Windows\dd_vcredistMSI0E5A.txt
2014-04-25 01:57 - 2014-04-25 01:55 - 00013792 _____ () C:\Windows\dd_vcredistUI0E5A.txt
2014-04-25 00:30 - 2014-04-25 00:30 - 00000000 ____D () C:\Users\Admin\Documents\ProcAlyzer Dumps
2014-04-25 00:18 - 2014-04-25 00:16 - 00616042 _____ () C:\Windows\dd_vcredistMSI42BF.txt
2014-04-25 00:18 - 2014-04-25 00:16 - 00013776 _____ () C:\Windows\dd_vcredistUI42BF.txt
2014-04-24 23:57 - 2014-04-24 23:55 - 00618378 _____ () C:\Windows\dd_vcredistMSI3229.txt
2014-04-24 23:57 - 2014-04-24 23:55 - 00013872 _____ () C:\Windows\dd_vcredistUI3229.txt
2014-04-24 23:48 - 2013-10-18 00:00 - 00000000 ____D () C:\Windows\Temp4E9E6806-5F76-705D-AC0F-85C045A95512-Signatures
2014-04-24 23:07 - 2013-10-03 22:15 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-24 23:07 - 2013-06-15 15:02 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-24 22:58 - 2014-04-24 22:56 - 00616042 _____ () C:\Windows\dd_vcredistMSI0528.txt
2014-04-24 22:58 - 2014-04-24 22:56 - 00013776 _____ () C:\Windows\dd_vcredistUI0528.txt
2014-04-24 22:46 - 2014-04-24 22:44 - 00617610 _____ () C:\Windows\dd_vcredistMSI7BC2.txt
2014-04-24 22:46 - 2014-04-24 22:43 - 00013840 _____ () C:\Windows\dd_vcredistUI7BC2.txt
2014-04-24 21:49 - 2014-04-24 21:47 - 00615538 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI50CB.txt
2014-04-24 21:49 - 2014-04-24 21:47 - 00012384 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI50CB.txt
2014-04-24 21:44 - 2014-04-24 21:42 - 00616714 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI4C8F.txt
2014-04-24 21:44 - 2014-04-24 21:42 - 00012432 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI4C8F.txt
2014-04-24 21:39 - 2014-04-24 21:37 - 00616322 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI4900.txt
2014-04-24 21:39 - 2014-04-24 21:37 - 00012416 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI4900.txt
2014-04-24 21:33 - 2014-04-24 21:30 - 00618282 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI4384.txt
2014-04-24 21:33 - 2014-04-24 21:30 - 00012496 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI4384.txt
2014-04-24 20:21 - 2006-11-02 05:34 - 00000000 ____D () C:\Windows\System32\Msdtc
2014-04-24 20:15 - 2006-11-02 04:33 - 92012544 _____ () C:\Windows\System32\config\software_previous
2014-04-24 20:15 - 2006-11-02 04:33 - 53477376 _____ () C:\Windows\System32\config\components_previous
2014-04-24 20:15 - 2006-11-02 04:33 - 22282240 _____ () C:\Windows\System32\config\system_previous
2014-04-24 20:15 - 2006-11-02 04:33 - 00524288 _____ () C:\Windows\System32\config\default_previous
2014-04-24 20:15 - 2006-11-02 04:33 - 00053248 _____ () C:\Windows\System32\config\sam_previous
2014-04-24 20:15 - 2006-11-02 04:33 - 00024576 _____ () C:\Windows\System32\config\security_previous
2014-04-24 20:14 - 2006-11-02 05:34 - 00000000 ____D () C:\Windows\System32\spool
2014-04-24 20:14 - 2006-11-02 05:33 - 00000000 ____D () C:\Windows\registration
2014-04-24 19:23 - 2014-04-24 19:22 - 00615838 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI613E.txt
2014-04-24 19:23 - 2014-04-24 19:22 - 00014036 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI613E.txt
2014-04-24 18:28 - 2009-03-10 05:43 - 00001460 _____ () C:\Users\Admin\AppData\Local\d3d9caps64.dat
2014-04-24 18:26 - 2009-03-12 08:41 - 00001356 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2014-04-24 18:13 - 2014-04-24 18:11 - 00615832 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI2B3E.txt
2014-04-24 18:13 - 2014-04-24 18:11 - 00015392 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI2B3E.txt
2014-04-24 17:46 - 2014-04-24 17:44 - 00617390 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI1694.txt
2014-04-24 17:46 - 2014-04-24 17:44 - 00013408 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI1694.txt
2014-04-24 17:19 - 2014-04-24 17:13 - 00615838 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI7E8C.txt
2014-04-24 17:19 - 2014-04-24 17:13 - 00016672 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI7E8C.txt
2014-04-24 13:35 - 2014-04-24 13:35 - 00200660 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-04-23 21:45 - 2013-06-15 15:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer
2014-04-23 21:45 - 2013-06-15 15:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apple Computer
2014-04-23 21:43 - 2014-04-23 21:41 - 00435404 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI7E18.txt
2014-04-23 21:43 - 2014-04-23 21:41 - 00013304 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI7E18.txt
2014-04-22 20:45 - 2010-02-26 09:13 - 00043008 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\agremove.exe
2014-04-22 14:37 - 2014-04-08 19:45 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2014-04-22 14:37 - 2014-04-08 19:44 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.exe
2014-04-22 14:37 - 2010-02-25 08:28 - 00017408 _____ () C:\Windows\System32\rpcnetp.exe
2014-04-17 11:38 - 2011-05-24 12:33 - 00000000 ____D () C:\ProgramData\Skype
2014-04-17 11:36 - 2011-09-23 10:10 - 00000000 ____D () C:\Program Files (x86)\PlayItAll
2014-04-17 11:26 - 2009-03-10 06:30 - 00000000 ____D () C:\Program Files (x86)\Defraggler
2014-04-17 11:25 - 2010-11-19 10:22 - 00001785 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-04-17 11:20 - 2009-04-17 15:59 - 00000000 ____D () C:\Windows\Minidump

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-05-30 03:43] - [2014-05-07 14:23] - 0545792 ____A (Microsoft Corporation) B46D8EA6DD30BAA49F674DACDC4C491F

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-05-05 16:51:49
Restore point made on: 2014-05-06 07:29:25
Restore point made on: 2014-05-07 05:59:11
Restore point made on: 2014-05-07 07:31:14
Restore point made on: 2014-05-07 07:46:11
Restore point made on: 2014-05-08 04:44:18

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3837.41 MB
Available physical RAM: 3236.54 MB
Total Pagefile: 3576.59 MB
Available Pagefile: 3215.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Drives ================================

Drive c: (SQ004732V03) (Fixed) (Total:288.67 GB) (Free:203.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS
Drive f: (2008.03.29_2201) (Removable) (Total:7.6 GB) (Free:7.38 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 445C445B)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=17)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 0454EC10)
Partition 1: (Active) - (Size=8 GB) - (Type=07 NTFS)

LastRegBack: 2014-05-14 07:08

 

AND

 

Farbar Recovery Scan Tool (x64) Version: 14-05-2014
Ran by SYSTEM at 2014-05-14 20:44:59
Running from F:\
Boot Mode: Recovery

================== Search Files: "rcpss.dll" =============

====== End Of Search ======

 

 

 

 

 

==================== End Of Log ============================


  • 0

#18
Essexboy
Posted 15 May 2014 - 06:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK we have the spare file so we will now replace it outside of windows

Download the attached Fixlist.txt to the same location as FRST (on the USB)
[attachment=70580:fixlist.txt]
Run FRST and press Fix
On completion a log will be generated please post that

Then try a normal boot, you may need to use the repair startup function
  • 0

#19
gyberger
Posted 15 May 2014 - 09:08 AM

gyberger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Ok.. ran fix it ...did I do it right? Ran normal startup...still black screen. Here is log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2014
Ran by SYSTEM on MINWINPC on 14-05-2014 19:40:26
Running from F:\
Platform: Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52560 2007-12-06] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1216808 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\RunOnce: [*FRST] - "C:\Users\Admin\Desktop\FRST64.exe" [2063872 2014-05-07] (Farbar)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [260608 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-04-24] (TOSHIBA)

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-03] (Advanced Micro Devices, Inc.)
S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
S2 slsvc; C:\Windows\SysWOW64\SLsvc.exe [0 2012-12-23] ()
S2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2012-12-23] ()
S2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
S2 TNaviSrv; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-04-10] (TOSHIBA Corporation)
S2 TODDSrv; C:\Windows\SysWOW64\TODDSrv.exe [0 2012-12-23] ()
S2 XAudioService; C:\Windows\SysWOW64\DRIVERS\xaudio64.exe [0 2012-12-23] ()

==================== Drivers (Whitelisted) ====================

S5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
S0 BootDefragDriver; C:\Windows\SysWOW64\drivers\BootDefragDriver.sys [16640 2013-04-23] (<Glarysoft Ltd>)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-11] (Brother Industries Ltd.)
S3 IpInIp; No ImagePath
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-24] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [62040 2008-04-15] (O2Micro )
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2007-10-12] (Printing Communications Assoc., Inc. (PCAUSA))
S3 ssrangdr; C:\Windows\System32\DRIVERS\ssrangdr.sys [4608 2009-01-19] (SupportSoft Inc.)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [28808 2008-03-05] ()
S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [195584 2008-03-05] (Sierra Wireless Inc.)
S3 Tosrfcom; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 MpKsl4856fa72; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{45AA6195-6478-485C-8D42-DD786CABF017}\MpKsl4856fa72.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-08 14:15 - 2014-05-07 09:08 - 00222283 _____ () C:\Users\Admin\Desktop\rpcss.ZIP
2014-05-08 10:33 - 2014-05-08 10:33 - 00000000 ____D () C:\Users\Admin\Desktop\live mail account info
2014-05-08 09:26 - 2014-05-08 09:43 - 00000000 ____D () C:\Users\Admin\Desktop\Live mail export
2014-05-08 04:45 - 2014-05-08 04:47 - 00618462 _____ () C:\Windows\dd_vcredistMSI082E.txt
2014-05-08 04:45 - 2014-05-08 04:47 - 00012420 _____ () C:\Windows\dd_vcredistUI082E.txt
2014-05-08 04:41 - 2014-05-08 04:42 - 00000000 ____D () C:\Users\Admin\AppData\Local\{0811B200-5869-44F8-A115-B0373A938C0E}
2014-05-07 14:23 - 2014-05-07 14:23 - 00545792 _____ (Microsoft Corporation) C:\rpcss.dll
2014-05-07 08:56 - 2014-05-07 08:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\{E8BADBF3-2C55-4294-81C9-EFA673617B20}
2014-05-07 07:46 - 2014-05-07 07:49 - 00616462 _____ () C:\Windows\dd_vcredistMSI4491.txt
2014-05-07 07:46 - 2014-05-07 07:49 - 00012328 _____ () C:\Windows\dd_vcredistUI4491.txt
2014-05-07 07:00 - 2014-05-07 07:00 - 00049101 _____ () C:\Users\Admin\Desktop\Shortcut.txt
2014-05-07 06:59 - 2014-05-07 07:00 - 00043031 _____ () C:\Users\Admin\Desktop\Addition.txt
2014-05-07 06:57 - 2014-05-07 07:00 - 00047939 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-05-07 06:56 - 2014-05-08 14:25 - 00000000 ____D () C:\FRST
2014-05-07 06:55 - 2014-05-07 06:55 - 00017216 _____ () C:\ComboFix.txt
2014-05-07 06:43 - 2014-05-07 06:43 - 00000534 _____ () C:\Windows\PFRO.log
2014-05-07 06:24 - 2014-05-07 06:50 - 00000000 ____D () C:\Windows\erdnt
2014-05-07 06:21 - 2014-05-07 06:21 - 02063872 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-05-07 06:18 - 2014-05-07 06:19 - 05200039 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2014-05-07 05:59 - 2014-05-07 06:00 - 00616110 _____ () C:\Windows\dd_vcredistMSI72D3.txt
2014-05-07 05:59 - 2014-05-07 06:00 - 00012324 _____ () C:\Windows\dd_vcredistUI72D3.txt
2014-05-07 05:56 - 2014-05-08 14:15 - 00003975 _____ () C:\Windows\setupact.log
2014-05-07 05:56 - 2014-05-07 05:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-06 20:54 - 2014-05-06 20:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\{8E84BAEF-CC35-4C1F-868F-E2A62CF5FC52}
2014-05-06 07:48 - 2014-05-06 07:49 - 00000000 ____D () C:\Users\Admin\AppData\Local\{283E8E63-7F27-4DF5-B0D5-FE934A10A6AF}
2014-05-06 07:29 - 2014-05-06 07:30 - 00618014 _____ () C:\Windows\dd_vcredistMSI69BA.txt
2014-05-06 07:29 - 2014-05-06 07:30 - 00012392 _____ () C:\Windows\dd_vcredistUI69BA.txt
2014-05-05 17:12 - 2014-05-05 18:09 - 00060022 _____ () C:\Users\Admin\Desktop\Extras.Txt
2014-05-05 17:12 - 2014-05-05 17:12 - 00094936 _____ () C:\Users\Admin\Desktop\OTL.Txt
2014-05-05 16:52 - 2014-05-05 16:55 - 00618424 _____ () C:\Windows\dd_vcredistMSI4A79.txt
2014-05-05 16:52 - 2014-05-05 16:55 - 00012408 _____ () C:\Windows\dd_vcredistUI4A79.txt
2014-05-05 16:50 - 2014-05-05 16:50 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2014-05-05 16:18 - 2014-05-05 16:18 - 00116160 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-05 16:18 - 2014-05-05 16:18 - 00000000 ____D () C:\Program Files\Microsoft ATS
2014-05-05 16:06 - 2014-05-05 16:06 - 00408608 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-05-05 15:56 - 2014-05-08 14:26 - 00428297 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 08:44 - 2014-05-05 08:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\{33D267A4-C44D-48DB-895D-62B457C96273}
2014-05-05 05:58 - 2014-05-05 05:59 - 00011642 _____ () C:\Windows\dd_vcredistUI55F2.txt
2014-05-05 05:58 - 2014-05-05 05:59 - 00006360 _____ () C:\Windows\dd_vcredistMSI55F2.txt
2014-05-04 20:42 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\{FA441080-7521-49F9-9049-195CE559DF52}
2014-05-02 21:08 - 2014-05-02 21:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\{C66CC789-D624-47DA-A7BF-A958B5834A3B}
2014-05-02 20:12 - 2014-05-02 20:12 - 00000000 ____D () C:\Users\Admin\AppData\Local\{0D392007-C0C0-4FAC-9596-5CE194BE0231}
2014-05-02 08:11 - 2014-05-02 08:11 - 00000000 ____D () C:\Users\Admin\AppData\Local\{01A509CF-47B9-4306-A212-9AA8159A86BF}
2014-05-02 07:42 - 2014-05-02 07:44 - 00617624 _____ () C:\Windows\dd_vcredistMSI3AE4.txt
2014-05-02 07:42 - 2014-05-02 07:44 - 00012376 _____ () C:\Windows\dd_vcredistUI3AE4.txt
2014-05-02 06:49 - 2014-05-02 06:50 - 00617566 _____ () C:\Windows\dd_vcredistMSI11FB.txt
2014-05-02 06:49 - 2014-05-02 06:50 - 00012388 _____ () C:\Windows\dd_vcredistUI11FB.txt
2014-05-02 06:41 - 2014-05-02 06:46 - 00616784 _____ () C:\Windows\dd_vcredistMSI0C1D.txt
2014-05-02 06:41 - 2014-05-02 06:46 - 00012356 _____ () C:\Windows\dd_vcredistUI0C1D.txt
2014-05-02 06:33 - 2014-05-02 06:34 - 00616126 _____ () C:\Windows\dd_vcredistMSI05C3.txt
2014-05-02 06:33 - 2014-05-02 06:34 - 00012324 _____ () C:\Windows\dd_vcredistUI05C3.txt
2014-05-02 06:29 - 2014-05-02 06:31 - 00618478 _____ () C:\Windows\dd_vcredistMSI02FB.txt
2014-05-02 06:29 - 2014-05-02 06:31 - 00012420 _____ () C:\Windows\dd_vcredistUI02FB.txt
2014-05-02 04:37 - 2014-05-08 04:39 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-05-02 04:37 - 2014-05-07 05:59 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-05-02 04:37 - 2014-05-02 04:37 - 00002972 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-05-02 04:37 - 2014-05-02 04:37 - 00002628 _____ () C:\Windows\System32\Tasks\GlaryInitialize 4
2014-05-02 04:37 - 2014-05-02 04:37 - 00000930 _____ () C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-05-01 19:46 - 2014-05-01 19:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\{AB52C7BB-9A02-41D8-8F09-88C70726F842}
2014-05-01 09:43 - 2014-05-05 16:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2014-05-01 07:44 - 2014-05-01 07:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\{4EF0DC02-6131-4074-9501-4D8E7FB08DB2}
2014-04-30 18:54 - 2014-04-30 18:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\{A53D3469-123A-4B77-9AF4-96A5D2B34092}
2014-04-30 06:53 - 2014-04-30 06:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\{6F467159-964D-4523-B8CB-DE8CE2AF33D6}
2014-04-29 16:39 - 2014-05-05 16:11 - 00000000 ____D () C:\Users\Admin\Documents\RK_Quarantine
2014-04-29 15:54 - 2014-04-29 15:54 - 00001743 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-04-29 15:54 - 2014-04-29 15:54 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-29 10:33 - 2014-04-29 10:33 - 00000000 ____D () C:\Users\Admin\AppData\Local\{AB7C8C88-0B90-4DE8-B659-0636C53242E3}
2014-04-29 06:32 - 2014-04-29 15:48 - 00000000 ____D () C:\Users\Admin\Downloads\mbar
2014-04-29 05:01 - 2014-04-29 05:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2014-04-29 05:00 - 2014-04-29 05:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-28 22:31 - 2014-04-28 22:32 - 00000000 ____D () C:\Users\Admin\AppData\Local\{E4631447-CB9D-4C74-B841-7643278AC083}
2014-04-28 19:33 - 2014-04-29 05:16 - 00017475 _____ () C:\Users\Admin\Documents\SLC Sandestin condo rooming list.eml
2014-04-28 17:33 - 2014-04-28 17:33 - 00001933 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-04-28 17:04 - 2014-04-28 17:04 - 00000000 ____D () C:\ProgramData\Licenses
2014-04-28 14:11 - 2014-04-28 14:11 - 00000000 ___DC () C:\ProgramData\{52AC600B-5800-407E-99FF-83CD0669760B}
2014-04-27 09:35 - 2014-04-27 09:35 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Admin\Downloads\iExplore64.exe
2014-04-26 08:04 - 2014-04-26 08:05 - 00000000 ____D () C:\Users\Admin\Desktop\Test
2014-04-25 09:23 - 2014-04-25 09:23 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-25 09:23 - 2014-04-25 09:23 - 00000781 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-25 09:23 - 2014-04-25 09:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-25 08:37 - 2014-04-25 08:38 - 10971424 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\HitmanPro_x64.exe
2014-04-25 08:13 - 2014-04-25 08:13 - 00000644 _____ () C:\Windows\System32\.crusader
2014-04-25 08:04 - 2014-04-25 08:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-25 07:54 - 2014-04-25 07:55 - 04527616 _____ () C:\Users\Admin\Downloads\RogueKillerX64.exe
2014-04-25 05:49 - 2014-04-25 05:50 - 00223392 _____ () C:\Windows\dd_ATL90SP1_KB973924MSI41B4.txt
2014-04-25 05:49 - 2014-04-25 05:50 - 00013656 _____ () C:\Windows\dd_ATL90SP1_KB973924UI41B4.txt
2014-04-25 04:38 - 2014-04-29 15:48 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-25 04:35 - 2014-04-25 04:37 - 00618080 _____ () C:\Windows\dd_vcredistMSI08D6.txt
2014-04-25 04:35 - 2014-04-25 04:37 - 00012404 _____ () C:\Windows\dd_vcredistUI08D6.txt
2014-04-25 03:50 - 2014-04-25 03:50 - 00000010 _____ () C:\Users\Admin\AppData\Local\sponge.last.runtime.cache
2014-04-25 03:39 - 2014-04-25 03:41 - 00618472 _____ () C:\Windows\dd_vcredistMSI5E21.txt
2014-04-25 03:39 - 2014-04-25 03:41 - 00012420 _____ () C:\Windows\dd_vcredistUI5E21.txt
2014-04-25 02:13 - 2014-04-25 02:17 - 00618786 _____ () C:\Windows\dd_vcredistMSI1C6F.txt
2014-04-25 02:13 - 2014-04-25 02:17 - 00013888 _____ () C:\Windows\dd_vcredistUI1C6F.txt
2014-04-25 01:55 - 2014-04-25 01:57 - 00616434 _____ () C:\Windows\dd_vcredistMSI0E5A.txt
2014-04-25 01:55 - 2014-04-25 01:57 - 00013792 _____ () C:\Windows\dd_vcredistUI0E5A.txt
2014-04-25 00:30 - 2014-04-25 00:30 - 00000000 ____D () C:\Users\Admin\Documents\ProcAlyzer Dumps
2014-04-25 00:21 - 2014-04-25 04:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-25 00:21 - 2014-04-25 04:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-25 00:16 - 2014-04-25 00:18 - 00616042 _____ () C:\Windows\dd_vcredistMSI42BF.txt
2014-04-25 00:16 - 2014-04-25 00:18 - 00013776 _____ () C:\Windows\dd_vcredistUI42BF.txt
2014-04-24 23:55 - 2014-04-24 23:57 - 00618378 _____ () C:\Windows\dd_vcredistMSI3229.txt
2014-04-24 23:55 - 2014-04-24 23:57 - 00013872 _____ () C:\Windows\dd_vcredistUI3229.txt
2014-04-24 22:56 - 2014-04-24 22:58 - 00616042 _____ () C:\Windows\dd_vcredistMSI0528.txt
2014-04-24 22:56 - 2014-04-24 22:58 - 00013776 _____ () C:\Windows\dd_vcredistUI0528.txt
2014-04-24 22:44 - 2014-04-24 22:46 - 00617610 _____ () C:\Windows\dd_vcredistMSI7BC2.txt
2014-04-24 22:43 - 2014-04-24 22:46 - 00013840 _____ () C:\Windows\dd_vcredistUI7BC2.txt
2014-04-24 21:47 - 2014-04-24 21:49 - 00615538 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI50CB.txt
2014-04-24 21:47 - 2014-04-24 21:49 - 00012384 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI50CB.txt
2014-04-24 21:42 - 2014-04-24 21:44 - 00616714 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI4C8F.txt
2014-04-24 21:42 - 2014-04-24 21:44 - 00012432 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI4C8F.txt
2014-04-24 21:37 - 2014-04-24 21:39 - 00616322 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI4900.txt
2014-04-24 21:37 - 2014-04-24 21:39 - 00012416 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI4900.txt
2014-04-24 21:30 - 2014-04-24 21:33 - 00618282 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI4384.txt
2014-04-24 21:30 - 2014-04-24 21:33 - 00012496 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI4384.txt
2014-04-24 21:10 - 2014-04-29 15:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-24 19:22 - 2014-04-24 19:23 - 00615838 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI613E.txt
2014-04-24 19:22 - 2014-04-24 19:23 - 00014036 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI613E.txt
2014-04-24 18:11 - 2014-04-24 18:13 - 00615832 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI2B3E.txt
2014-04-24 18:11 - 2014-04-24 18:13 - 00015392 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI2B3E.txt
2014-04-24 17:44 - 2014-04-24 17:46 - 00617390 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI1694.txt
2014-04-24 17:44 - 2014-04-24 17:46 - 00013408 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI1694.txt
2014-04-24 17:13 - 2014-04-24 17:19 - 00615838 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI7E8C.txt
2014-04-24 17:13 - 2014-04-24 17:19 - 00016672 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI7E8C.txt
2014-04-24 13:35 - 2014-04-24 13:35 - 00200660 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-04-23 21:41 - 2014-04-23 21:43 - 00435404 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI7E18.txt
2014-04-23 21:41 - 2014-04-23 21:43 - 00013304 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI7E18.txt

==================== One Month Modified Files and Folders =======

2014-05-14 06:33 - 2013-07-09 06:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DiskDefrag
2014-05-08 14:26 - 2014-05-05 15:56 - 00428297 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 14:26 - 2006-11-02 07:42 - 00032656 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-08 14:26 - 2006-11-02 07:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-08 14:26 - 2006-11-02 07:22 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-08 14:26 - 2006-11-02 07:22 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-08 14:25 - 2014-05-07 06:56 - 00000000 ____D () C:\FRST
2014-05-08 14:25 - 2009-03-09 12:33 - 00000000 ____D () C:\users\Admin
2014-05-08 14:24 - 2013-01-16 21:25 - 00000000 ____D () C:\AMD
2014-05-08 14:17 - 2006-11-02 04:46 - 00795200 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-05-08 14:15 - 2014-05-07 05:56 - 00003975 _____ () C:\Windows\setupact.log
2014-05-08 10:33 - 2014-05-08 10:33 - 00000000 ____D () C:\Users\Admin\Desktop\live mail account info
2014-05-08 09:43 - 2014-05-08 09:26 - 00000000 ____D () C:\Users\Admin\Desktop\Live mail export
2014-05-08 04:50 - 2013-12-10 19:48 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 04:50 - 2013-12-10 19:48 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 04:50 - 2013-12-10 19:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-08 04:50 - 2013-12-04 21:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-08 04:47 - 2014-05-08 04:45 - 00618462 _____ () C:\Windows\dd_vcredistMSI082E.txt
2014-05-08 04:47 - 2014-05-08 04:45 - 00012420 _____ () C:\Windows\dd_vcredistUI082E.txt
2014-05-08 04:42 - 2014-05-08 04:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\{0811B200-5869-44F8-A115-B0373A938C0E}
2014-05-08 04:39 - 2014-05-02 04:37 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-05-07 14:23 - 2014-05-07 14:23 - 00545792 _____ (Microsoft Corporation) C:\rpcss.dll
2014-05-07 14:23 - 2009-05-30 03:43 - 00545792 _____ (Microsoft Corporation) C:\Windows\System32\rpcss.dll
2014-05-07 09:08 - 2014-05-08 14:15 - 00222283 _____ () C:\Users\Admin\Desktop\rpcss.ZIP
2014-05-07 08:56 - 2014-05-07 08:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\{E8BADBF3-2C55-4294-81C9-EFA673617B20}
2014-05-07 07:49 - 2014-05-07 07:46 - 00616462 _____ () C:\Windows\dd_vcredistMSI4491.txt
2014-05-07 07:49 - 2014-05-07 07:46 - 00012328 _____ () C:\Windows\dd_vcredistUI4491.txt
2014-05-07 07:00 - 2014-05-07 07:00 - 00049101 _____ () C:\Users\Admin\Desktop\Shortcut.txt
2014-05-07 07:00 - 2014-05-07 06:59 - 00043031 _____ () C:\Users\Admin\Desktop\Addition.txt
2014-05-07 07:00 - 2014-05-07 06:57 - 00047939 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-05-07 06:55 - 2014-05-07 06:55 - 00017216 _____ () C:\ComboFix.txt
2014-05-07 06:55 - 2011-10-01 18:10 - 00000000 ____D () C:\Qoobox
2014-05-07 06:50 - 2014-05-07 06:24 - 00000000 ____D () C:\Windows\erdnt
2014-05-07 06:43 - 2014-05-07 06:43 - 00000534 _____ () C:\Windows\PFRO.log
2014-05-07 06:43 - 2006-11-02 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-07 06:21 - 2014-05-07 06:21 - 02063872 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-05-07 06:19 - 2014-05-07 06:18 - 05200039 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2014-05-07 06:00 - 2014-05-07 05:59 - 00616110 _____ () C:\Windows\dd_vcredistMSI72D3.txt
2014-05-07 06:00 - 2014-05-07 05:59 - 00012324 _____ () C:\Windows\dd_vcredistUI72D3.txt
2014-05-07 05:59 - 2014-05-02 04:37 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-05-07 05:56 - 2014-05-07 05:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-06 20:54 - 2014-05-06 20:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\{8E84BAEF-CC35-4C1F-868F-E2A62CF5FC52}
2014-05-06 07:49 - 2014-05-06 07:48 - 00000000 ____D () C:\Users\Admin\AppData\Local\{283E8E63-7F27-4DF5-B0D5-FE934A10A6AF}
2014-05-06 07:30 - 2014-05-06 07:29 - 00618014 _____ () C:\Windows\dd_vcredistMSI69BA.txt
2014-05-06 07:30 - 2014-05-06 07:29 - 00012392 _____ () C:\Windows\dd_vcredistUI69BA.txt
2014-05-05 18:09 - 2014-05-05 17:12 - 00060022 _____ () C:\Users\Admin\Desktop\Extras.Txt
2014-05-05 17:12 - 2014-05-05 17:12 - 00094936 _____ () C:\Users\Admin\Desktop\OTL.Txt
2014-05-05 16:55 - 2014-05-05 16:52 - 00618424 _____ () C:\Windows\dd_vcredistMSI4A79.txt
2014-05-05 16:55 - 2014-05-05 16:52 - 00012408 _____ () C:\Windows\dd_vcredistUI4A79.txt
2014-05-05 16:50 - 2014-05-05 16:50 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2014-05-05 16:18 - 2014-05-05 16:18 - 00116160 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-05 16:18 - 2014-05-05 16:18 - 00000000 ____D () C:\Program Files\Microsoft ATS
2014-05-05 16:11 - 2014-04-29 16:39 - 00000000 ____D () C:\Users\Admin\Documents\RK_Quarantine
2014-05-05 16:06 - 2014-05-05 16:06 - 00408608 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-05-05 16:03 - 2014-05-01 09:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2014-05-05 15:51 - 2010-10-16 13:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Disk Cleaner
2014-05-05 08:44 - 2014-05-05 08:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\{33D267A4-C44D-48DB-895D-62B457C96273}
2014-05-05 05:59 - 2014-05-05 05:58 - 00011642 _____ () C:\Windows\dd_vcredistUI55F2.txt
2014-05-05 05:59 - 2014-05-05 05:58 - 00006360 _____ () C:\Windows\dd_vcredistMSI55F2.txt
2014-05-04 20:43 - 2014-05-04 20:42 - 00000000 ____D () C:\Users\Admin\AppData\Local\{FA441080-7521-49F9-9049-195CE559DF52}
2014-05-02 21:09 - 2014-05-02 21:08 - 00000000 ____D () C:\Users\Admin\AppData\Local\{C66CC789-D624-47DA-A7BF-A958B5834A3B}
2014-05-02 20:12 - 2014-05-02 20:12 - 00000000 ____D () C:\Users\Admin\AppData\Local\{0D392007-C0C0-4FAC-9596-5CE194BE0231}
2014-05-02 10:25 - 2009-03-10 08:35 - 00000000 ____D () C:\Users\Admin\Documents\SCA
2014-05-02 08:11 - 2014-05-02 08:11 - 00000000 ____D () C:\Users\Admin\AppData\Local\{01A509CF-47B9-4306-A212-9AA8159A86BF}
2014-05-02 07:44 - 2014-05-02 07:42 - 00617624 _____ () C:\Windows\dd_vcredistMSI3AE4.txt
2014-05-02 07:44 - 2014-05-02 07:42 - 00012376 _____ () C:\Windows\dd_vcredistUI3AE4.txt
2014-05-02 06:50 - 2014-05-02 06:49 - 00617566 _____ () C:\Windows\dd_vcredistMSI11FB.txt
2014-05-02 06:50 - 2014-05-02 06:49 - 00012388 _____ () C:\Windows\dd_vcredistUI11FB.txt
2014-05-02 06:46 - 2014-05-02 06:41 - 00616784 _____ () C:\Windows\dd_vcredistMSI0C1D.txt
2014-05-02 06:46 - 2014-05-02 06:41 - 00012356 _____ () C:\Windows\dd_vcredistUI0C1D.txt
2014-05-02 06:34 - 2014-05-02 06:33 - 00616126 _____ () C:\Windows\dd_vcredistMSI05C3.txt
2014-05-02 06:34 - 2014-05-02 06:33 - 00012324 _____ () C:\Windows\dd_vcredistUI05C3.txt
2014-05-02 06:31 - 2014-05-02 06:29 - 00618478 _____ () C:\Windows\dd_vcredistMSI02FB.txt
2014-05-02 06:31 - 2014-05-02 06:29 - 00012420 _____ () C:\Windows\dd_vcredistUI02FB.txt
2014-05-02 04:37 - 2014-05-02 04:37 - 00002972 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-05-02 04:37 - 2014-05-02 04:37 - 00002628 _____ () C:\Windows\System32\Tasks\GlaryInitialize 4
2014-05-02 04:37 - 2014-05-02 04:37 - 00000930 _____ () C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-05-02 04:37 - 2010-07-22 17:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\GlarySoft
2014-05-01 19:47 - 2014-05-01 19:46 - 00000000 ____D () C:\Users\Admin\AppData\Local\{AB52C7BB-9A02-41D8-8F09-88C70726F842}
2014-05-01 07:45 - 2014-05-01 07:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\{4EF0DC02-6131-4074-9501-4D8E7FB08DB2}
2014-04-30 18:54 - 2014-04-30 18:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\{A53D3469-123A-4B77-9AF4-96A5D2B34092}
2014-04-30 06:54 - 2014-04-30 06:53 - 00000000 ____D () C:\Users\Admin\AppData\Local\{6F467159-964D-4523-B8CB-DE8CE2AF33D6}
2014-04-29 19:52 - 2009-03-09 12:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2014-04-29 15:54 - 2014-04-29 15:54 - 00001743 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-04-29 15:54 - 2014-04-29 15:54 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-29 15:48 - 2014-04-29 06:32 - 00000000 ____D () C:\Users\Admin\Downloads\mbar
2014-04-29 15:48 - 2014-04-25 04:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-29 15:04 - 2014-04-24 21:10 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-29 10:33 - 2014-04-29 10:33 - 00000000 ____D () C:\Users\Admin\AppData\Local\{AB7C8C88-0B90-4DE8-B659-0636C53242E3}
2014-04-29 05:16 - 2014-04-28 19:33 - 00017475 _____ () C:\Users\Admin\Documents\SLC Sandestin condo rooming list.eml
2014-04-29 05:01 - 2014-04-29 05:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2014-04-29 05:00 - 2014-04-29 05:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-29 04:53 - 2008-05-13 18:26 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-28 22:32 - 2014-04-28 22:31 - 00000000 ____D () C:\Users\Admin\AppData\Local\{E4631447-CB9D-4C74-B841-7643278AC083}
2014-04-28 17:34 - 2012-09-05 19:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-04-28 17:34 - 2009-03-09 12:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2014-04-28 17:33 - 2014-04-28 17:33 - 00001933 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-04-28 17:32 - 2008-05-13 18:26 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-28 17:04 - 2014-04-28 17:04 - 00000000 ____D () C:\ProgramData\Licenses
2014-04-28 14:11 - 2014-04-28 14:11 - 00000000 ___DC () C:\ProgramData\{52AC600B-5800-407E-99FF-83CD0669760B}
2014-04-27 09:35 - 2014-04-27 09:35 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Admin\Downloads\iExplore64.exe
2014-04-26 08:59 - 2013-11-05 15:15 - 00000000 ____D () C:\Users\Admin\Documents\Outlook Files
2014-04-26 08:05 - 2014-04-26 08:04 - 00000000 ____D () C:\Users\Admin\Desktop\Test
2014-04-25 09:23 - 2014-04-25 09:23 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-25 09:23 - 2014-04-25 09:23 - 00000781 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-25 09:23 - 2014-04-25 09:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-25 08:38 - 2014-04-25 08:37 - 10971424 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\HitmanPro_x64.exe
2014-04-25 08:13 - 2014-04-25 08:13 - 00000644 _____ () C:\Windows\System32\.crusader
2014-04-25 08:13 - 2014-04-25 08:04 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-25 07:55 - 2014-04-25 07:54 - 04527616 _____ () C:\Users\Admin\Downloads\RogueKillerX64.exe
2014-04-25 06:36 - 2009-03-13 06:30 - 00000000 ____D () C:\Users\Admin\Documents\Ccleaner Backups
2014-04-25 05:50 - 2014-04-25 05:49 - 00223392 _____ () C:\Windows\dd_ATL90SP1_KB973924MSI41B4.txt
2014-04-25 05:50 - 2014-04-25 05:49 - 00013656 _____ () C:\Windows\dd_ATL90SP1_KB973924UI41B4.txt
2014-04-25 04:37 - 2014-04-25 04:35 - 00618080 _____ () C:\Windows\dd_vcredistMSI08D6.txt
2014-04-25 04:37 - 2014-04-25 04:35 - 00012404 _____ () C:\Windows\dd_vcredistUI08D6.txt
2014-04-25 04:27 - 2014-04-25 00:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-25 04:26 - 2014-04-25 00:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-25 03:50 - 2014-04-25 03:50 - 00000010 _____ () C:\Users\Admin\AppData\Local\sponge.last.runtime.cache
2014-04-25 03:41 - 2014-04-25 03:39 - 00618472 _____ () C:\Windows\dd_vcredistMSI5E21.txt
2014-04-25 03:41 - 2014-04-25 03:39 - 00012420 _____ () C:\Windows\dd_vcredistUI5E21.txt
2014-04-25 02:17 - 2014-04-25 02:13 - 00618786 _____ () C:\Windows\dd_vcredistMSI1C6F.txt
2014-04-25 02:17 - 2014-04-25 02:13 - 00013888 _____ () C:\Windows\dd_vcredistUI1C6F.txt
2014-04-25 01:57 - 2014-04-25 01:55 - 00616434 _____ () C:\Windows\dd_vcredistMSI0E5A.txt
2014-04-25 01:57 - 2014-04-25 01:55 - 00013792 _____ () C:\Windows\dd_vcredistUI0E5A.txt
2014-04-25 00:30 - 2014-04-25 00:30 - 00000000 ____D () C:\Users\Admin\Documents\ProcAlyzer Dumps
2014-04-25 00:18 - 2014-04-25 00:16 - 00616042 _____ () C:\Windows\dd_vcredistMSI42BF.txt
2014-04-25 00:18 - 2014-04-25 00:16 - 00013776 _____ () C:\Windows\dd_vcredistUI42BF.txt
2014-04-24 23:57 - 2014-04-24 23:55 - 00618378 _____ () C:\Windows\dd_vcredistMSI3229.txt
2014-04-24 23:57 - 2014-04-24 23:55 - 00013872 _____ () C:\Windows\dd_vcredistUI3229.txt
2014-04-24 23:48 - 2013-10-18 00:00 - 00000000 ____D () C:\Windows\Temp4E9E6806-5F76-705D-AC0F-85C045A95512-Signatures
2014-04-24 23:07 - 2013-10-03 22:15 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-24 23:07 - 2013-06-15 15:02 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-24 22:58 - 2014-04-24 22:56 - 00616042 _____ () C:\Windows\dd_vcredistMSI0528.txt
2014-04-24 22:58 - 2014-04-24 22:56 - 00013776 _____ () C:\Windows\dd_vcredistUI0528.txt
2014-04-24 22:46 - 2014-04-24 22:44 - 00617610 _____ () C:\Windows\dd_vcredistMSI7BC2.txt
2014-04-24 22:46 - 2014-04-24 22:43 - 00013840 _____ () C:\Windows\dd_vcredistUI7BC2.txt
2014-04-24 21:49 - 2014-04-24 21:47 - 00615538 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI50CB.txt
2014-04-24 21:49 - 2014-04-24 21:47 - 00012384 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI50CB.txt
2014-04-24 21:44 - 2014-04-24 21:42 - 00616714 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI4C8F.txt
2014-04-24 21:44 - 2014-04-24 21:42 - 00012432 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI4C8F.txt
2014-04-24 21:39 - 2014-04-24 21:37 - 00616322 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI4900.txt
2014-04-24 21:39 - 2014-04-24 21:37 - 00012416 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI4900.txt
2014-04-24 21:33 - 2014-04-24 21:30 - 00618282 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI4384.txt
2014-04-24 21:33 - 2014-04-24 21:30 - 00012496 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI4384.txt
2014-04-24 20:21 - 2006-11-02 05:34 - 00000000 ____D () C:\Windows\System32\Msdtc
2014-04-24 20:15 - 2006-11-02 04:33 - 92012544 _____ () C:\Windows\System32\config\software_previous
2014-04-24 20:15 - 2006-11-02 04:33 - 53477376 _____ () C:\Windows\System32\config\components_previous
2014-04-24 20:15 - 2006-11-02 04:33 - 22282240 _____ () C:\Windows\System32\config\system_previous
2014-04-24 20:15 - 2006-11-02 04:33 - 00524288 _____ () C:\Windows\System32\config\default_previous
2014-04-24 20:15 - 2006-11-02 04:33 - 00053248 _____ () C:\Windows\System32\config\sam_previous
2014-04-24 20:15 - 2006-11-02 04:33 - 00024576 _____ () C:\Windows\System32\config\security_previous
2014-04-24 20:14 - 2006-11-02 05:34 - 00000000 ____D () C:\Windows\System32\spool
2014-04-24 20:14 - 2006-11-02 05:33 - 00000000 ____D () C:\Windows\registration
2014-04-24 19:23 - 2014-04-24 19:22 - 00615838 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI613E.txt
2014-04-24 19:23 - 2014-04-24 19:22 - 00014036 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI613E.txt
2014-04-24 18:28 - 2009-03-10 05:43 - 00001460 _____ () C:\Users\Admin\AppData\Local\d3d9caps64.dat
2014-04-24 18:26 - 2009-03-12 08:41 - 00001356 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2014-04-24 18:13 - 2014-04-24 18:11 - 00615832 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI2B3E.txt
2014-04-24 18:13 - 2014-04-24 18:11 - 00015392 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI2B3E.txt
2014-04-24 17:46 - 2014-04-24 17:44 - 00617390 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI1694.txt
2014-04-24 17:46 - 2014-04-24 17:44 - 00013408 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI1694.txt
2014-04-24 17:19 - 2014-04-24 17:13 - 00615838 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI7E8C.txt
2014-04-24 17:19 - 2014-04-24 17:13 - 00016672 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI7E8C.txt
2014-04-24 13:35 - 2014-04-24 13:35 - 00200660 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-04-23 21:45 - 2013-06-15 15:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer
2014-04-23 21:45 - 2013-06-15 15:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apple Computer
2014-04-23 21:43 - 2014-04-23 21:41 - 00435404 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI7E18.txt
2014-04-23 21:43 - 2014-04-23 21:41 - 00013304 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI7E18.txt
2014-04-22 20:45 - 2010-02-26 09:13 - 00043008 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\agremove.exe
2014-04-22 14:37 - 2014-04-08 19:45 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2014-04-22 14:37 - 2014-04-08 19:44 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.exe
2014-04-22 14:37 - 2010-02-25 08:28 - 00017408 _____ () C:\Windows\System32\rpcnetp.exe
2014-04-17 11:38 - 2011-05-24 12:33 - 00000000 ____D () C:\ProgramData\Skype
2014-04-17 11:36 - 2011-09-23 10:10 - 00000000 ____D () C:\Program Files (x86)\PlayItAll
2014-04-17 11:26 - 2009-03-10 06:30 - 00000000 ____D () C:\Program Files (x86)\Defraggler
2014-04-17 11:25 - 2010-11-19 10:22 - 00001785 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-04-17 11:20 - 2009-04-17 15:59 - 00000000 ____D () C:\Windows\Minidump

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-05-30 03:43] - [2014-05-07 14:23] - 0545792 ____A (Microsoft Corporation) B46D8EA6DD30BAA49F674DACDC4C491F

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-05-05 16:51:49
Restore point made on: 2014-05-06 07:29:25
Restore point made on: 2014-05-07 05:59:11
Restore point made on: 2014-05-07 07:31:14
Restore point made on: 2014-05-07 07:46:11
Restore point made on: 2014-05-08 04:44:18

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3837.41 MB
Available physical RAM: 3236.54 MB
Total Pagefile: 3576.59 MB
Available Pagefile: 3215.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Drives ================================

Drive c: (SQ004732V03) (Fixed) (Total:288.67 GB) (Free:203.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS
Drive f: (2008.03.29_2201) (Removable) (Total:7.6 GB) (Free:7.38 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 445C445B)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=17)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 0454EC10)
Partition 1: (Active) - (Size=8 GB) - (Type=07 NTFS)

LastRegBack: 2014-05-14 07:08

==================== End Of Log ============================

 

 


  • 0

#20
Essexboy
Posted 15 May 2014 - 09:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The file is now good, so something else must have occurred during the forced shutdown

Download the attached Fixlist.txt to the same location as FRST
[attachment=70584:fixlist.txt]
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#21
Essexboy
Posted 15 May 2014 - 10:04 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I forgot then try a normal boot
  • 0

#22
gyberger
Posted 15 May 2014 - 10:57 AM

gyberger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Ran Fix stiill doing same thing Here is log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2014
Ran by SYSTEM at 2014-05-15 11:38:06 Run:3
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
LastRegBack: 2014-05-14 07:08
*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

 

 


  • 0

#23
Essexboy
Posted 15 May 2014 - 11:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
From the recovery console select command prompt and type the following command :

chkdsk c: /r

Once done reboot the computer, if it offers a startup repair accept that
  • 0

#24
Essexboy
Posted 11 June 2014 - 07:09 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP