Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer keeps crashing


  • This topic is locked This topic is locked
33 replies to this topic

#1 ChrismoJames

ChrismoJames

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 25 October 2012 - 02:20 AM

My computer keeps crashing to blue screen. Messages keep popping up about random programs having to be shut down because they are not running properly. Can't activate my antivirus. Or download any new antivirus. Everytime I try when I try to install it a message appears saying that the file is corrupt. And upon start up I get a message saying "C:\Windows\system32\amdoct.dll is not designed to run on Windows or it contains an error." And then proceeds to tell me to try to reinstall the program. Sometimes it restricts my access to the internet and repeatedly have to reset my router. Webpages will also randomly crash(I'm using Google Chrome). I'm not exactly sure what is wrong, or what I can due to fix it. I've done system recovery and tried Registry Easy and that allowed me to atleast have some time on my comp before it crashes.
Additionally, videos do not play. Any program I use besides a select few such as Google Chrome doesn't work and an alert pops up that says the programs have stopped working and needs to be restarted and it just keeps doing that. This also happens to Windows Explorer whenever I try to access msconfig.








DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Patty at 2:04:50 on 2012-10-25
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2952 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Users\Patty\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patty\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patty\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patty\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patty\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patty\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patty\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
uRun: [Google Update] "C:\Users\Patty\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Free YouTube Download - C:\Users\Patty\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Users\Patty\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{9C593313-D21E-4D2C-BF77-F7D8ED42CC0C} : DHCPNameServer = 10.0.0.1
SSODL: WebCheck - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-5-17 28504]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-27 239616]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-7-27 10278912]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-7-27 368640]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-4-24 67072]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-4-16 1342064]
S2 avast! Firewall;avast! Firewall;"C:\Program Files\AVAST Software\Avast\afwServ.exe" --> C:\Program Files\AVAST Software\Avast\afwServ.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-23 1153368]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-5 1255736]
.
=============== Created Last 30 ================
.
2012-10-25 06:15:25 -------- d-----w- C:\Windows\System32\appmgmt
2012-10-25 05:53:48 -------- d--h--w- C:\ProgramData\Common Files
2012-10-25 05:53:48 -------- d-----w- C:\Users\Patty\AppData\Local\MFAData
2012-10-25 05:53:48 -------- d-----w- C:\Users\Patty\AppData\Local\Avg2013
2012-10-25 05:53:48 -------- d-----w- C:\ProgramData\MFAData
2012-10-25 05:21:09 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6F7E673-FD24-4E5B-BC6F-E67D9A78A092}\mpengine.dll
2012-10-24 05:28:03 -------- d-----w- C:\Program Files\Registry Easy
2012-10-17 00:47:02 -------- d-----w- C:\Program Files\DivX
2012-10-17 00:44:44 -------- d-----w- C:\ProgramData\DivX
2012-10-09 22:31:52 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-09 22:30:26 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-09 22:30:20 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-09 22:30:19 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-10-09 22:28:58 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-09 22:28:56 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-09 22:28:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-09 22:28:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-09 22:27:38 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-09 22:27:37 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-09 22:27:13 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-09 22:27:10 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-09 22:27:06 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-09 22:27:05 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-09 22:27:02 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-09 22:26:59 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-08 10:38:15 -------- d-----w- C:\Program Files (x86)\AMD APP
.
==================== Find3M ====================
.
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:55:04 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 17:05:42 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-07-28 03:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-07-28 03:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-07-28 03:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-07-28 03:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-07-28 03:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-07-28 03:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll
2012-07-28 03:46:06 0 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll
2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll
2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll
2012-07-28 02:10:40 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-07-28 02:10:34 534528 ----a-w- C:\Windows\System32\atieclxx.exe
2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll
2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll
2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
.
============= FINISH: 2:05:25.74 ===============

Edited by ChrismoJames, 25 October 2012 - 04:06 AM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:56 PM

Posted 25 October 2012 - 05:31 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 ChrismoJames

ChrismoJames
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 26 October 2012 - 02:25 AM

While searching the 'services.exe' a message appear reading "The file or directory C:\$Mft is corrupt and unreadable. Please run the Chkdsk utility." Upon clicking Ok to the message a second message appeared reading "The instruction at 0x772c1e02 referenced memory at 0x6ae00f21. The memory could not be written. Click on OK to terminate the program."

Edited by ChrismoJames, 26 October 2012 - 02:29 AM.


#4 ChrismoJames

ChrismoJames
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 26 October 2012 - 02:30 AM

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-10-2012
Ran by SYSTEM at 26-10-2012 02:19:01
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

==================== Services (Whitelisted) ===================

4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [x]

==================== Drivers (Whitelisted) =====================

1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [28504 2012-03-06] (AVAST Software)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-25 21:06 - 2012-10-25 21:07 - 00271328 ____A C:\Windows\Minidump\102612-23696-01.dmp
2012-10-25 21:03 - 2012-10-25 21:03 - 00271328 ____A C:\Windows\Minidump\102612-23275-01.dmp
2012-10-25 20:01 - 2012-10-25 20:01 - 00275568 ____A C:\Windows\Minidump\102512-18548-01.dmp
2012-10-25 19:08 - 2012-10-25 19:08 - 00271328 ____A C:\Windows\Minidump\102512-17846-01.dmp
2012-10-25 19:06 - 2012-10-25 19:06 - 00275568 ____A C:\Windows\Minidump\102512-17284-01.dmp
2012-10-25 18:59 - 2012-10-25 18:59 - 00275568 ____A C:\Windows\Minidump\102512-23244-01.dmp
2012-10-25 18:42 - 2012-10-25 18:42 - 00271328 ____A C:\Windows\Minidump\102512-21184-01.dmp
2012-10-25 18:39 - 2012-10-25 18:39 - 00275568 ____A C:\Windows\Minidump\102512-21793-01.dmp
2012-10-25 18:37 - 2012-10-25 18:37 - 00271328 ____A C:\Windows\Minidump\102512-21496-01.dmp
2012-10-25 17:06 - 2012-10-25 17:06 - 00271328 ____A C:\Windows\Minidump\102512-23259-01.dmp
2012-10-25 15:50 - 2012-10-25 15:50 - 00271328 ____A C:\Windows\Minidump\102512-23275-01.dmp
2012-10-25 03:16 - 2012-10-25 03:16 - 00271328 ____A C:\Windows\Minidump\102512-18626-01.dmp
2012-10-25 02:19 - 2012-10-25 02:19 - 00275568 ____A C:\Windows\Minidump\102512-18844-01.dmp
2012-10-25 02:14 - 2012-10-25 02:14 - 00275568 ____A C:\Windows\Minidump\102512-14866-01.dmp
2012-10-25 02:09 - 2012-10-25 02:09 - 00275568 ____A C:\Windows\Minidump\102512-15615-01.dmp
2012-10-25 01:46 - 2012-10-25 01:46 - 00275568 ____A C:\Windows\Minidump\102512-15568-01.dmp
2012-10-25 01:43 - 2012-10-25 01:43 - 00275568 ____A C:\Windows\Minidump\102512-16411-01.dmp
2012-10-25 01:06 - 2012-10-25 01:09 - 96814416 ____A C:\Users\Patty\Downloads\avast_free_antivirus_setup (1).exe
2012-10-25 00:59 - 2012-10-25 00:59 - 00275568 ____A C:\Windows\Minidump\102512-18829-01.dmp
2012-10-25 00:47 - 2012-10-25 00:47 - 00140608 ____A C:\Users\Patty\Downloads\bluescreenview_setup.exe
2012-10-25 00:47 - 2012-10-25 00:47 - 00000000 ____D C:\Program Files (x86)\NirSoft
2012-10-25 00:38 - 2012-10-25 00:38 - 00000244 ____A C:\Users\Patty\Downloads\defogger_enable.log
2012-10-25 00:38 - 2012-10-25 00:38 - 00000000 ____A C:\Users\Patty\defogger_reenable
2012-10-24 23:05 - 2012-10-24 23:05 - 00047625 ____A C:\Users\Patty\Desktop\attach.txt
2012-10-24 23:05 - 2012-10-24 23:05 - 00013515 ____A C:\Users\Patty\Desktop\dds.txt
2012-10-24 23:03 - 2012-10-24 23:03 - 00687724 ____R (Swearware) C:\Users\Patty\Downloads\dds.com
2012-10-24 23:02 - 2012-10-25 00:38 - 00000472 ____A C:\Users\Patty\Downloads\defogger_disable.log
2012-10-24 23:02 - 2012-10-24 23:02 - 00050477 ____A C:\Users\Patty\Downloads\Defogger.exe
2012-10-24 22:50 - 2012-10-25 23:09 - 00001232 ____A C:\Windows\setupact.log
2012-10-24 22:50 - 2012-10-24 22:50 - 00275568 ____A C:\Windows\Minidump\102512-47658-01.dmp
2012-10-24 22:50 - 2012-10-24 22:50 - 00000000 ____A C:\Windows\setuperr.log
2012-10-24 22:49 - 2012-10-25 21:06 - 241292258 ____A C:\Windows\MEMORY.DMP
2012-10-24 22:45 - 2012-10-24 22:45 - 04420608 ____A (AVG Technologies) C:\Users\Patty\Downloads\avg_isct_stb_all_2013_2741_free (1).exe
2012-10-24 22:42 - 2012-10-24 22:42 - 04420608 ____A (AVG Technologies) C:\Users\Patty\Downloads\avg_isct_stb_all_2013_2741_free.exe
2012-10-24 22:15 - 2012-10-25 00:41 - 00000000 ____D C:\Windows\System32\appmgmt
2012-10-24 21:53 - 2012-10-24 21:53 - 04420616 ____A (AVG Technologies) C:\Users\Patty\Downloads\avg_isct_stb_all_2013_2741.exe
2012-10-24 21:53 - 2012-10-24 21:53 - 00000000 ____D C:\Users\Patty\AppData\Local\MFAData
2012-10-24 21:53 - 2012-10-24 21:53 - 00000000 ____D C:\Users\Patty\AppData\Local\Avg2013
2012-10-24 21:53 - 2012-10-24 21:53 - 00000000 ____D C:\Users\All Users\MFAData
2012-10-23 21:28 - 2012-10-24 21:17 - 00000000 ____D C:\Program Files\Registry Easy
2012-10-23 21:24 - 2012-10-23 21:24 - 00020464 ____N C:\bootsqm.dat
2012-10-23 03:58 - 2012-10-25 21:06 - 00000000 ____D C:\Windows\Minidump
2012-10-22 21:22 - 2012-10-22 21:22 - 00000000 ____D C:\Users\All Users\Adobe
2012-10-18 17:03 - 2012-10-18 17:03 - 00000011 ____A C:\Users\Patty\Documents\promocode.txt
2012-10-16 16:47 - 2012-10-24 21:17 - 00000000 ____D C:\Program Files\DivX
2012-10-16 16:47 - 2012-10-16 16:47 - 00000000 ____D C:\Users\Patty\AppData\Roaming\DivX
2012-10-16 16:44 - 2012-10-24 21:17 - 00000000 ____D C:\Users\All Users\DivX
2012-10-16 16:44 - 2012-10-16 16:44 - 00933256 ____A (DivX, LLC) C:\Users\Patty\Downloads\DivXInstaller.exe
2012-10-16 07:18 - 2012-10-16 07:18 - 00001115 ____A C:\Users\Patty\Documents\Jessie.txt
2012-10-09 14:31 - 2012-08-31 10:02 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-09 14:30 - 2012-08-30 10:11 - 05505904 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-09 14:30 - 2012-08-30 09:18 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-09 14:30 - 2012-08-30 09:18 - 03902832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-09 14:29 - 2012-08-18 07:43 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-09 14:29 - 2012-08-18 07:43 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-09 14:29 - 2012-08-18 07:43 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-09 14:29 - 2012-08-18 07:42 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-09 14:29 - 2012-08-18 07:40 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-09 14:29 - 2012-08-18 07:37 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-09 14:29 - 2012-08-18 07:37 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-09 14:29 - 2012-08-18 07:34 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-09 14:29 - 2012-08-18 07:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:22 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-09 14:29 - 2012-08-18 03:19 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-09 14:29 - 2012-08-18 03:17 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-09 14:29 - 2012-08-18 03:17 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-09 14:29 - 2012-08-18 03:17 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 01:12 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-09 14:29 - 2012-08-18 01:12 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-09 14:29 - 2012-08-18 01:07 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 01:07 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 01:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 14:29 - 2012-08-18 01:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-09 14:28 - 2012-09-14 11:23 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-09 14:28 - 2012-09-14 10:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-09 14:28 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-09 14:28 - 2012-08-24 09:10 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-09 14:27 - 2012-08-10 16:53 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-09 14:27 - 2012-08-10 15:54 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-09 14:27 - 2012-06-01 21:25 - 01462784 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-09 14:27 - 2012-06-01 21:25 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-09 14:27 - 2012-06-01 21:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-09 14:27 - 2012-06-01 20:45 - 01157632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-09 14:27 - 2012-06-01 20:45 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-09 14:26 - 2012-06-01 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-08 02:38 - 2012-10-08 02:38 - 00000000 ____D C:\Users\All Users\ATI
2012-10-08 02:38 - 2012-10-08 02:38 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-09-30 18:44 - 2012-09-30 18:44 - 00000188 ____A C:\Users\Patty\Documents\clothes.txt
2012-09-26 13:09 - 2012-09-27 00:28 - 00000067 ____A C:\Users\Patty\Documents\Job.txt


==================== 3 Months Modified Files ==================

2012-10-25 23:09 - 2012-10-24 22:50 - 00001232 ____A C:\Windows\setupact.log
2012-10-25 23:09 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-25 21:07 - 2012-10-25 21:06 - 00271328 ____A C:\Windows\Minidump\102612-23696-01.dmp
2012-10-25 21:06 - 2012-10-24 22:49 - 241292258 ____A C:\Windows\MEMORY.DMP
2012-10-25 21:03 - 2012-10-25 21:03 - 00271328 ____A C:\Windows\Minidump\102612-23275-01.dmp
2012-10-25 20:01 - 2012-10-25 20:01 - 00275568 ____A C:\Windows\Minidump\102512-18548-01.dmp
2012-10-25 19:58 - 2009-07-13 21:08 - 00032584 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-25 19:08 - 2012-10-25 19:08 - 00271328 ____A C:\Windows\Minidump\102512-17846-01.dmp
2012-10-25 19:06 - 2012-10-25 19:06 - 00275568 ____A C:\Windows\Minidump\102512-17284-01.dmp
2012-10-25 19:03 - 2012-04-14 15:05 - 01281033 ____A C:\Windows\WindowsUpdate.log
2012-10-25 18:59 - 2012-10-25 18:59 - 00275568 ____A C:\Windows\Minidump\102512-23244-01.dmp
2012-10-25 18:50 - 2009-07-13 20:45 - 00020768 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-25 18:50 - 2009-07-13 20:45 - 00020768 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-25 18:42 - 2012-10-25 18:42 - 00271328 ____A C:\Windows\Minidump\102512-21184-01.dmp
2012-10-25 18:39 - 2012-10-25 18:39 - 00275568 ____A C:\Windows\Minidump\102512-21793-01.dmp
2012-10-25 18:37 - 2012-10-25 18:37 - 00271328 ____A C:\Windows\Minidump\102512-21496-01.dmp
2012-10-25 17:06 - 2012-10-25 17:06 - 00271328 ____A C:\Windows\Minidump\102512-23259-01.dmp
2012-10-25 15:50 - 2012-10-25 15:50 - 00271328 ____A C:\Windows\Minidump\102512-23275-01.dmp
2012-10-25 03:16 - 2012-10-25 03:16 - 00271328 ____A C:\Windows\Minidump\102512-18626-01.dmp
2012-10-25 02:19 - 2012-10-25 02:19 - 00275568 ____A C:\Windows\Minidump\102512-18844-01.dmp
2012-10-25 02:14 - 2012-10-25 02:14 - 00275568 ____A C:\Windows\Minidump\102512-14866-01.dmp
2012-10-25 02:09 - 2012-10-25 02:09 - 00275568 ____A C:\Windows\Minidump\102512-15615-01.dmp
2012-10-25 01:46 - 2012-10-25 01:46 - 00275568 ____A C:\Windows\Minidump\102512-15568-01.dmp
2012-10-25 01:43 - 2012-10-25 01:43 - 00275568 ____A C:\Windows\Minidump\102512-16411-01.dmp
2012-10-25 01:25 - 2012-04-25 01:10 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1697883086-2913086635-2736185005-1000UA.job
2012-10-25 01:09 - 2012-10-25 01:06 - 96814416 ____A C:\Users\Patty\Downloads\avast_free_antivirus_setup (1).exe
2012-10-25 00:59 - 2012-10-25 00:59 - 00275568 ____A C:\Windows\Minidump\102512-18829-01.dmp
2012-10-25 00:47 - 2012-10-25 00:47 - 00140608 ____A C:\Users\Patty\Downloads\bluescreenview_setup.exe
2012-10-25 00:38 - 2012-10-25 00:38 - 00000244 ____A C:\Users\Patty\Downloads\defogger_enable.log
2012-10-25 00:38 - 2012-10-25 00:38 - 00000000 ____A C:\Users\Patty\defogger_reenable
2012-10-25 00:38 - 2012-10-24 23:02 - 00000472 ____A C:\Users\Patty\Downloads\defogger_disable.log
2012-10-24 23:05 - 2012-10-24 23:05 - 00047625 ____A C:\Users\Patty\Desktop\attach.txt
2012-10-24 23:05 - 2012-10-24 23:05 - 00013515 ____A C:\Users\Patty\Desktop\dds.txt
2012-10-24 23:03 - 2012-10-24 23:03 - 00687724 ____R (Swearware) C:\Users\Patty\Downloads\dds.com
2012-10-24 23:02 - 2012-10-24 23:02 - 00050477 ____A C:\Users\Patty\Downloads\Defogger.exe
2012-10-24 22:50 - 2012-10-24 22:50 - 00275568 ____A C:\Windows\Minidump\102512-47658-01.dmp
2012-10-24 22:50 - 2012-10-24 22:50 - 00000000 ____A C:\Windows\setuperr.log
2012-10-24 22:49 - 2012-04-24 10:40 - 00003356 ____A C:\Windows\PFRO.log
2012-10-24 22:45 - 2012-10-24 22:45 - 04420608 ____A (AVG Technologies) C:\Users\Patty\Downloads\avg_isct_stb_all_2013_2741_free (1).exe
2012-10-24 22:42 - 2012-10-24 22:42 - 04420608 ____A (AVG Technologies) C:\Users\Patty\Downloads\avg_isct_stb_all_2013_2741_free.exe
2012-10-24 21:53 - 2012-10-24 21:53 - 04420616 ____A (AVG Technologies) C:\Users\Patty\Downloads\avg_isct_stb_all_2013_2741.exe
2012-10-23 21:24 - 2012-10-23 21:24 - 00020464 ____N C:\bootsqm.dat
2012-10-18 17:03 - 2012-10-18 17:03 - 00000011 ____A C:\Users\Patty\Documents\promocode.txt
2012-10-16 16:44 - 2012-10-16 16:44 - 00933256 ____A (DivX, LLC) C:\Users\Patty\Downloads\DivXInstaller.exe
2012-10-16 07:18 - 2012-10-16 07:18 - 00001115 ____A C:\Users\Patty\Documents\Jessie.txt
2012-10-15 17:25 - 2012-04-25 01:10 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1697883086-2913086635-2736185005-1000Core.job
2012-10-10 18:26 - 2012-04-24 10:12 - 00002487 ____A C:\Users\Patty\Desktop\Google Chrome.lnk
2012-09-30 18:44 - 2012-09-30 18:44 - 00000188 ____A C:\Users\Patty\Documents\clothes.txt
2012-09-27 00:28 - 2012-09-26 13:09 - 00000067 ____A C:\Users\Patty\Documents\Job.txt
2012-09-22 14:51 - 2012-09-22 14:50 - 20708336 ____A (DVDVideoSoft Ltd. ) C:\Users\Patty\Downloads\FreeYouTubetoMP3Converter (1).exe
2012-09-14 11:23 - 2012-10-09 14:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:30 - 2012-10-09 14:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-08-31 10:02 - 2012-10-09 14:31 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 10:11 - 2012-10-09 14:30 - 05505904 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:18 - 2012-10-09 14:30 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:18 - 2012-10-09 14:30 - 03902832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-24 10:05 - 2012-10-09 14:28 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 09:10 - 2012-10-09 14:28 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 03:15 - 2012-09-22 00:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-09-22 00:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-09-22 00:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-22 00:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-22 00:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-09-22 00:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-09-22 00:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-22 00:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-22 00:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-22 00:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-22 00:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-22 00:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-22 00:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-22 00:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-22 00:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-22 00:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-22 00:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-22 00:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-22 00:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-22 00:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-22 00:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-22 00:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-22 00:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-22 00:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-22 00:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-22 00:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-22 00:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-22 00:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-22 00:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-09-22 00:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-09-22 00:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-22 00:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-18 07:43 - 2012-10-09 14:29 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-18 07:43 - 2012-10-09 14:29 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-18 07:43 - 2012-10-09 14:29 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-18 07:42 - 2012-10-09 14:29 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-18 07:40 - 2012-10-09 14:29 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-18 07:37 - 2012-10-09 14:29 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-18 07:37 - 2012-10-09 14:29 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-18 07:34 - 2012-10-09 14:29 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-18 07:22 - 2012-10-09 14:29 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-18 07:22 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-18 03:22 - 2012-10-09 14:29 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-18 03:19 - 2012-10-09 14:29 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-18 03:17 - 2012-10-09 14:29 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-18 03:17 - 2012-10-09 14:29 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-18 03:17 - 2012-10-09 14:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-18 03:09 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-18 01:12 - 2012-10-09 14:29 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-18 01:12 - 2012-10-09 14:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-18 01:07 - 2012-10-09 14:29 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 01:07 - 2012-10-09 14:29 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 01:07 - 2012-10-09 14:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 01:07 - 2012-10-09 14:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-16 19:41 - 2012-08-08 17:38 - 00000333 ____A C:\Users\Patty\Documents\The List.txt
2012-08-15 09:43 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-12 03:08 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-10 16:53 - 2012-10-09 14:27 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:54 - 2012-10-09 14:27 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-10 11:00 - 2012-08-08 21:03 - 00002053 ____A C:\Users\Patty\Documents\Band List.txt
2012-08-07 13:23 - 2012-08-07 13:23 - 06955968 ____A (Microsoft Corporation) C:\Users\Patty\Downloads\Silverlight.exe
2012-08-03 07:19 - 2012-08-03 07:19 - 00087360 ____A (Spotify Ltd) C:\Users\Patty\Downloads\spotify.exe
2012-08-02 09:55 - 2012-09-11 15:56 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 09:05 - 2012-09-11 15:56 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-16 06:53:15
Restore point made on: 2012-10-16 16:43:05
Restore point made on: 2012-10-16 16:49:51
Restore point made on: 2012-10-19 00:00:54
Restore point made on: 2012-10-23 13:41:50
Restore point made on: 2012-10-24 22:15:11
Restore point made on: 2012-10-24 22:44:31
Restore point made on: 2012-10-25 00:41:18
Restore point made on: 2012-10-25 18:52:28

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4095.24 MB
Available physical RAM: 3504.38 MB
Total Pagefile: 4093.39 MB
Available Pagefile: 3499.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:237.65 GB) NTFS
3 Drive f: (Lexar) (Removable) (Total:7.33 GB) (Free:7.33 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7520 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 297 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 297 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7518 MB 1380 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Lexar FAT32 Removable 7518 MB Healthy

=========================================================

Last Boot: 2012-10-16 00:40

==================== End Of Log =============================

#5 ChrismoJames

ChrismoJames
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 26 October 2012 - 02:31 AM

This is all I got from the Search.txt



Farbar Recovery Scan Tool (x64) Version: 25-10-2012
Ran by SYSTEM at 2012-10-26 02:35:58
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Edited by ChrismoJames, 26 October 2012 - 02:37 AM.


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:56 PM

Posted 26 October 2012 - 05:47 AM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


NEXT




Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 ChrismoJames

ChrismoJames
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 26 October 2012 - 07:04 AM

Upon start up on the infected computer I get a message titled 'Failed to connect to a windows service' and reads "Windows could not connect to the system event notification service service. This problem prevents standard users from logging on to the system. As an administrative user, you can review the System Event Log for details about why the service didn't respond."

However, I do not know how to review this log.

Also I cannot access the internet on the infected computer and cannot download the programs to the computer from flashdrive as the computer doesn't read that the drive is in unless I am in advanced boot options and locate the files from there.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:56 PM

Posted 26 October 2012 - 08:58 AM

boot into the recovery environment again and choose "System Restore"

see if there is a restore point available to before you started having the issues

if restore does not work, then run chkdsk


please do the following:
  • Click the Start menu > type cmd> right click cmd.exe > choose "Run as an Administrator"
  • type chkdsk /r at the command prompt
  • In the event your hard disk is in use, you will be asked if you wish to check for hard disk errors the next time your computer is restarted
  • Click Schedule Disk Check to reschedule this procedure for a later time.
  • Restart the computer and allow chkdsk to run

let me know how that goes

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 ChrismoJames

ChrismoJames
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 26 October 2012 - 07:30 PM

I got it back to allow me back on the computer, partially. Cannot use any programs. Everytime I try to use my web browser it won't open and I get a message saying the memory could not be read. The same thing happened when trying to run the ComboFix.exe, it won't finish because those messages keep popping up and I have no option but to hit terminate the program.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:56 PM

Posted 26 October 2012 - 07:35 PM

run rkill first which should stop those popup messages, then try running ComboFix again


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the next one.

Note: Vista and Windows 7 users need to right click on the file and choose Run as administrator

You only need to get one of them to run, not all of them.


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 ChrismoJames

ChrismoJames
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 26 October 2012 - 07:47 PM

This is the log I got from rkill. I will post the logs for ComboFix and AdwCleaner in a minute after I run them and if they run successfully. I'll let you know how it goes.


Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/26/2012 07:43:54 PM in x64 mode.
Windows Version: Windows 7 Ultimate

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Patty\Desktop\rkill\rkill-10-26-2012-07-43-55.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* C:\Windows\System32\drivers\scsiport.sys [NoSig]
+-> C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft.windows.s..se.scsi_port_driver_31bf3856ad364e35_6.1.7601.17514_none_43a6335240be578b\scsiport.sys : 171,392 : 11/20/2010 00:33 AM : 1b1e264203d4ef9d3da1987ad70355ab [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft.windows.s..se.scsi_port_driver_31bf3856ad364e35_6.1.7600.16385_none_41751f8a43cfd3f1\scsiport.sys : 171,600 : 07/13/2009 08:45 PM : 21b8f1a44e7999dc543f686b2fe6b5fa [Pos Repl]

* C:\Windows\System32\drivers\USBSTOR.sys [NoSig]
+-> C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_usbstor.inf_31bf3856ad364e35_6.1.7601.17514_none_a6ac5425ae72a584\USBSTOR.SYS : 91,648 : 11/20/2010 00:44 AM : d76510cfa0fc09023077f22c2f979d86 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS : 89,600 : 07/13/2009 07:06 PM : 080d3820da6c046be82fc8b45a893e83 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_dd8b7470ecdd8b8b\USBSTOR.SYS : 91,136 : 03/10/2011 10:31 PM : f39983647bc1f3e6100778ddfe9dce29 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS : 89,600 : 07/13/2009 07:06 PM : 080d3820da6c046be82fc8b45a893e83 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16778_none_a48918bfb179469a\USBSTOR.SYS : 91,136 : 03/10/2011 10:31 PM : f39983647bc1f3e6100778ddfe9dce29 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.20921_none_a541c506ca74a675\USBSTOR.SYS : 91,136 : 03/10/2011 10:29 PM : 3a6cb8c3b8904f01e73d10081b7d0ec7 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7601.17577_none_a66e757baea0992f\USBSTOR.SYS : 91,648 : 03/10/2011 10:37 PM : fed648b01349a3c8395a5169db5fb7d6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7601.21680_none_a6e64054c7cca389\USBSTOR.SYS : 91,648 : 03/10/2011 10:21 PM : 36106ac439edfbb7b8bdbf99079c7590 [Pos Repl]

Checking HOSTS File:

* No issues found.

Program finished at: 10/26/2012 07:45:27 PM
Execution time: 0 hours(s), 1 minute(s), and 33 seconds(s)

#12 ChrismoJames

ChrismoJames
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 26 October 2012 - 08:17 PM

Everytime I try running ComboFix it always says that my real time scanners from my Avast Antivirus are running and I tried to turn them off but they wouldn't. The status of all the shields were 'unknown'. When running ComboFix I've gotten up to stage 2 to complete and then mycomp crashes to blue screen. 0.o

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:56 PM

Posted 26 October 2012 - 08:31 PM

you may need to uninstall Avast completely as it appears to be interfering and may be corrupt,

see if you can run ComboFix in safe mode


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 ChrismoJames

ChrismoJames
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 26 October 2012 - 08:39 PM

I tried uninstalling it and it appeared to have worked but still says the shields are active.

#15 ChrismoJames

ChrismoJames
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 26 October 2012 - 08:58 PM

Last time I ran ComboFix I got stage 6A completed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users