Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

avgmfx64.sys is corrupt


  • This topic is locked This topic is locked
4 replies to this topic

#1 Solihull

Solihull

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 16 December 2012 - 09:29 AM

Having problems:

Can't boot Windows 7

Reported problem is: avgmfx64.sys corrupt

Any help would be appreciated.

FRST.txt contents follows:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012
Ran by SYSTEM at 16-12-2012 13:40:29
Running from F:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1794856 2009-05-29] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon [x]
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1481568 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [596328 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35160 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Windows\TosVolRegulator_x64.exe [47928 2009-09-04] (TOSHIBA Corporation)
HKLM\...\Run: [ConexantAudioPatch] %ProgramFiles%\ConexantAudioPatch\Audioreset.exe [284472 2009-09-02] ()
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [MsmqIntCert] regsvr32 /s mqrt.dll [x]
HKLM\...\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart [980920 2012-05-21] (The Eraser Project)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2010-10-26] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
HKU\Classic .NET AppPool\...\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\Classic .NET AppPool\...\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" [x]
HKU\Default\...\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\Default User\...\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\DefaultAppPool\...\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\DefaultAppPool\...\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" [x]
HKU\DMM\...\Run: [MoneyAgent] "C:\Program Files (x86)\Microsoft Money\System\Money Express.exe" [122940 1999-08-03] (Microsoft Corporation)
HKU\DMM\...\Run: [MWSnap] "C:\Program Files (x86)\MWSnap\MWSnap.exe" [427008 2002-07-06] (Mirek Wojtowicz)
HKU\DMM\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\DMM\...\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [166656 2012-11-19] (Fieldston Software)
HKU\DMM\...\Run: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R [95744 2010-07-02] (j2 Global Communications, Inc.)
HKU\DMM\...\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2909048 2012-12-04] (TechSmith Corporation)
HKU\DMM\...\Run: [POP Peeper] "C:\Program Files (x86)\POP Peeper\POPPeeper.exe" -min [1613824 2011-11-16] (Mortal Universe)
HKU\DMM\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17877168 2012-11-09] (Skype Technologies S.A.)
HKU\DMM\...\Run: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe [1975296 2011-11-17] (Alexander Nikiforov)
HKU\DMM\...\RunOnce: [!iLividDSFF] C:\Windows\system32\RUNDLL32.EXE C:\Users\DMM\AppData\Local\Temp\installhelper.dll,_CallFunction _SetFFDS,Software\DM\FRU, [x]
HKU\DMM\...\RunOnce: [!iLividFFHP] C:\Windows\system32\RUNDLL32.EXE C:\Users\DMM\AppData\Local\Temp\INSTAL~1.DLL,_SetFirefoxHP http://www.searchnu.com/406, [x]
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Cloudmark DesktopOne.lnk
ShortcutTarget: Cloudmark DesktopOne.lnk -> C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe (Cloudmark, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snagit 11.lnk
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\Classic .NET AppPool\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\DefaultAppPool\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\DMM\Start Menu\Programs\Startup\eFax 4.4.lnk
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)

==================== Services (Whitelisted) ===================

2 AcfXAudioService; C:\Windows\SysWOW64\ACFXAU64.dll [436736 2009-04-28] (Conexant Systems, Inc.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
2 HttpAnalyzerV5 DllInjectService; C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV5\InjectWinSockServiceV5.exe [268608 2010-04-06] ()
2 LPDSVC; C:\Windows\System32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
2 M4-Service; C:\Users\DMM\AppData\Roaming\Mikogo 4\M4-Service.exe [1003888 2011-08-04] ()
2 MSMQ; C:\Windows\System32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation)
2 MSMQTriggers; C:\Windows\System32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
2 TemproMonitoringService; "C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe" [116104 2009-08-25] (Toshiba Europe GmbH)
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
2 WMCoreService; C:\Program Files (x86)\TOSHIBA\Mobile Broadband Device\WMCore\mini_WMCore.exe servicemode [462888 2010-04-28] (Ericsson AB)
3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) =====================

3 acfva; C:\Windows\System32\DRIVERS\ACFVA64.sys [123008 2009-09-01] (Conexant Systems Inc.)
1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-14] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [114688 2012-12-14] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2009-06-02] (www.winchiphead.com)
3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP64.sys [34944 2009-04-28] (Conexant Systems, Inc.)
3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-06] ()
2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK64.sys [17024 2007-03-14] (Conexant)
3 MODEMCSA; C:\Windows\System32\Drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)
3 MQAC; C:\Windows\System32\Drivers\MQAC.sys [189440 2009-07-13] (Microsoft Corporation)
3 RTL8187Se; C:\Windows\System32\Drivers\RTL8187Se.sys [427008 2009-06-10] (Realtek Semiconductor Corporation )
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()
3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] ()
3 STIrUsb; C:\Windows\System32\DRIVERS\irstusb.sys [33792 2008-01-18] (SigmaTel, Inc.)
3 TotRec7; C:\Windows\System32\Drivers\TotRec7.sys [184592 2012-07-05] (High Criteria inc.)
3 TotRec8; C:\Windows\System32\Drivers\TotRec8.sys [123152 2012-07-05] (High Criteria inc.)
2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU64.sys [10240 2009-04-28] (Conexant Systems, Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-15 16:16 - 2012-12-16 02:32 - 00000336 ____A C:\Windows\setupact.log
2012-12-15 16:16 - 2012-12-15 16:16 - 00000000 ____A C:\Windows\setuperr.log
2012-12-14 10:35 - 2012-12-14 10:35 - 00000000 ____D C:\Users\All Users\Browser Manager
2012-12-14 08:32 - 2012-12-14 08:50 - 00000000 ____D C:\Program Files (x86)\Search Results Toolbar
2012-12-14 08:28 - 2012-12-14 08:28 - 01302424 ____A (Bandoo Media Inc) C:\Users\DMM\Downloads\iLividSetup.exe
2012-12-14 08:22 - 2012-12-14 08:50 - 00000000 ____D C:\Program Files (x86)\4Sync
2012-12-14 07:08 - 2012-12-14 07:08 - 00001175 ____A C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2012-12-14 05:48 - 2012-12-14 05:48 - 00057942 ____A C:\Users\DMM\Desktop\PreziChanges.zip
2012-12-13 23:33 - 2012-12-13 23:33 - 00870374 ____A C:\Users\DMM\Desktop\NS2.bmp
2012-12-13 23:33 - 2012-12-13 23:33 - 00855154 ____A C:\Users\DMM\Desktop\NS3.bmp
2012-12-13 23:32 - 2012-12-13 23:32 - 00858230 ____A C:\Users\DMM\Desktop\NS1.bmp
2012-12-13 19:02 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-13 19:02 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-13 19:02 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-13 19:02 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-13 19:02 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-13 19:02 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-13 19:02 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-13 19:02 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-13 19:02 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-13 19:02 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-13 19:02 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-13 19:02 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-13 19:02 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-13 19:02 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-13 19:02 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-13 19:02 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-13 19:02 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-13 19:02 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-13 19:02 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-13 19:02 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-13 19:02 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-13 19:02 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-13 19:02 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-13 19:02 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-13 19:02 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-13 19:02 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-13 19:02 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-13 19:02 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-13 19:02 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-13 19:02 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-13 19:02 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-13 19:02 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-13 16:14 - 2012-12-13 16:14 - 11077632 ____A C:\Users\DMM\Downloads\dban-2.2.7_i586.iso
2012-12-13 05:48 - 2012-12-13 05:48 - 00017837 ____A C:\Users\DMM\Desktop\ui.theme.css
2012-12-12 19:15 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-12 19:15 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-12 19:15 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-12 19:15 - 2012-11-05 13:35 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-12 19:15 - 2012-11-05 12:41 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-12 19:15 - 2012-11-05 12:32 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-12 19:15 - 2012-11-05 12:32 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-12 19:14 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-12 19:14 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-12 19:14 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-12 19:14 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-12 19:14 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-12 19:14 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-12 19:14 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-12 19:14 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-12 19:14 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-12 19:14 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-12 19:14 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-12 19:14 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-12 19:14 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-12 19:14 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-12 19:14 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-12 19:14 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 19:14 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-12 02:22 - 2012-12-12 02:22 - 00002883 ____A C:\Users\DMM\Desktop\CoffeeCup Free FTP.lnk
2012-12-11 09:56 - 2012-12-11 09:56 - 00002024 ____A C:\Users\DMM\Desktop\ImageMagick Display.lnk
2012-12-11 09:56 - 2012-12-11 09:56 - 00000000 ____D C:\Program Files (x86)\ImageMagick-6.8.0-Q16
2012-12-11 09:22 - 2012-12-11 09:22 - 00000000 ____D C:\Program Files (x86)\Conduit
2012-12-11 06:38 - 2012-12-11 06:38 - 00702126 ____A C:\Users\DMM\Desktop\aqua.bmp
2012-12-10 15:51 - 2012-12-10 15:51 - 00002111 ____A C:\Users\Public\Desktop\Blender.lnk
2012-12-10 15:51 - 2012-12-10 15:51 - 00000000 ____D C:\Users\DMM\.thumbnails
2012-12-10 15:50 - 2012-12-10 15:50 - 00000000 ____D C:\Program Files (x86)\Blender Foundation
2012-12-10 15:30 - 2012-12-10 15:31 - 00000000 ____D C:\Program Files (x86)\GIMP-2.0
2012-12-09 17:53 - 2012-12-11 15:25 - 00000000 ____D C:\Users\DMM\AppData\Roaming\inkscape
2012-12-09 17:41 - 2012-12-09 17:51 - 00000000 ____D C:\Program Files (x86)\Inkscape
2012-12-09 16:19 - 2012-12-09 16:19 - 00000000 ____D C:\Users\DMM\Documents\FlashDigger Plus
2012-12-09 16:19 - 2012-12-09 16:19 - 00000000 ____D C:\Users\DMM\AppData\Roaming\Openworld Learning
2012-12-09 16:18 - 2012-12-09 16:18 - 00158720 ____A (Openworld Learning, LLC) C:\Windows\FDUNINST.EXE
2012-12-09 16:18 - 2012-12-09 16:18 - 00000000 ____D C:\Program Files (x86)\Openworld
2012-12-09 15:46 - 2012-12-09 15:50 - 00000000 ____D C:\Users\DMM\AppData\Roaming\gpdf2swf
2012-12-09 15:45 - 2012-12-09 15:45 - 00000000 ____D C:\Program Files (x86)\SWFTools
2012-12-09 15:15 - 2012-12-09 15:22 - 00000000 ____D C:\Users\DMM\Desktop\Bounce
2012-12-08 10:06 - 2012-09-24 15:16 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-12-08 10:06 - 2012-09-24 15:07 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-12-08 10:05 - 2012-12-08 10:06 - 00004090 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
2012-12-07 08:37 - 2012-12-07 08:37 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2012-12-06 06:25 - 2012-12-06 06:25 - 00000000 ____D C:\Users\DMM\Desktop\IRS
2012-12-05 03:42 - 2012-12-06 04:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-04 17:11 - 2012-12-04 17:13 - 00023040 ____A C:\Users\DMM\Desktop\PaymentPlan v3.xls
2012-12-03 07:36 - 2012-12-07 08:37 - 00000000 ____D C:\Program Files (x86)\Audacity
2012-12-03 07:16 - 2012-12-03 07:16 - 00000000 ____D C:\Users\DMM\AppData\Roaming\MP3SkypeRecorder
2012-12-03 07:16 - 2012-12-03 07:16 - 00000000 ____D C:\Users\DMM\AppData\Local\Alexander_Nikiforov
2012-12-03 07:15 - 2012-12-03 07:15 - 00000000 ____D C:\Program Files (x86)\MP3 Skype Recorder
2012-12-03 06:23 - 2012-12-03 06:50 - 00000000 ____D C:\Users\DMM\Documents\Pamela Call Recorder
2012-12-03 06:23 - 2012-12-03 06:50 - 00000000 ____D C:\Users\DMM\AppData\Roaming\Pamela Call Recorder
2012-12-03 06:23 - 2012-12-03 06:23 - 00000000 ____D C:\Users\DMM\AppData\Roaming\Pamela
2012-11-30 09:06 - 2012-12-09 14:50 - 00000000 ____D C:\Program Files (x86)\Png2swf
2012-11-30 06:27 - 2012-11-30 06:27 - 09865868 ____A C:\Users\DMM\Downloads\server_autoplayer_budle.zip
2012-11-26 09:26 - 2012-11-26 09:26 - 09881087 ____A C:\Users\DMM\Downloads\server_autoplayer_bundle_demo.zip
2012-11-24 13:53 - 2012-11-24 13:53 - 00000000 ____D C:\Users\DMM\Documents\Aura Video Converter
2012-11-24 13:53 - 2012-11-24 13:53 - 00000000 ____D C:\Users\DMM\AppData\Roaming\Aura4You
2012-11-24 13:51 - 2012-11-24 13:51 - 00000000 ____D C:\Program Files (x86)\Aura4You
2012-11-24 09:43 - 2012-11-24 09:43 - 00000000 ____D C:\Users\DMM\AppData\Roaming\Modiac
2012-11-24 09:43 - 2012-11-24 09:43 - 00000000 ____D C:\Users\DMM\AppData\Local\Modiac
2012-11-24 09:42 - 2012-11-24 09:42 - 00000000 ____D C:\Program Files (x86)\Modiac
2012-11-23 19:16 - 2012-12-11 17:02 - 00001709 ____A C:\Users\Public\Desktop\Recuva.lnk
2012-11-23 19:15 - 2012-11-29 09:49 - 00000000 ____D C:\Program Files\Recuva
2012-11-20 15:50 - 2012-11-20 15:50 - 00001345 ____A C:\Users\DMM\Desktop\Privacy Eraser Pro.lnk


==================== One Month Modified Files and Folders =======

2012-12-16 13:39 - 2012-12-16 13:39 - 00000000 ____D C:\FRST
2012-12-16 04:23 - 2009-11-17 16:27 - 01641938 ____A C:\Windows\WindowsUpdate.log
2012-12-16 04:22 - 2011-09-11 00:04 - 00000000 ____D C:\Users\DMM\AppData\Roaming\gSyncit
2012-12-16 04:21 - 2009-12-08 05:33 - 00000000 ____D C:\Users\DMM\AppData\Roaming\Skype
2012-12-16 03:55 - 2012-04-12 00:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-16 03:54 - 2010-05-28 07:46 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-16 02:32 - 2012-12-15 16:16 - 00000336 ____A C:\Windows\setupact.log
2012-12-16 02:32 - 2010-09-22 03:16 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-12-16 00:50 - 2010-10-14 01:04 - 00000000 ____D C:\Users\All Users\MFAData
2012-12-16 00:39 - 2010-03-10 05:59 - 08687616 ____A C:\Users\DMM\Documents\UK Money.mny
2012-12-15 16:54 - 2010-05-28 07:45 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-15 16:16 - 2012-12-15 16:16 - 00000000 ____A C:\Windows\setuperr.log
2012-12-15 14:44 - 2012-08-13 13:44 - 00000398 ____A C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2012-12-15 09:19 - 2010-12-03 03:13 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-12-14 10:35 - 2012-12-14 10:35 - 00000000 ____D C:\Users\All Users\Browser Manager
2012-12-14 08:50 - 2012-12-14 08:32 - 00000000 ____D C:\Program Files (x86)\Search Results Toolbar
2012-12-14 08:50 - 2012-12-14 08:22 - 00000000 ____D C:\Program Files (x86)\4Sync
2012-12-14 08:41 - 2012-10-04 19:32 - 00114688 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
2012-12-14 08:28 - 2012-12-14 08:28 - 01302424 ____A (Bandoo Media Inc) C:\Users\DMM\Downloads\iLividSetup.exe
2012-12-14 07:56 - 2012-08-13 13:43 - 00004096 ____A C:\Users\DMM\Desktop\FreeFileViewer.lnk
2012-12-14 07:56 - 2012-07-11 05:51 - 29577216 ____A (Any-Video-Converter.com ) C:\Users\DMM\Desktop\avc-free.exe
2012-12-14 07:08 - 2012-12-14 07:08 - 00001175 ____A C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2012-12-14 07:07 - 2010-11-14 14:43 - 00000000 ____D C:\Users\All Users\TechSmith
2012-12-14 07:07 - 2010-11-14 14:43 - 00000000 ____D C:\Program Files (x86)\TechSmith
2012-12-14 05:48 - 2012-12-14 05:48 - 00057942 ____A C:\Users\DMM\Desktop\PreziChanges.zip
2012-12-14 00:03 - 2009-07-13 20:45 - 00017504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-14 00:03 - 2009-07-13 20:45 - 00017504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-13 23:33 - 2012-12-13 23:33 - 00870374 ____A C:\Users\DMM\Desktop\NS2.bmp
2012-12-13 23:33 - 2012-12-13 23:33 - 00855154 ____A C:\Users\DMM\Desktop\NS3.bmp
2012-12-13 23:32 - 2012-12-13 23:32 - 00858230 ____A C:\Users\DMM\Desktop\NS1.bmp
2012-12-13 23:28 - 2010-06-24 21:22 - 00000000 ____D C:\Users\DMM\AppData\Roaming\12Pay
2012-12-13 22:41 - 2009-07-13 21:13 - 00879820 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-13 20:12 - 2012-07-12 09:45 - 00000000 ____D C:\Windows\rescache
2012-12-13 19:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-13 19:34 - 2009-07-13 20:45 - 05037768 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-13 19:07 - 2009-12-09 04:16 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-13 19:06 - 2009-09-18 11:51 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-13 16:14 - 2012-12-13 16:14 - 11077632 ____A C:\Users\DMM\Downloads\dban-2.2.7_i586.iso
2012-12-13 16:06 - 2012-07-02 15:04 - 00000000 ____D C:\Users\DMM\AppData\Local\CrashDumps
2012-12-13 05:48 - 2012-12-13 05:48 - 00017837 ____A C:\Users\DMM\Desktop\ui.theme.css
2012-12-13 05:48 - 2010-03-11 07:42 - 00835584 ____A C:\Users\DMM\AppData\Roaming\SharedSettings.ccs
2012-12-12 02:55 - 2012-04-12 00:03 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-12 02:55 - 2011-05-19 11:25 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-12 02:22 - 2012-12-12 02:22 - 00002883 ____A C:\Users\DMM\Desktop\CoffeeCup Free FTP.lnk
2012-12-11 17:15 - 2012-06-29 08:40 - 00000000 ____D C:\Users\DMM\Desktop\Projects
2012-12-11 17:10 - 2012-06-29 01:51 - 00000000 ____D C:\Users\DMM\Desktop\Passport
2012-12-11 17:02 - 2012-11-23 19:16 - 00001709 ____A C:\Users\Public\Desktop\Recuva.lnk
2012-12-11 15:33 - 2012-07-06 23:52 - 00000000 ____D C:\Program Files (x86)\Searchqu Toolbar
2012-12-11 15:25 - 2012-12-09 17:53 - 00000000 ____D C:\Users\DMM\AppData\Roaming\inkscape
2012-12-11 15:25 - 2009-12-08 05:19 - 00000000 ____D C:\users\DMM
2012-12-11 09:56 - 2012-12-11 09:56 - 00002024 ____A C:\Users\DMM\Desktop\ImageMagick Display.lnk
2012-12-11 09:56 - 2012-12-11 09:56 - 00000000 ____D C:\Program Files (x86)\ImageMagick-6.8.0-Q16
2012-12-11 09:26 - 2011-01-23 04:49 - 00000000 ____D C:\Users\DMM\AppData\Local\Conduit
2012-12-11 09:22 - 2012-12-11 09:22 - 00000000 ____D C:\Program Files (x86)\Conduit
2012-12-11 06:38 - 2012-12-11 06:38 - 00702126 ____A C:\Users\DMM\Desktop\aqua.bmp
2012-12-10 15:51 - 2012-12-10 15:51 - 00002111 ____A C:\Users\Public\Desktop\Blender.lnk
2012-12-10 15:51 - 2012-12-10 15:51 - 00000000 ____D C:\Users\DMM\.thumbnails
2012-12-10 15:50 - 2012-12-10 15:50 - 00000000 ____D C:\Program Files (x86)\Blender Foundation
2012-12-10 15:31 - 2012-12-10 15:30 - 00000000 ____D C:\Program Files (x86)\GIMP-2.0
2012-12-09 23:15 - 2012-06-08 13:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-09 17:51 - 2012-12-09 17:41 - 00000000 ____D C:\Program Files (x86)\Inkscape
2012-12-09 16:19 - 2012-12-09 16:19 - 00000000 ____D C:\Users\DMM\Documents\FlashDigger Plus
2012-12-09 16:19 - 2012-12-09 16:19 - 00000000 ____D C:\Users\DMM\AppData\Roaming\Openworld Learning
2012-12-09 16:18 - 2012-12-09 16:18 - 00158720 ____A (Openworld Learning, LLC) C:\Windows\FDUNINST.EXE
2012-12-09 16:18 - 2012-12-09 16:18 - 00000000 ____D C:\Program Files (x86)\Openworld
2012-12-09 15:50 - 2012-12-09 15:46 - 00000000 ____D C:\Users\DMM\AppData\Roaming\gpdf2swf
2012-12-09 15:45 - 2012-12-09 15:45 - 00000000 ____D C:\Program Files (x86)\SWFTools
2012-12-09 15:22 - 2012-12-09 15:15 - 00000000 ____D C:\Users\DMM\Desktop\Bounce
2012-12-09 14:50 - 2012-11-30 09:06 - 00000000 ____D C:\Program Files (x86)\Png2swf
2012-12-09 10:15 - 2012-10-11 15:51 - 00000972 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-12-08 13:42 - 2010-11-29 09:03 - 00000000 ____D C:\Users\DMM\AppData\Roaming\Audacity
2012-12-08 10:06 - 2012-12-08 10:05 - 00004090 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
2012-12-08 10:06 - 2009-09-18 11:44 - 00000000 ____D C:\Program Files (x86)\Java
2012-12-07 08:37 - 2012-12-07 08:37 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2012-12-07 08:37 - 2012-12-03 07:36 - 00000000 ____D C:\Program Files (x86)\Audacity
2012-12-06 06:25 - 2012-12-06 06:25 - 00000000 ____D C:\Users\DMM\Desktop\IRS
2012-12-06 06:23 - 2010-03-10 10:14 - 00000000 ____D C:\Users\DMM\AppData\Roaming\PrimoPDF
2012-12-06 04:00 - 2012-12-05 03:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-04 17:13 - 2012-12-04 17:11 - 00023040 ____A C:\Users\DMM\Desktop\PaymentPlan v3.xls
2012-12-03 07:16 - 2012-12-03 07:16 - 00000000 ____D C:\Users\DMM\AppData\Roaming\MP3SkypeRecorder
2012-12-03 07:16 - 2012-12-03 07:16 - 00000000 ____D C:\Users\DMM\AppData\Local\Alexander_Nikiforov
2012-12-03 07:15 - 2012-12-03 07:15 - 00000000 ____D C:\Program Files (x86)\MP3 Skype Recorder
2012-12-03 07:05 - 2009-12-08 05:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-12-03 07:05 - 2009-12-08 05:33 - 00000000 ____D C:\Users\All Users\Skype
2012-12-03 06:50 - 2012-12-03 06:23 - 00000000 ____D C:\Users\DMM\Documents\Pamela Call Recorder
2012-12-03 06:50 - 2012-12-03 06:23 - 00000000 ____D C:\Users\DMM\AppData\Roaming\Pamela Call Recorder
2012-12-03 06:23 - 2012-12-03 06:23 - 00000000 ____D C:\Users\DMM\AppData\Roaming\Pamela
2012-12-03 06:09 - 2011-01-19 06:22 - 00000204 ____A C:\Windows\MYOBP.INI
2012-12-03 06:08 - 2011-01-19 06:22 - 00000121 ____A C:\Windows\SwDrvs.ini
2012-12-03 06:08 - 2011-01-19 06:22 - 00000039 ____A C:\Windows\MYOB.INI
2012-12-01 02:30 - 2012-09-02 10:54 - 00000000 ____D C:\Users\DMM\AppData\Roaming\vlc
2012-11-30 06:27 - 2012-11-30 06:27 - 09865868 ____A C:\Users\DMM\Downloads\server_autoplayer_budle.zip
2012-11-29 15:18 - 2012-11-10 01:13 - 00000000 ____D C:\Users\DMM\AppData\Local\My ClickOnce Applications
2012-11-29 15:18 - 2010-11-19 01:40 - 00031232 ____A C:\Users\DMM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-29 15:18 - 2010-06-25 00:50 - 00000000 ____D C:\Users\DMM\AppData\Local\Deployment
2012-11-29 09:49 - 2012-11-23 19:15 - 00000000 ____D C:\Program Files\Recuva
2012-11-29 07:46 - 2012-02-27 06:26 - 00001024 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-11-29 07:46 - 2010-03-13 16:12 - 00000000 ____D C:\Program Files (x86)\CCleaner
2012-11-26 09:26 - 2012-11-26 09:26 - 09881087 ____A C:\Users\DMM\Downloads\server_autoplayer_bundle_demo.zip
2012-11-24 14:55 - 2012-08-13 13:54 - 00000000 ____D C:\Users\DMM\AppData\Local\FileTypeAssistant
2012-11-24 13:53 - 2012-11-24 13:53 - 00000000 ____D C:\Users\DMM\Documents\Aura Video Converter
2012-11-24 13:53 - 2012-11-24 13:53 - 00000000 ____D C:\Users\DMM\AppData\Roaming\Aura4You
2012-11-24 13:51 - 2012-11-24 13:51 - 00000000 ____D C:\Program Files (x86)\Aura4You
2012-11-24 09:43 - 2012-11-24 09:43 - 00000000 ____D C:\Users\DMM\AppData\Roaming\Modiac
2012-11-24 09:43 - 2012-11-24 09:43 - 00000000 ____D C:\Users\DMM\AppData\Local\Modiac
2012-11-24 09:42 - 2012-11-24 09:42 - 00000000 ____D C:\Program Files (x86)\Modiac
2012-11-21 19:26 - 2012-12-12 19:15 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-20 15:50 - 2012-11-20 15:50 - 00001345 ____A C:\Users\DMM\Desktop\Privacy Eraser Pro.lnk
2012-11-16 00:56 - 2009-09-18 11:47 - 00000000 ____D C:\Users\All Users\Adobe


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3932.94 MB
Available physical RAM: 3215.18 MB
Total Pagefile: 3931.09 MB
Available Pagefile: 3272.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (WINDOWS) (Fixed) (Total:226.14 GB) (Free:41.11 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:6.35 GB) (Free:0.47 GB) NTFS
3 Drive e: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (USB2) (Removable) (Total:14.43 GB) (Free:13.8 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 1024 KB
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 400 MB 1024 KB
Partition 2 Primary 226 GB 401 MB
Partition 3 Primary 6500 MB 226 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E SYSTEM NTFS Partition 400 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C WINDOWS NTFS Partition 226 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D Data NTFS Partition 6500 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F USB2 FAT32 Removable 14 GB Healthy

=========================================================

Last Boot: 2012-12-09 23:48

==================== End Of Log =============================

BC AdBot (Login to Remove)

 


#2 Solihull

Solihull
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 16 December 2012 - 09:53 AM

More info - sadly no system restore is available so that option is a dead-end.

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:02 PM

Posted 16 December 2012 - 11:23 AM

Hi Solihull,

Welcome to the forum.

Please refrain from doing any fix or making any changes to the system from now on until we are done unless you decide you can do the rest on your own. Thank you.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKU\DMM\...\RunOnce: [!iLividDSFF] C:\Windows\system32\RUNDLL32.EXE C:\Users\DMM\AppData\Local\Temp\installhelper.dll,_CallFunction _SetFFDS,Software\DM\FRU, [x]
HKU\DMM\...\RunOnce: [!iLividFFHP] C:\Windows\system32\RUNDLL32.EXE C:\Users\DMM\AppData\Local\Temp\INSTAL~1.DLL,_SetFirefoxHP http://www.searchnu.com/406, [x]
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
HKU\Classic .NET AppPool\...\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" [x]
HKU\DefaultAppPool\...\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
2012-12-14 08:28 - 2012-12-14 08:28 - 01302424 ____A (Bandoo Media Inc) C:\Users\DMM\Downloads\iLividSetup.exe
DisableService: AVGIDSAgent
DisableService: avgwd
DisableService: AVGIDSDriver
DisableService: AVGIDSHA
DisableService: Avgloga
DisableService: Avgldx64
DisableService: Avgmfx64
DisableService: Avgrkx64
DisableService: Avgtdia
end 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart, let it boot normally and tell me how it went.

#4 Solihull

Solihull
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 16 December 2012 - 11:36 AM

Fixed it by renaming avgmfx64.sys which I'll now delete then reinstall AVG. Many thanks for your help but I had already taken this action.

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:02 PM

Posted 16 December 2012 - 11:39 AM

You are most welcome. :)

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users