Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer lagging considerably, crashing [Solved]


  • This topic is locked This topic is locked

#16
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

But now I'm looking for the OLTfix.txt and it's not on the desktop, nor in the :/_OTL/ folder - there is only a Moved Files subfolder there. I don't see it even in the history of notepad. Should I run it again?


No don't worry about it. It was only a bit of a cleanup. I am not seeing malware as the cause of this.

Just one more scan to make sure all areas are covered.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Edited by emeraldnzl, 16 December 2012 - 06:59 PM.
typo

  • 0

Advertisements


#17
Theo Haris

Theo Haris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Here is the log of the ESET Online Scanner. It found and cleaned two threats.

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=9ae217ed901da24bb675fec86c14bb3d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-12-17 02:19:29
# local_time=2012-12-17 04:19:29 )
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 100 94 3195849 132467441 0 0
# compatibility_mode=5893 16776573 100 94 63767 107383819 0 0
# scanned=196097
# found=2
# cleaned=2
# scan_time=6333
C:\Users\Resident\Documents\KMS.Activator.for.Microsoft.Office.2010.Applications.x86.x64.Multilingual-FIXISO\mini-KMS_Activator_v1.053.exe a variant of Win32/HackKMS.A application (deleted - quarantined) FBEA3CE0875E08071CF3951CC695B223DF0C3430 C
C:\Users\Resident\Downloads\DAEMONToolsPro500316-0317.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 4C9A5D33AED4AD4DDFFC386A1E6A6FFB6D56063B C
  • 0

#18
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
I am wondering whether there is some conflict going on with your security programs. Try turning Windows Defender off and see if that makes a difference.

How to turn Windows Defender on or off

1. Open Windows Defender going to Start button , clicking All Programs, and then clicking Windows Defender.

2. Click Tools, and then click Options.

3. Under Administrator options, select or clear the Use Windows Defender check box, and then click Save.

Administrator permission required. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Tell me how your computer is after doing that.
  • 0

#19
Theo Haris

Theo Haris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hi Emerald! Ok, I did that. I don't see any significant change, but my computer has not crashed for two days now, and has frozen only once. Do you think perhaps the problem might have been fixed?
  • 0

#20
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

but my computer has not crashed for two days now


Could be, I am not seeing malware there.

I think we can assume for now your machine is fixed and go to clearing away the tools we have been using. I will leave the topic open for a couple of days afterward in case anything develops.

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.
  • Go to Start > Programs > Accessories and click on Run
  • Copy and paste the the bolded text below in the box then hit OK

    Combofix /Uninstall

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Any other tools remaining may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:

  • If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

    And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
  • Malwarebytes
  • SuperAntiSpyWare
Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#21
Theo Haris

Theo Haris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Dear emerald,

I have taken all the steps you have mentioned. I would like to thank you for taking the time to help me with my computer; hopefully it will run smoothly from now on! I think I'll also try to update the drivers of the graphic card, in case something's wrong there. Thank you also for leaving the topic open for a couple of days.

My best,
Theo
  • 0

#22
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

I think I'll also try to update the drivers of the graphic card


Worth a try. Drivers often turn out to be the problem but it could also be the card itself. Sometime ago my XP machine started playing up. I was almost convinced it was the hard drive failing, it was after all 11 years old. After much angst and research it turned out it was the graphics card. I replaced it; after that all worked fine.

If your machine is working okay I wouldn't mess around too much. Don't change a winning game I say. ;)

I would like to thank you for taking the time to help me with my computer


You are very welcome. :happy:

As I said I will leave this topic open a day or so in case there are any developments.
  • 0

#23
Theo Haris

Theo Haris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Dear emerald,

Sorry to bother you again, but my computer just suffered from a "crash dump". Since no malware was found, can it be finally this is a hardware issue? Would you recommend me to look at the graphics card? Or the hard drive? Any suggestion would be much appreciated...

Thank you!
  • 0

#24
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello Theo Haris,

Did you make a note of the error message?
  • 0

#25
Theo Haris

Theo Haris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hi emerald,

It was exactly like the one found in this youtube video, perhaps with a different STOP number:
  • 0

Advertisements


#26
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Follow the instructions at Windows 7 - Memory Diagnostics Tool to check your machines memory.

When finished you should see some results of the diagnostics.

Come back here and post what was found.
  • 0

#27
Theo Haris

Theo Haris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I ran it as per the instructions. No faults in memory were detected... The funny thing is, I should be happy, but would be happier if I knew what causes this problem instead of getting a "clean" computer...
  • 0

#28
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

but would be happier if I knew what causes this problem


You and me both... :lol:

Let's do this to make a deeper check for malware.

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will create a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]
  • 0

#29
Theo Haris

Theo Haris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Here you go! Once more, thank you very much for your help!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-12-2012
Ran by SYSTEM at 19-12-2012 14:07:52
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: 0Greek
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2277480 2011-08-15] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Resident\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
AppInit_DLLs: C:\Windows\System32\nvinitx.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk
ShortcutTarget: Device Detector 3.lnk -> C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Resident\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Resident\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2012-05-19] (Adobe Systems)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)

==================== Drivers (Whitelisted) =====================

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
3 b57xdbd; C:\Windows\System32\Drivers\b57xdbd.sys [67624 2011-01-20] (Broadcom Corporation)
3 b57xdmp; C:\Windows\System32\Drivers\b57xdmp.sys [19496 2011-01-20] (Broadcom Corporation)
3 bScsiMSa; C:\Windows\System32\Drivers\bScsiMSa.sys [51240 2011-05-16] (Broadcom Corporation)
3 bScsiSDa; C:\Windows\System32\Drivers\bScsiSDa.sys [86056 2011-05-06] (Broadcom Corporation)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-04-07] (DT Soft Ltd)
3 VNUSB; C:\Windows\System32\Drivers\VNUSB.sys [22528 2009-09-29] (OLYMPUS IMAGING CORP.)
3 VNUSB; C:\Windows\SysWow64\Drivers\VNUSB.sys [38496 2006-04-07] (OLYMPUS IMAGING CORP.)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-19 03:44 - 2012-12-19 03:44 - 01461035 ____A (Farbar) C:\Users\Resident\Desktop\FRST64.exe
2012-12-18 18:08 - 2012-12-18 18:08 - 00896016 ____A (Oracle Corporation) C:\Users\Resident\Desktop\jxpiinstall(1).exe
2012-12-18 18:08 - 2012-12-18 18:08 - 00004453 ____A C:\Windows\SysWOW64\jupdate-1.7.0_10-b18.log
2012-12-18 18:08 - 2012-11-28 00:35 - 00095184 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-12-18 18:08 - 2012-11-28 00:31 - 00174000 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-12-18 18:08 - 2012-11-28 00:31 - 00173992 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-12-18 18:07 - 2012-12-18 18:07 - 00896016 ____A (Oracle Corporation) C:\Users\Resident\Desktop\jxpiinstall.exe
2012-12-17 06:18 - 2012-12-17 06:19 - 00002120 ____A C:\scu.dat
2012-12-17 04:31 - 2012-12-17 04:31 - 00000000 ____D C:\Program Files (x86)\ESET
2012-12-16 16:43 - 2012-12-16 16:43 - 00003544 ____N C:\bootsqm.dat
2012-12-16 14:02 - 2012-12-16 14:02 - 00000000 __SHD C:\found.001
2012-12-16 11:50 - 2012-12-16 12:17 - 00000453 ____A C:\VEW.txt
2012-12-16 05:17 - 2012-12-17 11:18 - 00000000 ____D C:\Windows\erdnt
2012-12-15 10:13 - 2012-12-17 10:40 - 00000000 ____D C:\Users\Resident\Downloads\The Wire
2012-12-13 14:10 - 2012-12-17 14:22 - 00000000 ____D C:\Users\Resident\Desktop\Quiz 4
2012-12-12 18:05 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-12 18:05 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-12 18:05 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-12 18:05 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-12 18:05 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-12 18:05 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-12 18:05 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-12 18:05 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-12 18:05 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-12 18:05 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-12 18:05 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-12 18:05 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-12 18:05 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-12 18:05 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-12 18:05 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-12 18:05 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-12 18:05 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-12 18:05 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-12 18:05 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-12 18:05 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-12 18:05 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-12 18:05 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-12 18:05 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-12 18:05 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-12 18:05 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-12 18:05 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-12 18:05 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-12 18:05 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-12 18:05 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-12 18:05 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-12 18:05 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-12 18:05 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-12 05:41 - 2012-12-12 05:41 - 00000000 ____D C:\Users\Resident\Desktop\Wi
2012-12-12 04:15 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-12 04:15 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-12 04:15 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-12 04:15 - 2012-11-05 13:35 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-12 04:15 - 2012-11-05 12:41 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-12 04:15 - 2012-11-05 12:32 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-12 04:15 - 2012-11-05 12:32 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-12 04:15 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-12 04:15 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-12 04:15 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-12 04:15 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-12 04:15 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-12 04:15 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-12 04:15 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-12 04:15 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-12 04:15 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-12 04:15 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-12 04:15 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-12 04:15 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-12 04:15 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-12 04:15 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-12 04:15 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-12 04:15 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 04:15 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-08 05:49 - 2012-12-08 05:49 - 00000000 ____D C:\Users\Resident\AppData\Roaming\Malwarebytes
2012-12-08 05:49 - 2012-12-08 05:49 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-08 05:49 - 2012-12-08 05:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-08 05:49 - 2012-09-29 09:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-05 04:47 - 2012-12-05 04:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-03 19:07 - 2012-12-15 10:12 - 00000000 ____D C:\Users\Resident\Downloads\The Residents
2012-12-02 12:55 - 2012-12-02 13:59 - 00000000 ____D C:\Users\Resident\Desktop\Reports
2012-11-30 04:20 - 2012-12-02 06:34 - 00000000 ____D C:\Users\Resident\Desktop\Club
2012-11-26 12:35 - 2012-11-26 12:35 - 00000000 ____D C:\Users\Resident\Documents\Yoga
2012-11-26 07:40 - 2012-11-26 07:40 - 00262144 ____A C:\Windows\Minidump\112612-22105-01.dmp
2012-11-24 07:20 - 2012-11-24 07:20 - 00000000 ____D C:\Users\Resident\AppData\Roaming\SPSSInc
2012-11-23 09:51 - 2012-12-14 15:39 - 00000000 ____D C:\Windows\Minidump
2012-11-23 09:51 - 2012-12-14 09:26 - 00453609 ____N C:\Windows\Minidump\121512-16879-01.dmp
2012-11-23 03:33 - 2012-11-23 03:33 - 00000165 ___AH C:\Users\Resident\Desktop\~$Final Data Collection.xlsx


==================== One Month Modified Files and Folders =======

2012-12-19 04:03 - 2012-04-07 05:41 - 00000000 ____D C:\Users\All Users\clear.fi
2012-12-19 04:02 - 2012-07-15 04:42 - 00001184 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-19 04:02 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-19 04:02 - 2009-07-13 20:51 - 00077975 ____A C:\Windows\setupact.log
2012-12-19 04:01 - 2012-01-14 09:46 - 01557690 ____A C:\Windows\WindowsUpdate.log
2012-12-19 03:45 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-19 03:45 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-19 03:44 - 2012-12-19 03:44 - 01461035 ____A (Farbar) C:\Users\Resident\Desktop\FRST64.exe
2012-12-18 19:09 - 2012-04-17 10:54 - 00001206 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2489475875-556501952-1685469658-1001UA.job
2012-12-18 19:05 - 2012-07-15 04:42 - 00001188 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-18 18:57 - 2012-04-07 12:35 - 00000000 ____D C:\Users\Resident\AppData\Roaming\vlc
2012-12-18 18:34 - 2012-04-07 09:54 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-18 18:08 - 2012-12-18 18:08 - 00896016 ____A (Oracle Corporation) C:\Users\Resident\Desktop\jxpiinstall(1).exe
2012-12-18 18:08 - 2012-12-18 18:08 - 00004453 ____A C:\Windows\SysWOW64\jupdate-1.7.0_10-b18.log
2012-12-18 18:08 - 2012-09-20 05:19 - 00000000 ____D C:\Program Files (x86)\Java
2012-12-18 18:07 - 2012-12-18 18:07 - 00896016 ____A (Oracle Corporation) C:\Users\Resident\Desktop\jxpiinstall.exe
2012-12-17 19:48 - 2012-09-09 13:49 - 00000000 ____D C:\Users\Resident\Desktop\GE155 Fall 2012
2012-12-17 17:34 - 2012-04-27 09:55 - 03010560 __ASH C:\Users\Resident\Desktop\Thumbs.db
2012-12-17 14:22 - 2012-12-13 14:10 - 00000000 ____D C:\Users\Resident\Desktop\Quiz 4
2012-12-17 11:20 - 2010-11-20 19:47 - 00018564 ____A C:\Windows\PFRO.log
2012-12-17 11:18 - 2012-12-16 05:17 - 00000000 ____D C:\Windows\erdnt
2012-12-17 11:17 - 2012-04-07 07:23 - 00000000 ____D C:\Users\Resident\AppData\Roaming\Skype
2012-12-17 10:40 - 2012-12-15 10:13 - 00000000 ____D C:\Users\Resident\Downloads\The Wire
2012-12-17 10:40 - 2012-09-05 02:27 - 00000000 ____D C:\Users\Resident\Desktop\GE
2012-12-17 06:19 - 2012-12-17 06:18 - 00002120 ____A C:\scu.dat
2012-12-17 04:31 - 2012-12-17 04:31 - 00000000 ____D C:\Program Files (x86)\ESET
2012-12-16 16:43 - 2012-12-16 16:43 - 00003544 ____N C:\bootsqm.dat
2012-12-16 14:02 - 2012-12-16 14:02 - 00000000 __SHD C:\found.001
2012-12-16 12:17 - 2012-12-16 11:50 - 00000453 ____A C:\VEW.txt
2012-12-16 11:42 - 2012-04-07 05:30 - 00112728 ____A C:\Users\Resident\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-16 11:42 - 2012-04-07 05:29 - 00000000 ____D C:\Users\Resident\AppData\Local\VirtualStore
2012-12-16 11:40 - 2009-07-13 20:45 - 00432752 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-16 07:27 - 2012-03-24 08:24 - 00000000 ___RD C:\Users\Resident\Desktop\HAU
2012-12-16 07:26 - 2012-04-07 10:17 - 00000000 ____D C:\Users\Resident\Desktop\¸ñãï
2012-12-16 05:26 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-12-15 12:49 - 2012-04-07 10:22 - 00000000 ____D C:\Users\Resident\Documents\ÂéïãñáöéêÜ
2012-12-15 12:26 - 2012-04-07 15:08 - 00000000 ____D C:\Users\Resident\AppData\Roaming\uTorrent
2012-12-15 10:12 - 2012-12-03 19:07 - 00000000 ____D C:\Users\Resident\Downloads\The Residents
2012-12-14 15:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2012-12-14 15:39 - 2012-11-23 09:51 - 00000000 ____D C:\Windows\Minidump
2012-12-14 09:26 - 2012-11-23 09:51 - 00453609 ____N C:\Windows\Minidump\121512-16879-01.dmp
2012-12-14 04:01 - 2012-01-14 10:39 - 00559960 ____A C:\Windows\System32\perfh008.dat
2012-12-14 04:01 - 2012-01-14 10:39 - 00089586 ____A C:\Windows\System32\perfc008.dat
2012-12-14 04:01 - 2009-07-13 21:13 - 01364140 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-14 03:44 - 2009-07-13 21:08 - 00032486 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-13 13:39 - 2012-04-07 16:28 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-12 18:05 - 2012-04-07 07:29 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-12 05:42 - 2012-10-19 16:40 - 00000000 ____D C:\Users\Resident\Desktop\GE156 Collab
2012-12-12 05:41 - 2012-12-12 05:41 - 00000000 ____D C:\Users\Resident\Desktop\WID2
2012-12-12 03:09 - 2012-04-17 10:54 - 00001154 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2489475875-556501952-1685469658-1001Core.job
2012-12-11 13:34 - 2012-04-07 09:54 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-11 13:34 - 2011-10-13 20:45 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-09 05:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-08 05:49 - 2012-12-08 05:49 - 00000000 ____D C:\Users\Resident\AppData\Roaming\Malwarebytes
2012-12-08 05:49 - 2012-12-08 05:49 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-08 05:49 - 2012-12-08 05:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-06 03:19 - 2012-04-25 04:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-05 04:48 - 2012-12-05 04:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-02 14:00 - 2012-10-28 06:52 - 00000000 ____D C:\Users\Resident\Desktop\Alexandra
2012-12-02 13:59 - 2012-12-02 12:55 - 00000000 ____D C:\Users\Resident\Desktop\Reports
2012-12-02 06:34 - 2012-11-30 04:20 - 00000000 ____D C:\Users\Resident\Desktop\Club
2012-12-02 05:23 - 2011-10-13 20:26 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-12-02 05:23 - 2011-10-13 20:26 - 00000000 ____D C:\Users\All Users\Skype
2012-11-28 00:35 - 2012-12-18 18:08 - 00095184 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-11-28 00:31 - 2012-12-18 18:08 - 00174000 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-11-28 00:31 - 2012-12-18 18:08 - 00173992 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-11-27 01:19 - 2012-04-07 05:29 - 00000000 ____D C:\users\Resident
2012-11-26 12:35 - 2012-11-26 12:35 - 00000000 ____D C:\Users\Resident\Documents\Yoga
2012-11-26 07:40 - 2012-11-26 07:40 - 00262144 ____A C:\Windows\Minidump\112612-22105-01.dmp
2012-11-24 07:20 - 2012-11-24 07:20 - 00000000 ____D C:\Users\Resident\AppData\Roaming\SPSSInc
2012-11-23 03:33 - 2012-11-23 03:33 - 00000165 ___AH C:\Users\Resident\Desktop\~$Final Data Collection.xlsx
2012-11-21 19:26 - 2012-12-12 04:15 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-17 11:18:43
Restore point made on: 2012-12-18 18:07:50

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 5995.86 MB
Available physical RAM: 5186.11 MB
Total Pagefile: 5994.06 MB
Available Pagefile: 5171.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:308.64 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:1.77 GB) NTFS
4 Drive g: (USB DISK) (Fixed) (Total:3.73 GB) (Free:1.28 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

¤œ¬£˜« ¡á › ¡˜ é£˜«˜ © 1999-2008 ‘«¦¤ ¬§¦¢¦š ©«ã: MININT-672FE35

ƒå©¡¦ª ### ‰˜«á©«˜©ž ‹âšœŸ¦ª „¢œçŸœ¨¦ª ®é¨¦ª Dyn Gpt
---------- ---------- ------- --------------- --- ---
ƒå©¡¦ª 0 ‹œ ©ç¤›œ©ž 465 GB 0 B
ƒå©¡¦ª 1 ‹œ ©ç¤›œ©ž 3824 MB 0 B

‰¢œå© £¦ «¦¬ DiskPart...


Last Boot: 2012-12-09 05:11

==================== End Of Log =============================
  • 0

#30
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello Theo Haris,

Please download and run ListParts64 by Farbar (for 64-bit system)

Click on Scan button.

Scan result will open in Notepad.

Post post the log (Result.txt) in your next reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP