Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PC Won't Boot After AVG and Tuneup Scan

Started by dogbiscuit , Jul 25 2012 07:04 AM

  • Please log in to reply

#1
dogbiscuit
Posted 25 July 2012 - 07:04 AM

dogbiscuit

    Member

  • Member
  • PipPipPip
  • 149 posts
Hello all,
A few days ago I installed AVG free and their free PC tuneup, and scanned with them both. They picked up a lot of stuff, despite the fact my PC has been running fine. The next time I started my PC after this it wouldn't boot. It restarts just before it reaches the welcome screen, with no error message, and stays in this loop. I can't get into safe mode at all either. I've tried running my Windows 7 repair disc but it tells me it's not compatible, but it's worked in the past.
Is this a known problem, and is there anything I can do?
  • 0

Advertisements

#2
Amlak
Posted 25 July 2012 - 07:51 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, dogbiscuit. Welcome to GTG. Let's help you out with your malware issue. Just keep in mind that some of my later replies may be slightly delayed as all my fixes need to be approved by an expert before they are submitted here.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

#3
dogbiscuit
Posted 25 July 2012 - 04:28 PM

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Hi there,
Thanks for your reply. Here's the log:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 25-07-2012 23:13:03
Running from G:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
========================== Registry (Whitelisted) =============

HKLM\...\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a [2143552 2012-03-21] (FSPro Labs)
HKU\Craig\...\Run: [Google Update] "C:\Users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-06-16] (Google Inc.)
HKU\Craig\...\Run: [Facebook Update] "C:\Users\Craig\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\Craig\...\Run: [Spotify Web Helper] "C:\Users\Craig\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1192664 2012-06-29] ()
HKU\Craig\...\Winlogon: [Shell] Explorer.exe [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs:
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (No File)
Startup: C:\Users\Craig\Start Menu\Programs\Startup\Run POPFile.lnk
ShortcutTarget: Run POPFile.lnk -> C:\Program Files\POPFile\runpopfile.exe (No File)

================================ Services (Whitelisted) ==================

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2009-06-11] (Adobe Systems)
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [250056 2012-07-12] (Adobe Systems Incorporated)
2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [55184 2012-05-24] (Apple Inc.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
3 Creative Audio Engine Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" [79360 2010-02-05] (Creative Labs)
3 Creative Dolby Digital Live Pack Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe" [79360 2010-02-17] (Creative Labs)
3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252728 2007-02-13] (Creative Technology Ltd.)
2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-12-29] (Creative Technology Ltd)
3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219448 2007-02-13] (Creative Technology Ltd)
3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321848 2007-02-13] (Creative Technology Ltd)
3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190264 2007-02-13] (Creative Technology Ltd)
3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363320 2007-02-13] (Creative Technology Ltd)
3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571128 2007-02-13] (Creative Technology Ltd.)
3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123704 2007-02-13] (Creative Technology Ltd.)
2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -s [77824 2011-03-02] (Avid Technology, Inc.)
3 digiSPTIService; "C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe" [159744 2011-03-02] (Avid Technology, Inc.)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 2009-07-13] (Microsoft Corporation)
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [655624 2009-06-14] (Acresso Software Inc.)
3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1038088 2009-06-14] (Acresso Software Inc.)
3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation)
2 fsproflt; C:\Windows\SysWOW64\fsproflt.exe [73392 2009-05-03] (FSPro Labs)
2 gupdate1cc0b27bf130ca3; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2009-09-29] (Google Inc.)
3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [133104 2009-09-29] (Google Inc.)
3 idsvc; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [856400 2010-11-04] (Microsoft Corporation)
2 lxbl_device; C:\Windows\system32\lxblcoms.exe -service [566704 2007-04-20] ( )
2 MboxAudioDevMon; "C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe" [1919504 2010-10-07] (Avid)
2 MboxMiniAudioDevMon; "C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe" [1919504 2010-10-08] (Avid)
2 MboxProAudioDevMon; "C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe" [1919504 2010-10-08] (Avid)
3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [129976 2012-05-13] (Mozilla Foundation)
4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [116560 2009-06-10] (Microsoft Corporation)
2 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2009-07-13] ()
3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [440696 2011-07-19] (Microsoft Corporation)
3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-26] (Microsoft Corporation)
2 OxygenAudioDevMon; "C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe" [1632776 2010-03-03] (M-Audio)
3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [160944 2012-06-05] (Skype Technologies)
2 SPAMfighter Update Service; "C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe" service [215688 2011-06-01] (SPAMfighter ApS)
2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1299080 2011-06-01] (SPAMfighter ApS)
2 vToolbarUpdater12.1.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [830048 2012-07-21] ()
2 YahooAUService; "C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe" [602392 2008-11-09] (Yahoo! Inc.)

========================== Drivers (Whitelisted) =============

2 ASTRA64; \??\C:\Program Files (x86)\ASTRA32\ASTRA64.sys [21200 2007-02-22] (Licensed for Sysinfo Lab)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [289872 2012-02-21] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [383808 2012-03-18] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-07-21] (AVG Technologies)
3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
3 COMMONFX; C:\Windows\System32\drivers\COMMONFX.SYS [158808 2009-09-23] (Creative Technology Ltd)
3 COMMONFX.SYS; C:\Windows\System32\drivers\COMMONFX.SYS [158808 2009-09-23] (Creative Technology Ltd)
3 CTAUDFX; C:\Windows\System32\drivers\CTAUDFX.SYS [706648 2009-09-23] (Creative Technology Ltd)
3 CTAUDFX.SYS; C:\Windows\System32\drivers\CTAUDFX.SYS [706648 2009-09-23] (Creative Technology Ltd)
3 CTERFXFX; C:\Windows\System32\drivers\CTERFXFX.SYS [141912 2009-09-23] (Creative Technology Ltd)
3 CTERFXFX.SYS; C:\Windows\System32\drivers\CTERFXFX.SYS [141912 2009-09-23] (Creative Technology Ltd)
3 ctgame; C:\Windows\System32\DRIVERS\ctgame.sys [26328 2009-09-23] (Creative Technology Ltd.)
3 CTSBLFX; C:\Windows\System32\drivers\CTSBLFX.SYS [681048 2009-09-23] (Creative Technology Ltd)
3 CTSBLFX.SYS; C:\Windows\System32\drivers\CTSBLFX.SYS [681048 2009-09-23] (Creative Technology Ltd)
3 dalwdmservice; C:\Windows\System32\drivers\dalwdm.sys [139792 2009-12-14] (Avid, Inc. All rights reserved.)
3 DCamUSBVM; C:\Windows\System32\Drivers\usbVM31b.sys [142336 2005-09-19] (Vimicro Corporation)
3 DGUSBAP; C:\Windows\System32\DRIVERS\dgmbx2.sys [194864 2011-02-13] (Avid Technology, Inc.)
2 DigiNet; C:\Windows\System32\DRIVERS\diginet.sys [23344 2011-03-03] (Avid Technology, Inc.)
3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [54848 2010-07-22] (FSPro Labs)
3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [1360984 2009-09-23] (Creative Technology Ltd)
3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [259672 2009-09-23] (Creative Technology Ltd)
3 hap17v2k; C:\Windows\System32\drivers\hap17v2k.sys [295000 2009-09-23] (Creative Technology Ltd)
3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
3 MBX2DFU; C:\Windows\System32\DRIVERS\dgmbx2fu.sys [32944 2011-02-13] (Avid Technology, Inc.)
3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-12-14] (Avid, Inc. All rights reserved.)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
3 OXYGEN; C:\Windows\System32\DRIVERS\MAudioOxygen.sys [134664 2010-03-03] (M-Audio)
3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [708200 2012-04-11] (Realtek )
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh64.sys [197120 2009-03-06] (Realtek Corporation )
3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [127488 2010-04-26] (MCCI)
3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [18944 2010-04-26] (MCCI Corporation)
3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [161280 2010-04-26] (MCCI Corporation)
3 TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [16448 2010-06-14] (Teruten Inc)
0 Tpkd; C:\Windows\System32\Drivers\Tpkd.sys [105592 2009-12-23] (PACE Anti-Piracy, Inc.)
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [x]
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]
0 speedfan; SysWOW64\speedfan.sys [x]
3 swmidi; [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-21 05:53 - 2012-07-21 05:53 - 00000025 ____A C:\Users\Craig\Desktop\die aertze.txt
2012-07-21 03:36 - 2012-07-21 03:38 - 00000000 ____D C:\Users\Craig\AppData\Roaming\AVG
2012-07-21 03:35 - 2012-07-21 03:35 - 00001146 ____A C:\Users\Craig\Desktop\AVG PC Tuneup 2011.lnk
2012-07-21 03:25 - 2012-07-21 03:25 - 00000000 ____D C:\Users\Craig\AppData\Roaming\AVG2012
2012-07-21 03:20 - 2012-07-21 03:20 - 00000000 ____D C:\Users\Craig\AppData\Local\AVG Secure Search
2012-07-21 03:19 - 2012-07-21 03:21 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-07-21 03:19 - 2012-07-21 03:19 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-07-21 03:19 - 2012-07-21 03:19 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-21 03:19 - 2012-07-21 03:19 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-07-21 03:17 - 2012-07-21 03:35 - 00000000 ____D C:\Users\All Users\AVG2012
2012-07-21 03:17 - 2012-07-21 03:30 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-07-21 03:17 - 2012-07-21 03:17 - 00000000 ___HD C:\$AVG
2012-07-21 03:10 - 2012-07-21 03:30 - 00000000 ____D C:\Users\All Users\MFAData
2012-07-21 02:43 - 2012-07-21 02:44 - 00000000 ____D C:\Users\Craig\AppData\Local\{C175A049-9E51-401D-BB7B-D6C3B5822DEE}
2012-07-21 02:43 - 2012-07-21 02:43 - 00000000 ____D C:\Users\Craig\AppData\Local\{5A2BFE95-2C53-4B9F-8C43-BE6C0004B8B8}
2012-07-20 06:53 - 2012-07-20 06:53 - 00000000 ____D C:\Users\Craig\AppData\Local\{D41FCAEA-0B33-45E9-AF84-B850C9B64339}
2012-07-20 06:53 - 2012-07-20 06:53 - 00000000 ____D C:\Users\Craig\AppData\Local\{BB218AD1-0606-4F69-8A24-0B3EC1C0D82D}
2012-07-19 18:53 - 2012-07-19 18:53 - 00000000 ____D C:\Users\Craig\AppData\Local\{C6B4A1C1-7E32-4C2F-BED6-CDCE40DAD8B9}
2012-07-19 18:53 - 2012-07-19 18:53 - 00000000 ____D C:\Users\Craig\AppData\Local\{BFE37052-D088-4B89-AE84-ABBC60BD959F}
2012-07-19 02:39 - 2012-07-19 02:39 - 00000000 ____D C:\Users\Craig\AppData\Local\{9B30001C-164D-4C30-B8F6-7E641E35914A}
2012-07-19 02:38 - 2012-07-19 02:39 - 00000000 ____D C:\Users\Craig\AppData\Local\{8A0305BD-6A30-4BE3-9018-11E2B216C67D}
2012-07-18 04:25 - 2012-07-18 04:25 - 00000000 ____D C:\Users\Craig\AppData\Local\{E6E963E7-6F86-4CD4-9344-C10B79D92D68}
2012-07-18 04:25 - 2012-07-18 04:25 - 00000000 ____D C:\Users\Craig\AppData\Local\{2C6435B7-EB1F-4FD0-81A6-44CE69F50F3B}
2012-07-17 04:23 - 2012-07-17 04:24 - 00000000 ____D C:\Users\Craig\AppData\Local\{54FE3B10-E228-4726-A18D-81B42CEDB7CD}
2012-07-17 04:23 - 2012-07-17 04:23 - 00000000 ____D C:\Users\Craig\AppData\Local\{B4E2DC7A-7DF5-4AB4-B24C-4DBF4B65D2F6}
2012-07-16 13:22 - 2012-07-16 13:23 - 00291624 ____A C:\Windows\Minidump\071612-22953-01.dmp
2012-07-16 13:22 - 2012-07-16 13:22 - 515132710 ____A C:\Windows\MEMORY.DMP
2012-07-16 04:44 - 2012-07-16 04:45 - 00000000 ____D C:\Users\Craig\AppData\Local\{4A1179CC-451F-4760-96DA-D3DA2E69E632}
2012-07-16 04:44 - 2012-07-16 04:44 - 00000000 ____D C:\Users\Craig\AppData\Local\{6C4E3EF7-24CB-455D-AC62-B01D0DACDA17}
2012-07-15 16:28 - 2012-07-15 16:28 - 00000000 ____D C:\Users\Craig\AppData\Local\{3FDEC473-030E-4A73-8C70-2F61C973D22F}
2012-07-15 16:27 - 2012-07-15 16:28 - 00000000 ____D C:\Users\Craig\AppData\Local\{1B600151-7366-49F7-A42C-2FF4B5228D1C}
2012-07-15 04:27 - 2012-07-15 04:27 - 00000000 ____D C:\Users\Craig\AppData\Local\{DE2E01D0-9B50-4292-AAEF-0086AB62E6C9}
2012-07-15 04:27 - 2012-07-15 04:27 - 00000000 ____D C:\Users\Craig\AppData\Local\{5B5B0B7F-31B3-487A-A49B-9C5323658F7E}
2012-07-14 17:01 - 2012-07-14 17:01 - 00001190 ____A C:\Windows\SysWOW64\ServiceConfig.xml
2012-07-14 16:27 - 2012-07-14 16:27 - 00000000 ____D C:\Users\Craig\AppData\Local\{D41C8FE0-FC4E-42A9-80EB-BF6CD5C7DF62}
2012-07-14 16:26 - 2012-07-14 16:27 - 00000000 ____D C:\Users\Craig\AppData\Local\{E41AE947-FF2F-4D36-97AE-0CA2B74EFEB6}
2012-07-14 04:26 - 2012-07-14 04:26 - 00000000 ____D C:\Users\Craig\AppData\Local\{F9B7AE34-61DD-4E19-B0CE-B623ABB11550}
2012-07-14 04:26 - 2012-07-14 04:26 - 00000000 ____D C:\Users\Craig\AppData\Local\{42041555-7956-4597-BDC3-42C5B07733D9}
2012-07-13 04:27 - 2012-07-20 03:25 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-07-13 04:27 - 2012-07-13 04:27 - 00000000 ____D C:\Users\Craig\AppData\Local\adaware
2012-07-13 03:27 - 2012-07-13 03:28 - 00000000 ____D C:\Users\Craig\AppData\Local\{CBD61457-C28B-4F41-912B-AED81A81B37E}
2012-07-13 03:27 - 2012-07-13 03:27 - 00000000 ____D C:\Users\Craig\AppData\Local\{BF4A2945-10A0-41A4-B775-5241A5CE546D}
2012-07-12 15:05 - 2012-07-12 15:05 - 00000000 ____D C:\Users\Craig\AppData\Local\{D5AE4472-C1DE-466D-BFAB-E51D3C23DF6A}
2012-07-12 15:05 - 2012-07-12 15:05 - 00000000 ____D C:\Users\Craig\AppData\Local\{97F6470B-A6D6-4F23-9FB5-E4497453404D}
2012-07-12 04:37 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 04:33 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-12 04:33 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-12 04:33 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-12 04:33 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-12 04:33 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-12 04:33 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-12 04:33 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-12 04:33 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-12 04:33 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-12 04:33 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-12 04:33 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-12 04:33 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-12 04:33 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-12 04:33 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-12 04:33 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-12 04:33 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-12 04:33 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-12 04:33 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-12 04:32 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-12 04:32 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-12 04:32 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-12 04:32 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-12 04:32 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-12 04:32 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-12 04:32 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-12 04:32 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-12 04:32 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-12 04:32 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-12 03:11 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-12 03:11 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-12 03:11 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-12 03:11 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-12 03:11 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-12 03:11 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-12 03:11 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-12 03:11 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-12 03:11 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-12 03:11 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-12 03:11 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-12 03:11 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-12 03:11 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-12 03:11 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-12 03:11 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-12 03:11 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-12 03:11 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-12 03:11 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-12 03:11 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-12 03:04 - 2012-07-12 03:04 - 00000000 ____D C:\Users\Craig\AppData\Local\{50A1FCBD-1961-46BB-B7B2-1FE8BEA1244A}
2012-07-12 03:04 - 2012-07-12 03:04 - 00000000 ____D C:\Users\Craig\AppData\Local\{112C2472-8768-494C-9E0C-2A88B1B39B5C}
2012-07-11 04:13 - 2012-07-11 04:13 - 00000000 ____D C:\Users\Craig\AppData\Local\{F2226C85-06B3-43D6-AB62-A92A5A12A4AE}
2012-07-11 04:13 - 2012-07-11 04:13 - 00000000 ____D C:\Users\Craig\AppData\Local\{79F3CCA2-C1A9-46A6-B89C-FB9625D5B1C0}
2012-07-10 04:56 - 2012-07-10 04:56 - 00000000 ____D C:\Users\Craig\AppData\Local\{DA53D716-3FCE-46A3-8BB3-060D0EA46A30}
2012-07-10 04:56 - 2012-07-10 04:56 - 00000000 ____D C:\Users\Craig\AppData\Local\{50DF57F3-E0FA-4138-B2F1-0DEDE8236359}
2012-07-09 13:08 - 2012-07-09 13:08 - 00000000 ____D C:\Users\Craig\AppData\Local\{D2855C5B-6DC7-4791-871A-78DB1DBF424E}
2012-07-09 13:07 - 2012-07-09 13:08 - 00000000 ____D C:\Users\Craig\AppData\Local\{32F7D816-52AD-411A-8047-949D143F5E77}
2012-07-09 12:54 - 2012-07-09 12:54 - 00007628 ____A C:\Windows\PFRO.log
2012-07-09 12:05 - 2012-07-09 12:16 - 00001601 ____A C:\Windows\Active Setup Log.BAK
2012-07-09 11:42 - 2012-07-21 02:42 - 01408729 ____A C:\Windows\setupact.log
2012-07-09 11:42 - 2012-07-09 11:42 - 00000000 ____A C:\Windows\setuperr.log
2012-07-09 08:12 - 2012-07-09 08:12 - 00000000 ____D C:\Program Files\Orange
2012-07-09 08:08 - 2012-07-09 14:23 - 00001004 ____A C:\Users\Craig\Desktop\z.txt
2012-07-09 06:22 - 2012-04-11 15:30 - 00708200 ____A (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys
2012-07-09 06:22 - 2012-04-11 15:30 - 00107552 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RTNUninst64.dll
2012-07-09 06:22 - 2012-04-11 15:30 - 00074344 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RtNicProp64.dll
2012-07-08 15:56 - 2012-07-08 15:56 - 00000000 ____D C:\Users\All Users\GFI Software
2012-07-08 14:50 - 2012-07-08 14:50 - 00000000 ____D C:\Windows\System32\SPReview
2012-07-08 14:48 - 2012-07-08 14:48 - 00000000 ____D C:\Windows\System32\EventProviders
2012-07-08 10:54 - 2012-07-17 10:46 - 00000276 ____A C:\Users\Craig\Desktop\symptoms.txt
2012-07-08 04:21 - 2012-07-08 04:22 - 00000000 ____D C:\Users\Craig\AppData\Local\{920172E0-28D5-4223-A11F-D2C3C731CC90}
2012-07-08 04:21 - 2012-07-08 04:21 - 00000000 ____D C:\Users\Craig\AppData\Local\{1A10B5A3-1577-407C-8737-492AA6975F9F}
2012-07-07 05:06 - 2012-07-07 05:06 - 00000000 ____D C:\Users\Craig\AppData\Local\{E5091D74-BAFE-4946-A60F-9650CC68ABFE}
2012-07-07 05:05 - 2012-07-07 05:06 - 00000000 ____D C:\Users\Craig\AppData\Local\{7C7A4C53-44D4-4158-A737-D08223934579}
2012-07-06 04:05 - 2012-07-06 04:05 - 00000000 ____D C:\Users\Craig\AppData\Local\{66E06143-E115-430E-9A93-0636409EA3D3}
2012-07-06 04:05 - 2012-07-06 04:05 - 00000000 ____D C:\Users\Craig\AppData\Local\{573CFA48-299C-4928-ABC2-5C65ACA77D18}
2012-07-05 05:34 - 2012-07-05 05:34 - 00000000 ____D C:\Users\Craig\AppData\Local\{B94E6260-3660-44C0-8837-107FE79DB0F5}
2012-07-05 05:34 - 2012-07-05 05:34 - 00000000 ____D C:\Users\Craig\AppData\Local\{4790F2CF-7A2B-461F-A7FC-82488FAAC90F}
2012-07-04 06:20 - 2012-07-04 06:20 - 00000000 ____D C:\Users\Craig\AppData\Local\Macromedia
2012-07-04 03:55 - 2012-07-04 03:55 - 00000028 ____A C:\Users\Craig\Desktop\dae.txt
2012-07-04 02:58 - 2012-07-04 02:58 - 00000000 ____D C:\Users\Craig\AppData\Local\{A733270B-7F13-4726-BBA3-1A4F09C3E26C}
2012-07-04 02:58 - 2012-07-04 02:58 - 00000000 ____D C:\Users\Craig\AppData\Local\{245CA6BA-E251-4917-9A9A-E09B930BF7F6}
2012-07-03 08:12 - 2012-07-03 08:12 - 00000285 ____A C:\Users\Craig\Desktop\eft.txt
2012-07-03 05:16 - 2012-07-03 05:19 - 00000323 ____A C:\Users\Craig\Desktop\diary.txt
2012-07-03 03:15 - 2012-07-03 03:15 - 00000000 ____D C:\Users\Craig\AppData\Local\{90C2F045-4C1B-4E8B-945F-86425A1ADE57}
2012-07-03 03:15 - 2012-07-03 03:15 - 00000000 ____D C:\Users\Craig\AppData\Local\{06B1DA47-A692-4213-B11B-77375DAB067E}
2012-07-02 08:57 - 2012-07-02 08:57 - 00000210 ____A C:\Users\Craig\Desktop\flat.txt
2012-07-02 06:26 - 2012-07-02 06:29 - 3925535688 ____A C:\Users\Craig\Documents\bnb_Screen_Stream.avi
2012-07-02 05:52 - 2012-07-02 09:03 - 00000052 ____A C:\Users\All Users\lcjetrdoampggoa
2012-07-02 03:00 - 2012-07-02 03:00 - 00000000 ____D C:\Users\Craig\AppData\Local\{BDACCE44-2097-485C-B669-2A0BB7CB234F}
2012-07-02 03:00 - 2012-07-02 03:00 - 00000000 ____D C:\Users\Craig\AppData\Local\{8D489DA8-215A-411C-8436-23CFC5609D00}
2012-07-01 07:51 - 2012-07-01 07:52 - 00000000 ____D C:\Users\Craig\AppData\Local\{27264C32-F068-431B-8CAE-CD6DEC9C7F3A}
2012-07-01 07:51 - 2012-07-01 07:51 - 00000000 ____D C:\Users\Craig\AppData\Local\{0629CFCC-EAC6-4A1A-8D6E-60155C0070FD}
2012-06-30 04:46 - 2012-06-30 04:46 - 00000000 ____D C:\Users\Craig\AppData\Local\{00BC4A86-C4C6-4F5F-9DB9-2A995551B27B}
2012-06-30 04:45 - 2012-06-30 04:46 - 00000000 ____D C:\Users\Craig\AppData\Local\{B84B8818-883D-4085-B72F-A5DCD98C3E9A}
2012-06-29 03:19 - 2012-06-29 03:19 - 00000000 ____D C:\Users\Craig\AppData\Local\{CB8785F0-1435-4C26-A0A5-0CFC969AD25D}
2012-06-29 03:19 - 2012-06-29 03:19 - 00000000 ____D C:\Users\Craig\AppData\Local\{93076331-2FE7-42C2-A18D-44C99068545F}
2012-06-28 04:34 - 2012-06-28 04:34 - 00000000 ____D C:\Users\Craig\AppData\Local\{A5FDFE77-153A-4D47-A398-DAE5AECF9197}
2012-06-28 04:34 - 2012-06-28 04:34 - 00000000 ____D C:\Users\Craig\AppData\Local\{12F3DB57-E03D-4D78-968E-D756B139C7FA}
2012-06-27 05:25 - 2012-06-27 05:26 - 00000000 ____D C:\Users\Craig\AppData\Local\{F2574821-2E87-433F-9989-AAF5C9E29BF5}
2012-06-27 05:25 - 2012-06-27 05:25 - 00000000 ____D C:\Users\Craig\AppData\Local\{BD172CB4-2D89-4E61-822D-D3C2AFBCA0F1}
2012-06-26 03:30 - 2012-06-26 03:30 - 00000000 ____D C:\Users\Craig\AppData\Local\{0DE6894F-A1D5-459F-8F1F-E24E2291E351}
2012-06-26 03:29 - 2012-06-26 03:30 - 00000000 ____D C:\Users\Craig\AppData\Local\{C14FCDE8-1758-4540-A763-CF641F44A3D2}
2012-06-25 04:09 - 2012-06-25 04:09 - 00000000 ____D C:\Users\Craig\AppData\Local\{F5B40B3D-E1E7-4018-A948-283DAFFF7890}
2012-06-25 04:09 - 2012-06-25 04:09 - 00000000 ____D C:\Users\Craig\AppData\Local\{92B311BA-C167-4ADB-861F-4A52EF909376}


============ 3 Months Modified Files ========================

2012-07-24 10:54 - 2009-07-13 20:45 - 00632368 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-21 05:55 - 2010-02-11 09:54 - 01343970 ____A C:\Windows\WindowsUpdate.log
2012-07-21 05:53 - 2012-07-21 05:53 - 00000025 ____A C:\Users\Craig\Desktop\die aertze.txt
2012-07-21 05:51 - 2012-04-04 05:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-21 05:47 - 2010-08-31 12:50 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3246986668-3641929785-1153965947-1000UA.job
2012-07-21 05:35 - 2012-01-09 06:24 - 00000926 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3246986668-3641929785-1153965947-1000UA.job
2012-07-21 05:20 - 2009-09-29 06:03 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-21 04:27 - 2009-09-29 06:03 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-21 03:35 - 2012-07-21 03:35 - 00001146 ____A C:\Users\Craig\Desktop\AVG PC Tuneup 2011.lnk
2012-07-21 03:19 - 2012-07-21 03:19 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-07-21 03:19 - 2012-07-21 03:19 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-21 02:49 - 2010-02-05 08:35 - 00033136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-21 02:49 - 2010-02-05 08:35 - 00033136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-21 02:42 - 2012-07-09 11:42 - 01408729 ____A C:\Windows\setupact.log
2012-07-21 02:42 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-20 04:14 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-19 08:35 - 2012-01-09 06:24 - 00000904 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3246986668-3641929785-1153965947-1000Core.job
2012-07-18 12:47 - 2010-08-31 12:50 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3246986668-3641929785-1153965947-1000Core.job
2012-07-17 14:19 - 2010-02-25 05:23 - 00024576 ____A C:\Users\Craig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-17 10:46 - 2012-07-08 10:54 - 00000276 ____A C:\Users\Craig\Desktop\symptoms.txt
2012-07-16 13:23 - 2012-07-16 13:22 - 00291624 ____A C:\Windows\Minidump\071612-22953-01.dmp
2012-07-16 13:22 - 2012-07-16 13:22 - 515132710 ____A C:\Windows\MEMORY.DMP
2012-07-14 17:01 - 2012-07-14 17:01 - 00001190 ____A C:\Windows\SysWOW64\ServiceConfig.xml
2012-07-12 08:51 - 2012-04-04 05:26 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 08:51 - 2011-05-22 12:05 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-12 04:34 - 2010-02-09 16:00 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-09 14:23 - 2012-07-09 08:08 - 00001004 ____A C:\Users\Craig\Desktop\z.txt
2012-07-09 12:54 - 2012-07-09 12:54 - 00007628 ____A C:\Windows\PFRO.log
2012-07-09 12:53 - 2010-02-05 10:50 - 01474832 ____A C:\Windows\System32\Drivers\sfi.dat
2012-07-09 12:16 - 2012-07-09 12:05 - 00001601 ____A C:\Windows\Active Setup Log.BAK
2012-07-09 11:42 - 2012-07-09 11:42 - 00000000 ____A C:\Windows\setuperr.log
2012-07-08 15:00 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-07-08 15:00 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-07-06 03:51 - 2010-07-13 12:12 - 00295977 ____A C:\aaw7boot.log
2012-07-05 05:27 - 2011-04-24 14:45 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-07-05 05:27 - 2011-04-24 14:45 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-07-04 03:55 - 2012-07-04 03:55 - 00000028 ____A C:\Users\Craig\Desktop\dae.txt
2012-07-03 08:12 - 2012-07-03 08:12 - 00000285 ____A C:\Users\Craig\Desktop\eft.txt
2012-07-03 05:19 - 2012-07-03 05:16 - 00000323 ____A C:\Users\Craig\Desktop\diary.txt
2012-07-02 09:03 - 2012-07-02 05:52 - 00000052 ____A C:\Users\All Users\lcjetrdoampggoa
2012-07-02 08:57 - 2012-07-02 08:57 - 00000210 ____A C:\Users\Craig\Desktop\flat.txt
2012-07-02 06:29 - 2012-07-02 06:26 - 3925535688 ____A C:\Users\Craig\Documents\bnb_Screen_Stream.avi
2012-06-24 10:09 - 2012-06-24 10:09 - 04026991 ____A C:\Users\Craig\Desktop\1-02 Far Away.m4a
2012-06-22 15:36 - 2012-06-22 15:36 - 00001912 ____A C:\Users\Craig\Desktop\dc.txt
2012-06-16 09:33 - 2012-06-13 03:41 - 00001666 ____A C:\Users\Craig\Desktop\npd.txt
2012-06-16 04:09 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-13 21:20 - 2012-06-13 21:16 - 3933600712 ____A C:\Users\Craig\Documents\bnb.camrec
2012-06-13 20:52 - 2012-06-13 20:52 - 00000055 ____A C:\Users\Craig\Desktop\k.txt
2012-06-12 14:56 - 2012-06-12 14:56 - 00000044 ____A C:\Users\Craig\Desktop\his holiness.txt
2012-06-12 13:55 - 2012-06-12 13:55 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-11 19:08 - 2012-07-12 04:37 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-12 03:11 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-12 03:11 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 06:28 - 2012-06-06 06:28 - 00037784 ____A C:\Users\All Users\SPL1DEC.tmp
2012-06-05 22:06 - 2012-07-12 03:11 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-12 03:11 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-12 03:11 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-12 03:11 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-12 03:11 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-12 03:11 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-21 08:06 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 08:06 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 08:06 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 08:05 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 08:05 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 08:06 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 08:05 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-21 08:05 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-21 08:05 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-12 04:32 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-12 04:32 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-12 04:32 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-12 04:33 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-12 04:33 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-12 04:33 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:04 - 2012-07-12 04:32 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:03 - 2012-07-12 04:33 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-12 04:33 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-12 04:32 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-12 04:33 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-12 04:33 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-12 04:33 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-12 04:33 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-12 04:32 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-12 04:32 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-12 04:32 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-12 04:33 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-12 04:33 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-12 04:33 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-12 04:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-12 04:32 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 04:33 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 04:33 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-12 04:32 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-12 04:33 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 04:33 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 04:33 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-12 03:11 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-12 03:11 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-12 03:11 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-12 03:11 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-12 03:11 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-12 03:11 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-12 03:11 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-12 03:11 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-12 03:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 04:45 - 2011-03-28 05:46 - 00001021 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-05-31 03:25 - 2009-10-03 04:14 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-29 09:00 - 2012-05-28 15:35 - 00000158 ____A C:\Users\Craig\Desktop\new tunes.txt
2012-05-21 12:56 - 2012-05-21 12:54 - 2907530606 ____A C:\Users\Craig\Documents\jjess_Screen_Stream.avi
2012-05-21 07:21 - 2012-05-21 07:19 - 2910397806 ____A C:\Users\Craig\Documents\jjess.camrec
2012-05-14 05:31 - 2009-06-11 07:49 - 00000081 ____A C:\Users\Craig\Documents\names.txt
2012-05-08 15:06 - 2012-05-04 14:42 - 00005057 ____A C:\Users\Craig\Desktop\yelp 2.txt
2012-05-04 03:06 - 2012-06-13 20:04 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 20:04 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 20:04 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-13 20:04 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 21:32 - 2012-06-13 20:04 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-27 19:55 - 2012-06-13 20:04 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2011-04-26 09:29] - [2011-02-24 22:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\System32\winlogon.exe
[2011-06-14 05:44] - [2010-11-20 05:25] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457

C:\Windows\System32\wininit.exe
[2009-07-13 15:52] - [2009-07-13 17:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA

C:\Windows\System32\svchost.exe
[2009-07-13 15:31] - [2009-07-13 17:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\User32.dll
[2011-06-14 05:44] - [2010-11-20 05:27] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B

C:\Windows\System32\userinit.exe
[2011-06-14 05:42] - [2010-11-20 05:25] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53

C:\Windows\System32\Drivers\volsnap.sys
[2011-06-14 05:43] - [2010-11-20 05:34] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 22%
Total physical RAM: 3583.18 MB
Available physical RAM: 2776.54 MB
Total Pagefile: 3581.46 MB
Available Pagefile: 2797.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.7 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:298.09 GB) (Free:125.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive d: (Audio) (Fixed) (Total:298.09 GB) (Free:267.51 GB) NTFS
5 Drive f: (CD_ROM) (CDROM) (Total:3.48 GB) (Free:0 GB) CDFS
6 Drive g: () (Removable) (Total:0.46 GB) (Free:0.46 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 298 GB 1024 KB
Disk 2 Online 471 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 31 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 298 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Audio NTFS Partition 298 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 470 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 470 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-18 04:20

======================= End Of Log ==========================
  • 0

#4
Amlak
Posted 25 July 2012 - 05:43 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts

ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.


Hi, dogbiscuit. Just to be clear, which one did you download and run? FRST or FRST64?

Also, are you able to enter System Recovery Options from the Advanced Boot Options (rather from the CD)? Your Windows CD is for a 32-bit version of Windows 7 while the Windows 7 on your system is 64-bit.
  • 0

#5
Amlak
Posted 25 July 2012 - 05:44 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Sorry, it seems your Windows is 32-bit after all. I'll look into this bit further. In the meantime, could you answer my questions.
  • 0

#6
dogbiscuit
Posted 25 July 2012 - 06:02 PM

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
This is strange, I could have sworn I had a 64 bit system. And I was sure that disc was also 64 bit. Perhaps it got mixed up with another at some point. It's a few years since I installed my OS so now I'm confused!
I pressed F8 on start-up and it went straight to a list of drives to boot from. I clicked USB but it didnt recognize. When running the windows disc I used FRST.

Edited by dogbiscuit, 25 July 2012 - 06:04 PM.

  • 0

#7
Amlak
Posted 25 July 2012 - 06:08 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
You're right. The folder structure is 64-bit. But I don't know why the log says it's 32-bit.

Anyway, let's ignore this tidbit for now and assume it's just a bug in the log. I'll provide you with the needed fix soon.
  • 0

#8
Amlak
Posted 25 July 2012 - 06:15 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts

I pressed F8 on start-up and it went straight to a list of drives to boot from. I clicked USB but it didnt recognize. When running the windows disc I used FRST.


I just noticed this. You should be choosing the drive from which you normally boot into Windows (in this case, it should be the C: drive).
  • 0

#9
Amlak
Posted 25 July 2012 - 06:19 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Also, if you have a 64-bit version installed, then you should be running FRST64.
  • 0

#10
dogbiscuit
Posted 25 July 2012 - 06:45 PM

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Ok i didnt really understand the advanced boot part.
I tried running frst64 but it didnt work. Maybe because the windows disc is 32bit. Then i tried frst.exe and it worked so just went with it.
  • 0

Advertisements

#11
Amlak
Posted 25 July 2012 - 07:04 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Ok, to make things simple, you know the moment when you press F8 in order to get into Safe Mode. Well, if you were to do that, do you get the option Repair your computer mentioned on the screen along with the Safe Mode options?

I think what is going on is that you're pressing F8 too early rather than tapping the F8 button just before the Windows loading screen appears. That's why you're getting an option to boot from USB which should not be the case.
  • 0

#12
Amlak
Posted 26 July 2012 - 06:47 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, dogbiscuit. Just to be clear, I'd like you to respond before I can provide you with the needed fix. If you're unable to access Repair your computer via the F8 key, then let me know.

If you could tell me what version of Windows (including whether it's 32-bit or 64-bit) is mentioned on the product key sticker for your computer, that would be great.

Also, I see you have two hard drives installed with your computer. Is there, or did there use to be, a Windows installation on the second drive by any chance? And if so, which Windows?
  • 0

#13
dogbiscuit
Posted 26 July 2012 - 07:51 AM

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Ah I was pressing it too early. I've just tried it the right way and got into Advanced Boot Options but 'Repair your computer' isn't in the options.
Unfortunately my product key sticker is unreadable. But I'm now pretty confident that the windows disc I have is a 32 bit one which got confused with my original one at some point, and my system is indeed 64 bit.
The second hard drive has only ever been used for storing audio files.
  • 0

#14
Amlak
Posted 26 July 2012 - 05:29 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Ok, thanks for answering.

I've prepared a fix for you to do next. Once it's approved, I'll post it here as soon as possible.
  • 0

#15
Amlak
Posted 27 July 2012 - 06:50 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, dogbiscuit. Let's see if this works regardless.

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ATTENTION! ====> ZeroAccess
2012-07-02 05:52 - 2012-07-02 09:03 - 00000052 ____A C:\Users\All Users\lcjetrdoampggoa

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7

Now please enter System Recovery Options (via your Windows disc).

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP