[CompCav]

• Download the attached new fix.txt to a USB flash drive, replacing the old one.
   fix.txt   27bytes   286 downloads
• Plug the USB drive into the infected machine.

Then boot using your recovery CD to the command prompt again and run List Parts.

• Back in the command window ....

• Type e:/listparts.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
• ListParts will start to run.
  
  • Press the Fix button.
  • ListParts will process the script in Fix.txt
  • A log Result.txt or PLfixlog will be saved to the flash drive.
• Close the command window.
• Post me the log please and try to boot into normal mode.

[Advertisements]

OK after I got to the window where I can select my operating system, it showed me my OS. Usually it doesn't and I just click next to get to the command prompt. So I selected my operating system and clicked on next, it opened up the same window as before.
"Startup Repair
Your computer was unable to start
Startup Repair is checking your system for problem..."
and then the second window popped too asking if I want to restore the computer to an earlier point in time when it worked correctly.

[Maya_k]

OK after I got to the window where I can select my operating system, it showed me my OS. Usually it doesn't and I just click next to get to the command prompt. So I selected my operating system and clicked on next, it opened up the same window as before.
"Startup Repair
Your computer was unable to start
Startup Repair is checking your system for problem..."
and then the second window popped too asking if I want to restore the computer to an earlier point in time when it worked correctly.

[CompCav]

I will need to consult with some experts on this issue and will get back to you tomorrow. We are making progress though so hang in there

Regards,

CompCav

[Maya_k]

Oh, alright. Thanks

[CompCav]

First you need to run the second fix.txt it is a different fix then the first one. The fact we are getting different options like system restore means we are close but not there.

So please download the new fix.txt in post #91 and run it using ListParts.


Second when it says do you want to do system restore click Cancel. We do not want to run system restore. Windows Startup Repair will probably start automatically (and then fail). But then from there you can use the other Recovery options (select command prompt, so you can run the script from post #91)

Remember our objective is to first get to the command prompt and then to run the second fix.txt from post #91.


Regards,

CompCav

[Maya_k]

OK so I got past the system repair and ran the second fix but it's doing the same thing when I try to boot into normal mode. It keeps on restarting
Here is the PLfixlog:


Script used: "Disk=0 Partition=2 active"

Edited by Maya_k, 04 September 2012 - 10:19 PM.

[CompCav]

Can you get into safe mode?

[Maya_k]

No I got the BSoD. It was loading the files and stopped at : BMLoad.sys

[CompCav]

Try this please:

• Please restart your system and tap F10 repeatedly, until the "Edit Boot Options" screen appears.
• In last line you should see this:

[ /NOEXECUTE=OPTIN


Do you see anything else? If so please let me know what it says on that line.

[Maya_k]

This is what it says on the whole screen:


Edit Boot Options


Edit windows boot options for: windows setup

Path: \windows\system32\boot\winload.exe



[ /DETECTHAL /MININT /REDIRECT RDIMAGEOFFSET=8192 RDIMAGELENGTH=3161088 R
DPATH-multi(0)disk(0)rdisk(0)partition(1)\sources\boot.wim



ENTER=Submit ESC=Cancel

[CompCav]

Maya_k,

We need to check to see if the services.exe file was replaced properly or if it is being deleted during the startup attempts.

Step 1.

• Insert your flash drive with FRST.exe on it.
• Please go to the command prompt again using your CD.

Step 2.

• In the command window type e:\frst.exe and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
  
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[Maya_k]

Hi,
Here is the log:



Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 02-09-2012 03
Ran by SYSTEM at 05-09-2012 12:34:39
Running from F:\
Windows Vista ™ Business (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-07] (Synaptics, Inc.)
HKLM\...\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [317280 2008-04-03] (Sony Corporation)
HKLM\...\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [24576 2008-02-19] (Sony Electronics, Inc.)
HKLM\...\Run: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [77824 2008-06-27] (Sony Electronics Corporation)
HKLM\...\Run: [VAIO Help and Support Demo] "C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [290816 2007-08-27] ()
HKLM\...\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup [367128 2008-06-13] (Intel Corporation)
HKLM\...\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup [48904 2008-04-03] (UPEK Inc.)
HKLM\...\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [65256 2010-02-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Athan] C:\Program Files\Athan\Athan.exe [1146880 2010-03-27] (www.IslamicFinder.org)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288080 2009-07-17] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-05] (Apple Inc.)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [273544 2011-08-12] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3508624 2011-11-29] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [651264 2012-04-17] ()
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\AFSHEEN KHAN\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\AFSHEEN KHAN\...\Run: [AdobeBridge] [x]
HKU\AFSHEEN KHAN\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\AFSHEEN KHAN\...\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\AFSHEEN KHAN\...\Run: [Google Update] "C:\Users\AFSHEEN KHAN\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-09] (Google Inc.)
HKU\AFSHEEN KHAN\...\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [4686848 2012-06-05] (Veoh Networks)
HKU\AFSHEEN KHAN\...\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s [935312 2011-11-29] (Samsung)
HKU\AFSHEEN KHAN\...\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2011-11-29] ()
HKU\AFSHEEN KHAN\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\AFSHEEN KHAN\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-07-02] (Google Inc.)
HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Guest\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe -update plugin [686792 2012-08-14] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1085000 2012-07-03] (Malwarebytes Corporation)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.)
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Lsa: [Notification Packages] scecli psqlpwd
Startup: C:\Users\AFSHEEN KHAN\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\AFSHEEN KHAN\Start Menu\Programs\Startup\_uninst_.lnk
ShortcutTarget: _uninst_.lnk -> (No File)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

========================== Services (Whitelisted) ========================

2 Giraffic; C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe --service [2232504 2012-07-02] (Giraffic)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 msfwsvc; "C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe" [869952 2007-11-27] (Microsoft Corporation)
2 OcHealthMon; "C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe" [26120 2010-02-05] (Microsoft Corporation)
2 OneCareMP; "C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe" [18704 2008-07-09] (Microsoft Corporation)
2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2008-06-13] (Intel Corporation)
2 USB Access Restriction; C:\Program Files\Sony\USB Access Restriction Setting\USB Access Restriction.exe [59232 2008-03-31] (Sony Corporation)
2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-10] (Sony Corporation)
2 winss; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [1141112 2010-02-05] (Microsoft Corporation)
2 FastUserSwitchingCompatibility; C:\Windows\system32\FastUserSwitchingCompatibilityex.dll [x]
2 IviRegMgr; c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [x]
3 MSSQL$MSSMLBIZ; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [x]
4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

==================== Drivers (Whitelisted) ===================

3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
2 cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x32.sys [12672 2009-03-26] (Windows ® Codename Longhorn DDK provider)
3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20032 2011-11-29] (Devguru Co., Ltd)
3 hitmanpro35; \??\C:\Windows\system32\drivers\hitmanpro35.sys [20552 2011-06-23] ()
3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows ® Win 7 DDK provider)
3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [103424 2009-01-23] (QUALCOMM Incorporated)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
3 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [53168 2008-05-15] (Microsoft Corporation)
2 MSFWDrv; C:\Windows\System32\DRIVERS\msfwdrv.sys [91200 2007-11-27] (Microsoft Corporation)
1 MSFWHLPR; C:\Windows\System32\DRIVERS\msfwhlpr.sys [37440 2007-11-27] (Microsoft Corporation)
3 NETwNv32; C:\Windows\System32\DRIVERS\NETwNv32.sys [6680064 2010-07-14] (Intel Corporation)
3 PTUMWBus; C:\Windows\System32\DRIVERS\PTUMWBus.sys [54544 2009-10-26] (DEVGURU Co., LTD.)
3 PTUMWCDF; C:\Windows\System32\DRIVERS\PTUMWCDF.sys [22032 2009-10-26] (DEVGURU Co., LTD.)
3 PTUMWFLT; C:\Windows\System32\DRIVERS\PTUMWFLT.sys [12048 2009-10-26] (DEVGURU Co., LTD.)
3 PTUMWMdm; C:\Windows\System32\DRIVERS\PTUMWMdm.sys [160400 2009-10-26] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTUMWNET; C:\Windows\System32\DRIVERS\PTUMWNET.sys [115216 2009-10-26] (DEVGURU Co., LTD.)
3 PTUMWVsp; C:\Windows\System32\DRIVERS\PTUMWVsp.sys [160400 2009-10-26] (DEVGURU Co., LTD.(www.devguru.co.kr))
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45648 2010-08-11] (Sonic Solutions)
0 shpf; C:\Windows\System32\DRIVERS\shpf.sys [21408 2007-10-09] (Sony Corporation)
3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [181432 2011-10-26] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 TrueSight; \??\c:\windows\system32\drivers\TrueSight.sys [14080 2012-07-31] ()
2 5762; \??\C:\Users\AFSHEE~1\AppData\Local\Temp\5762.sys [x]
3 anvsoftf2v; C:\Windows\System32\drivers\anvsoftf2v.sys [x]
3 catchme; \??\C:\Users\AFSHEE~1\AppData\Local\Temp\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NETw5v32; C:\Windows\System32\DRIVERS\NETw5v32.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
4 UIUSys; C:\Windows\System32\DRIVERS\UIUSYS.SYS [x]

==================== NetSvcs (Whitelisted) =================


============ One Month Created Files and Folders ==============

2012-09-03 21:33 - 2012-09-03 21:33 - 00000000 ____D C:\FRST
2012-08-28 10:41 - 2012-08-28 10:41 - 00134928 ____A C:\Windows\Minidump\Mini082812-01.dmp
2012-08-26 10:33 - 2012-08-26 10:33 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{F8FB9F80-BCE1-4110-A67E-884F9C2A21D9}
2012-08-26 08:55 - 2012-08-26 08:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-08-25 22:17 - 2012-08-25 22:18 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{32BE119F-92C0-47B5-B108-7AF5E9B76A0D}
2012-08-25 21:57 - 2012-08-25 21:57 - 00000000 ____D C:\Users\AFSHEEN KHAN\Documents\BatmanBeginsAllLanguages
2012-08-25 21:54 - 2012-08-25 21:55 - 00000000 ____D C:\Users\AFSHEEN KHAN\Documents\A.Reham Sudais + Urdu Translation 2.1 GB
2012-08-25 21:50 - 2012-08-25 21:50 - 00000000 ____D C:\Users\AFSHEEN KHAN\Documents\Batman.Begins.2005.720p.BluRay.DTS.x264-ESiR [PublicHD]
2012-08-25 20:02 - 2012-08-25 20:02 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{2CF69A43-AA04-49BF-88F9-776447113F55}
2012-08-25 20:00 - 2012-08-25 20:00 - 00135416 ____A C:\Windows\Minidump\Mini082512-01.dmp
2012-08-24 09:55 - 2012-08-24 09:56 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{9EE67DB5-CB89-4725-998F-F1001F99E4F1}
2012-08-23 21:23 - 2012-08-23 21:23 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{67930A5B-DA90-13E6-12CD-D566F2A4AE3E}
2012-08-23 12:24 - 2012-08-23 12:24 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{78977124-8428-5D2A-0C81-D825EC4EB62D}
2012-08-23 10:39 - 2012-08-23 10:39 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{A84F220C-F631-0CC7-F8FF-2079D8D5A6B4}
2012-08-23 10:11 - 2012-08-23 10:12 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{66A564E9-DF55-407A-8DDB-4F35CEAB2DB3}
2012-08-22 16:38 - 2012-08-22 16:38 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{95503354-C031-4499-A3FF-95BB1AA199EF}
2012-08-22 13:42 - 2012-08-22 13:42 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{5728EEBD-5C83-41E5-8015-998F936082FA}
2012-08-21 19:37 - 2012-08-21 19:38 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{80E0AF51-BB4E-42D2-95F3-9892BAB2F1D5}
2012-08-21 00:02 - 2012-08-21 00:02 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{D2AD190F-5AC9-4C0C-8459-F79D227C6B4A}
2012-08-17 15:56 - 2012-08-17 15:57 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{77DB4F6D-96E2-43A5-AE15-066717451B1A}
2012-08-17 15:56 - 2012-08-17 15:56 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{2DF3CE21-19E1-4B5F-A1CB-35CF1A37D2EF}
2012-08-17 15:52 - 2012-08-17 15:52 - 00139048 ____A C:\Windows\Minidump\Mini081712-01.dmp
2012-08-16 09:09 - 2012-08-16 09:10 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{115A89D5-FEB4-495B-8D29-1F870C6C388E}
2012-08-16 09:09 - 2012-08-16 09:09 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{A1A997FB-6B34-4113-AEE0-914619D53BB0}
2012-08-14 09:03 - 2012-08-14 09:03 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{ED060A17-67AC-4602-A0C4-1B3AE0C0D5F4}
2012-08-14 09:02 - 2012-08-14 09:03 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{8B1FD8BD-3958-4FFE-96F5-D98736C6F95F}
2012-08-12 12:26 - 2012-08-12 12:27 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{89F0B8D8-83A5-4406-A44D-E96095C75930}
2012-08-12 12:26 - 2012-08-12 12:26 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{3855079B-F2B0-4517-90B9-BF52FA29742D}
2012-08-11 10:38 - 2012-08-11 10:38 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{049966C3-A8A9-4216-85BF-103D45D87EB3}
2012-08-11 10:37 - 2012-08-11 10:38 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{3601E2C7-06F1-431E-B316-14DF225DE662}
2012-08-09 23:29 - 2012-08-09 23:29 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{DAF11C1E-ABBB-F52E-2427-D20D0408BB92}
2012-08-09 22:07 - 2012-08-26 10:32 - 00000000 ___RD C:\Users\AFSHEEN KHAN\Dropbox
2012-08-09 22:07 - 2012-08-09 22:07 - 00000948 ____A C:\Users\AFSHEEN KHAN\Desktop\Dropbox.lnk
2012-08-09 22:05 - 2012-08-09 22:05 - 00000000 ____D C:\Program Files\Dropbox
2012-08-09 22:02 - 2012-08-26 10:32 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Roaming\Dropbox
2012-08-09 14:50 - 2012-08-09 14:50 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{076B2363-4C75-49F2-9A3D-195A6D0296E4}
2012-08-09 14:49 - 2012-08-09 14:50 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{6025605F-19CF-4C9E-B93F-A1235AAFB20B}
2012-08-08 21:24 - 2012-08-08 21:27 - 01560670 ____A C:\Users\AFSHEEN KHAN\Desktop\Tickets.ai
2012-08-08 19:22 - 2012-08-08 19:22 - 00013229 ____A C:\Users\AFSHEEN KHAN\Documents\mom's fall 2012.txt
2012-08-08 19:07 - 2012-08-08 19:08 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{F17F1C53-F7AE-47CB-9D96-1815496BD1FA}
2012-08-08 19:07 - 2012-08-08 19:07 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{5ABB6E50-104F-4D77-A77C-CE4B55EE33A6}
2012-08-08 14:51 - 2012-08-08 14:52 - 03941299 ____A C:\Users\AFSHEEN KHAN\Desktop\Final_Poster.jpg.dwg
2012-08-08 12:04 - 2012-08-08 12:04 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{BBAB8E51-E2A3-40F1-8FBA-DF426F7D40EC}
2012-08-08 00:54 - 2012-08-08 00:54 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{57F90403-0617-4E3E-AA36-1529F9D3882A}
2012-08-08 00:53 - 2012-08-08 00:54 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{283993B8-4D9E-441E-8E2E-A817A05B3617}
2012-08-07 21:15 - 2012-08-07 21:15 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{C5CC97C8-5BA0-C72D-5E0E-B9FC3DE5BF96}
2012-08-07 18:52 - 2012-08-07 18:52 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{E76C31F5-78A8-7AA5-0586-9BF0E54876E8}
2012-08-07 18:40 - 2012-08-08 15:20 - 03585527 ____A C:\Users\AFSHEEN KHAN\Desktop\dinner flyer.ai
2012-08-07 14:43 - 2012-08-08 12:27 - 01422193 ____A C:\Users\AFSHEEN KHAN\Desktop\label.ai
2012-08-07 13:41 - 2012-08-07 13:34 - 01543982 ____A C:\Users\AFSHEEN KHAN\Desktop\realistic_water.rar
2012-08-07 09:00 - 2012-08-07 09:00 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{41AC36AB-CC84-4785-8498-F3BF6479393A}
2012-08-07 08:57 - 2012-08-07 08:58 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{9A050CA2-9EF4-4B39-94FE-2A291395A61E}
2012-08-07 08:57 - 2012-08-07 08:57 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{31F45EB9-0A8F-4548-A07D-FC6BBEB0FF8B}
2012-08-06 23:01 - 2012-08-06 23:01 - 00818096 ____A C:\Users\AFSHEEN KHAN\Desktop\h2o logo.ai
2012-08-06 15:56 - 2012-08-06 15:56 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{77E94A4D-1E83-46F9-BD5A-E36358F73138}
2012-08-06 15:55 - 2012-08-06 15:56 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{679590E1-70B4-40D7-83C0-0D6C7F5B7F2C}
2012-08-06 11:35 - 2012-08-06 11:35 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{965BEA8E-6DB8-4B25-865B-3D5A2BE62E5C}
2012-08-06 00:53 - 2012-08-06 02:32 - 03629820 ____A C:\Users\AFSHEEN KHAN\Untitled-1.ai

============ 3 Months Modified Files ========================

2012-09-04 20:51 - 2010-10-26 17:24 - 229602219 ____A C:\Windows\MEMORY.DMP
2012-09-04 20:51 - 2006-11-02 05:00 - 00125564 ____A C:\Windows\PFRO.log
2012-08-28 10:42 - 2012-05-16 23:28 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-28 10:42 - 2008-07-31 10:31 - 00002140 ____A C:\Windows\bthservsdp.dat
2012-08-28 10:42 - 2006-11-02 05:01 - 00032618 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-28 10:42 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-28 10:41 - 2012-08-28 10:41 - 00134928 ____A C:\Windows\Minidump\Mini082812-01.dmp
2012-08-28 10:41 - 2006-11-02 04:47 - 00003744 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-28 10:41 - 2006-11-02 04:47 - 00003744 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-27 12:07 - 2010-08-30 21:23 - 00001356 ____A C:\Users\AFSHEEN KHAN\AppData\Local\d3d9caps.dat
2012-08-26 12:01 - 2010-07-03 07:40 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-26 11:53 - 2011-06-09 18:01 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1340476193-1627373412-1124528107-1003UA.job
2012-08-26 10:40 - 2012-06-24 11:31 - 15339346 ____A C:\Users\AFSHEEN KHAN\Desktop\outdoor_travel_theme_icon_vector_153217.zip
2012-08-26 10:40 - 2012-06-18 22:40 - 07805548 ____A C:\Users\AFSHEEN KHAN\Desktop\FreeVector-Ants-Vector.zip
2012-08-26 10:31 - 2010-07-03 07:40 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-26 10:25 - 2010-01-13 10:02 - 01390709 ____A C:\Windows\WindowsUpdate.log
2012-08-25 20:00 - 2012-08-25 20:00 - 00135416 ____A C:\Windows\Minidump\Mini082512-01.dmp
2012-08-23 16:31 - 2006-11-02 02:33 - 00810286 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-22 16:30 - 2011-06-09 18:01 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1340476193-1627373412-1124528107-1003Core.job
2012-08-17 15:52 - 2012-08-17 15:52 - 00139048 ____A C:\Windows\Minidump\Mini081712-01.dmp
2012-08-14 10:42 - 2012-07-26 20:42 - 09826504 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-08-14 10:42 - 2012-05-16 23:27 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-14 10:42 - 2011-09-01 19:05 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-11 12:47 - 2012-06-25 22:44 - 117117376 ____A C:\Users\AFSHEEN KHAN\Desktop\BBQ_Invitation_1.avi
2012-08-11 12:47 - 2010-08-04 00:42 - 00137728 ____A C:\Users\AFSHEEN KHAN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-09 22:07 - 2012-08-09 22:07 - 00000948 ____A C:\Users\AFSHEEN KHAN\Desktop\Dropbox.lnk
2012-08-08 21:27 - 2012-08-08 21:24 - 01560670 ____A C:\Users\AFSHEEN KHAN\Desktop\Tickets.ai
2012-08-08 19:22 - 2012-08-08 19:22 - 00013229 ____A C:\Users\AFSHEEN KHAN\Documents\mom's fall 2012.txt
2012-08-08 15:20 - 2012-08-07 18:40 - 03585527 ____A C:\Users\AFSHEEN KHAN\Desktop\dinner flyer.ai
2012-08-08 14:52 - 2012-08-08 14:51 - 03941299 ____A C:\Users\AFSHEEN KHAN\Desktop\Final_Poster.jpg.dwg
2012-08-08 12:27 - 2012-08-07 14:43 - 01422193 ____A C:\Users\AFSHEEN KHAN\Desktop\label.ai
2012-08-07 13:34 - 2012-08-07 13:41 - 01543982 ____A C:\Users\AFSHEEN KHAN\Desktop\realistic_water.rar
2012-08-06 23:01 - 2012-08-06 23:01 - 00818096 ____A C:\Users\AFSHEEN KHAN\Desktop\h2o logo.ai
2012-08-06 02:32 - 2012-08-06 00:53 - 03629820 ____A C:\Users\AFSHEEN KHAN\Untitled-1.ai
2012-08-05 22:49 - 2012-08-05 22:49 - 03602781 ____A C:\Users\AFSHEEN KHAN\Documents\Untitled-1.ai
2012-08-05 14:27 - 2012-07-26 09:12 - 00014668 ____A C:\Users\AFSHEEN KHAN\Desktop\unhide.txt
2012-08-05 11:26 - 2012-08-05 12:34 - 14985298 ____A C:\Users\AFSHEEN KHAN\Desktop\globes.eps
2012-08-01 23:01 - 2012-08-01 22:57 - 141980320 ____A C:\Users\AFSHEEN KHAN\Desktop\setup_11.0.0.1245.x01_2012_08_02_09_06.exe
2012-08-01 19:45 - 2012-08-01 19:45 - 04722680 ____R (Swearware) C:\Users\AFSHEEN KHAN\Desktop\ComboFix.exe
2012-07-31 15:05 - 2012-07-31 15:05 - 00001232 ____A C:\Users\AFSHEEN KHAN\Desktop\RKreport[3].txt
2012-07-31 14:56 - 2012-07-31 14:56 - 00004206 ____A C:\Users\AFSHEEN KHAN\Desktop\RKreport[2].txt
2012-07-31 14:51 - 2012-07-31 14:51 - 00003277 ____A C:\Users\AFSHEEN KHAN\Desktop\RKreport[1].txt
2012-07-31 14:43 - 2012-07-31 14:43 - 00014080 ____A C:\Windows\System32\Drivers\TrueSight.sys
2012-07-30 10:59 - 2012-07-25 20:49 - 00000366 ____A C:\rkill.log
2012-07-28 23:54 - 2012-07-24 10:01 - 00000087 ___SH C:\Users\AFSHEEN KHAN\AppData\Roaming\winset.ini
2012-07-28 17:16 - 2012-07-28 17:16 - 00139096 ____A C:\Windows\Minidump\Mini072812-01.dmp
2012-07-27 00:08 - 2012-07-27 00:08 - 00143528 ____A C:\Windows\Minidump\Mini072712-01.dmp
2012-07-26 16:17 - 2006-11-02 04:52 - 00081372 ____A C:\Windows\setupact.log
2012-07-26 10:20 - 2012-07-26 10:20 - 00000987 ____A C:\Users\AFSHEEN KHAN\systemlog
2012-07-26 07:54 - 2012-08-05 11:21 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-26 02:42 - 2012-07-26 02:42 - 00140128 ____A C:\Windows\Minidump\Mini072612-01.dmp
2012-07-26 01:03 - 2012-07-26 01:03 - 00178692 ____A C:\Windows\System32\c_726522.nls
2012-07-25 19:58 - 2012-07-25 19:58 - 00140920 ____A C:\Windows\Minidump\Mini072512-01.dmp
2012-07-18 12:32 - 2012-07-18 12:32 - 00001131 ____A C:\Users\Guest\Desktop\Stories of The Prophets.lnk
2012-07-18 12:32 - 2012-07-18 12:32 - 00001131 ____A C:\Users\AFSHEEN KHAN\Desktop\Stories of The Prophets.lnk
2012-07-18 11:41 - 2012-07-18 11:41 - 00000140 ____A C:\Windows\winamp.ini
2012-07-14 16:36 - 2006-11-02 04:47 - 03753512 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-13 00:07 - 2006-11-02 02:23 - 00000377 ____A C:\Windows\win.ini
2012-07-13 00:02 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-13 00:01 - 2012-07-13 00:01 - 00271150 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-09 22:18 - 2012-07-09 22:18 - 31898392 ____A C:\Users\AFSHEEN KHAN\Desktop\Mehndi mix.wav
2012-07-09 22:09 - 2012-07-09 22:09 - 31781868 ____A C:\Users\AFSHEEN KHAN\Desktop\aaja nachle.wav
2012-07-09 20:09 - 2012-07-09 20:07 - 36501072 ____A C:\Users\AFSHEEN KHAN\Desktop\Naureen Appi Mehndi Mix for Anum.wav
2012-07-08 07:02 - 2012-07-08 06:55 - 00002377 ____A C:\Users\Guest\Desktop\Skype.lnk
2012-07-03 10:46 - 2012-07-26 07:53 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-29 09:58 - 2012-06-29 09:58 - 00000132 ____A C:\Users\AFSHEEN KHAN\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-06-29 09:58 - 2012-06-19 21:07 - 07009750 ____A C:\Users\AFSHEEN KHAN\Desktop\3_food_pyramid_vector_155207.zip
2012-06-26 21:34 - 2012-06-26 21:34 - 00001992 ____A C:\Users\AFSHEEN KHAN\Desktop\Veoh Web Player.lnk
2012-06-26 11:39 - 2012-06-26 11:39 - 00013465 ____A C:\Users\AFSHEEN KHAN\Desktop\girl photo toms carpet cleaning_full.jpeg
2012-06-25 22:43 - 2012-06-25 21:04 - 00000038 ____A C:\Windows\camcodec100.ini
2012-06-25 22:41 - 2012-06-25 22:42 - 36699136 ____A C:\Users\AFSHEEN KHAN\Desktop\BBQ_Invitation.avi
2012-06-25 22:41 - 2012-06-25 22:39 - 00000067 ____A C:\Users\AFSHEEN KHAN\Desktop\BBQ_Invitation.txt
2012-06-25 21:22 - 2012-06-25 21:21 - 01707366 ____A C:\Users\AFSHEEN KHAN\Desktop\VirtualDub-1.9.11.zip
2012-06-25 21:00 - 2012-06-25 21:00 - 00034510 ____A C:\Users\AFSHEEN KHAN\Desktop\CamStudioCodec-1.4-w32.zip
2012-06-25 20:41 - 2012-06-25 20:31 - 00000067 ____A C:\Windows\swf2avi.INI
2012-06-25 20:31 - 2012-06-25 20:31 - 00000885 ____A C:\Users\AFSHEEN KHAN\Desktop\iWisoft Flash SWF to Video Converter.lnk
2012-06-25 16:15 - 2012-06-25 16:15 - 07302429 ____A C:\Users\AFSHEEN KHAN\Desktop\Obaid_BBQ.mov
2012-06-25 15:36 - 2012-07-26 09:26 - 00000887 ____A C:\Users\Public\Desktop\AnvSoft Flash to Video Converter.lnk
2012-06-25 14:51 - 2012-07-26 09:26 - 00001124 ____A C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
2012-06-25 14:50 - 2012-06-25 14:50 - 00000914 ____A C:\Users\AFSHEEN KHAN\Desktop\Free FLV Converter.lnk
2012-06-25 14:27 - 2012-06-25 14:27 - 00000816 ____A C:\Users\Guest\Desktop\Handbrake.lnk
2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\System32\msxml4.dll
2012-06-24 11:29 - 2012-06-24 11:29 - 01706056 ____A C:\Users\AFSHEEN KHAN\Desktop\barbecue-grill.rar
2012-06-19 21:43 - 2012-06-19 21:43 - 06067448 ____A C:\Users\AFSHEEN KHAN\Desktop\food_quality_vectors_146768.zip
2012-06-19 21:10 - 2012-06-19 21:09 - 31792430 ____A C:\Users\AFSHEEN KHAN\Desktop\set_of_fruits_vector_graphics_147976.zip
2012-06-19 21:09 - 2012-06-19 21:08 - 11446502 ____A C:\Users\AFSHEEN KHAN\Desktop\green_detailed_vector_icons_146806.zip
2012-06-19 21:06 - 2012-06-19 21:05 - 03272835 ____A C:\Users\AFSHEEN KHAN\Desktop\food_cooking_vector_art_5380.zip
2012-06-19 21:05 - 2012-06-19 21:05 - 02977182 ____A C:\Users\AFSHEEN KHAN\Desktop\birthday_vector_goods_and_fast_food_153194.zip
2012-06-19 20:56 - 2012-06-19 20:56 - 04424306 ____A C:\Users\AFSHEEN KHAN\Desktop\cartoon_basket_04_vector_156493.zip
2012-06-18 22:37 - 2012-06-18 22:37 - 00045964 ____A C:\Users\AFSHEEN KHAN\Desktop\ant_55940.zip
2012-06-18 21:19 - 2012-06-18 21:19 - 00565121 ____A C:\Users\AFSHEEN KHAN\Desktop\vector-grass.zip
2012-06-18 20:36 - 2012-06-18 20:36 - 00084137 ____A C:\Users\AFSHEEN KHAN\Desktop\BBQ.fxg
2012-06-13 05:40 - 2012-07-13 00:08 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 12:15 - 2012-07-26 09:26 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-08 09:47 - 2012-07-11 09:11 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-07-31 12:20:42
Restore point made on: 2012-08-07 20:13:21
Restore point made on: 2012-08-25 21:56:09
Restore point made on: 2012-08-25 22:19:53

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3003.36 MB
Available physical RAM: 2548.52 MB
Total Pagefile: 2787.36 MB
Available Pagefile: 2631.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1990.35 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:291.7 GB) (Free:77.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (2007.11.03_2329) (CDROM) (Total:0.12 GB) (Free:0 GB) UDF
3 Drive e: (Recovery) (Fixed) (Total:6.39 GB) (Free:0.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (UNTITLED) (Removable) (Total:1.89 GB) (Free:1.75 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 993 KB
Disk 1 Online 1937 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 6540 MB 1024 KB
Partition 2 Primary 292 GB 6541 MB
Partition 3 Primary 1360 KB 298 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 6540 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 292 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1937 MB 1024 B

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F UNTITLED FAT32 Removable 1937 MB Healthy

==================================================================================

Last Boot: 2012-08-28 11:42

==================== End Of Log =============================

[CompCav]

OK our primary objective right now is to get it to boot. So boot into the recovery environment and when it gives you the option to restore select that and use a restore point that is available and once it restores try to boot into normal mode.

This will bring it back in a state where some of the malware we removed is back but we will use ListParts and FRST to remove it after you can boot into normal mode.

Regards,

CompCav

[CompCav]

Maya_k,

I will have to be away so Essexboy is going to step in and help you complete the cleaning of your computer. He is one of my favorite instructors when I was in malware school so you are in very capable hands.

Regards,

CompCav

[Essexboy]