Windows 7 will not reboot. Please help! [Solved]
Started by
mikison
, Nov 25 2012 08:07 PM
This topic is locked
#77
Posted 27 November 2012 - 01:15 PM
mikison
- Topic Starter
-
- Member
-
- 94 posts
Member
I appreciate greatly all of your help; however, I feel like we are at an impasse. I am not ready to delete everything on my computer yet. I need to access some more files on there and try to find out serial numbers, etc. of programs that are necessary for my medical transcription software. I don't know what Puppy is or what it is for. I realize you are extremely busy and I am fairly computer literate, but I am completely lost and not sure where we are at. 
#78
Posted 27 November 2012 - 01:20 PM
CompCav
-
- Expert
-
- 12,454 posts
Member 5k
Puppy linux is to recover files you want from the hard drive. This is separate from the factory reset. You want to do this before the reset 
Read the whole thing below in this post and you will see how it says to back up files to an external drive:
UPDATED April 20, 2012
Use Puppy Linux Live CD to Recover Your Data:
===================
***Required Hardware***
CD Burner (CDRW) Drive,
Blank CD,
Extra Storage Device (USB Flash Drive, External Hard Drive)
===================
1. Save these files to your Desktop/Burn Your Live CD:
2. Set your boot priority in the BIOS to CD-ROM first, Hard Drive Second
3. Recover Your Data
Remember to only click once! No double clicking! Once you drag and drop your first folder, you will notice a small menu will appear giving you the option to move or copy. Choose COPY each time you drag and drop.
YOU ARE DONE!!! Simply click Menu >> Mouse Over Shutdown >> Reboot/Turn Off Computer. Be sure to plug your USB Drive into another working windows machine to verify all data is there and transferred without corruption. Congratulations!
If you're doing this to recover from a virus or malware infection, (or even if you're not), DO NOT copy executable files (.exe, .scr. etc...) if any of these files are infected you could be copying the corruption over to any new device/computer. just copy documents, pictures, music, or videos.
Read the whole thing below in this post and you will see how it says to back up files to an external drive:
UPDATED April 20, 2012
Use Puppy Linux Live CD to Recover Your Data:
===================
***Required Hardware***
CD Burner (CDRW) Drive,
Blank CD,
Extra Storage Device (USB Flash Drive, External Hard Drive)
===================
1. Save these files to your Desktop/Burn Your Live CD:
- Download Latest Puppy Linux ISO (i.e.: lupu-528.iso)
Download BurnCDCC ISO Burning Software
There are instructions on how to boot from flash drive with puppy here; http://www.pendrivel...e-from-windows/
- Open BurnCDCC with Windows Explorer
- Extract All files to a location you can remember
- Double Click
BurnCDCC - Click Browse
and navigate to the Puppy Linux ISO file you just downloaded - Open/Double Click that file
IMPORTANT: Adjust the speed bar to CD: 4x DVD: 1x - Click Start
- Your CD Burner Tray will open automatically
- Insert a blank CD and close the tray
- Click OK
2. Set your boot priority in the BIOS to CD-ROM first, Hard Drive Second
- Start the computer/press the power button
- Immediately start tapping the appropriate key to enter the BIOS, aka "Setup"
(Usually shown during the "Dell" screen, or "Gateway" Screen) - Once in the BIOS, under Advanced BIOS Options change boot priority to:
CD-ROM 1st, Hard Drive 2nd - Open your ROM drive and insert the disk
- Press F10 to save and exit
- Agree with "Y" to continue
- Your computer will restart and boot from the Puppy Linux Live CD
3. Recover Your Data
- Once Puppy Linux has loaded, it is actually running in your computer's Memory (RAM). You will see a fully functioning Graphical User Interface similar to what you normally call "your computer". Internet access may or may not be available depending on your machine, so it is recommended you print these instructions before beginning. Also, double clicking is not needed in Puppy. To expand, or open folders/icons, just click once. Puppy is very light on resources, so you will quickly notice it is much speedier than you are used to. This is normal. Ready? Let's get started.
3a. Mount Drives - Click the Mount Icon located at the top left of your desktop.
- A Window will open. By default, the "drive" tab will be forward/highlighted. Click on Mount for your hard drive.
- Assuming you only have one hard drive and/or partition, there may be only one selection to mount.
- USB Flash Drives usually automatically mount upon boot, but click the "usbdrv" tab and make sure it is mounted.
- If using an external hard drive for the data recovery, do this under the "drive" tab. Mount it now.
- At the bottom left of your desktop a list of all hard drives/partitions, USB Drives, and Optical Drives are listed with a familiar looking hard drive icon.
- Open your old hard drive i.e. sda1
- Next, open your USB Flash Drive or External Drive. i.e. sdc or sdb1
- If you open the wrong drive, simply X out at the top right corner of the window that opens. (Just like in Windows)
- From your old hard drive, drag and drop whatever files/folders you wish to transfer to your USB Drive's Window.
Remember to only click once! No double clicking! Once you drag and drop your first folder, you will notice a small menu will appear giving you the option to move or copy. Choose COPY each time you drag and drop.
YOU ARE DONE!!! Simply click Menu >> Mouse Over Shutdown >> Reboot/Turn Off Computer. Be sure to plug your USB Drive into another working windows machine to verify all data is there and transferred without corruption. Congratulations!
If you're doing this to recover from a virus or malware infection, (or even if you're not), DO NOT copy executable files (.exe, .scr. etc...) if any of these files are infected you could be copying the corruption over to any new device/computer. just copy documents, pictures, music, or videos.
#79
Posted 27 November 2012 - 01:30 PM
mikison
- Topic Starter
-
- Member
-
- 94 posts
Member
I am unable to download the Puppy file from my laptop. It says I need to run as administrator. I am the only user on my computer and under user accounts it says administrator.
aagghh!!!
aagghh!!!
#80
Posted 27 November 2012 - 02:28 PM
CompCav
-
- Expert
-
- 12,454 posts
Member 5k
Try right click and select Run as administrator.
#81
Posted 27 November 2012 - 02:57 PM
mikison
- Topic Starter
-
- Member
-
- 94 posts
Member
I decided to forego Puppy and just do reset. I have tried 3 times, but when the Gateway logo appears and I press ALT and F10, Windows loads normally. I never get the Acer Recovery Management screen.
#82
Posted 27 November 2012 - 03:03 PM
CompCav
-
- Expert
-
- 12,454 posts
Member 5k
So windows is loading normally?
#83
Posted 27 November 2012 - 03:05 PM
mikison
- Topic Starter
-
- Member
-
- 94 posts
Member
Yes, now it is loading, go figure. But nothing really works. Unable to open any programs. I let it load it completely and then shut it down and am trying the reset again.
#84
Posted 27 November 2012 - 03:12 PM
mikison
- Topic Starter
-
- Member
-
- 94 posts
Member
I started the computer and hit ALT and F10 at the same time. I got the windows boot screen and hit ENTER, but then Windows loaded normally again. No programs work, however. Not sure how to do the reset.
Miki
Miki
#85
Posted 27 November 2012 - 03:12 PM
CompCav
-
- Expert
-
- 12,454 posts
Member 5k
OK let me know how it goes.
There may be another way to get to reset, some manufacturers have this:
Boot up like you did for the System restore but look at the choices:
To enter System Recovery Options from the Advanced Boot Options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Do you have all these options?
Are any of them worded differently?
Do you have any other options like "Gateway Recovery Wizard"?
There may be another way to get to reset, some manufacturers have this:
Boot up like you did for the System restore but look at the choices:
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Select English as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Do you have all these options?
Are any of them worded differently?
Do you have any other options like "Gateway Recovery Wizard"?
#86
Posted 27 November 2012 - 03:23 PM
mikison
- Topic Starter
-
- Member
-
- 94 posts
Member
I went into Programs and clicked on Gateway Recovery Management but nothing happened. I went into Task Manager and ended all processes that I knew what they were and they tried the Gateway Recovery Management again. This time it opened! My choices are:
1 Completely restore system to factory defaults
2 restore operating system and retain user data
3 reinstall drivers or applications
Which option should I select? Hoping one of them will work.
After reading the explanations, I chose the first option, but got this message: Hard drive configuration is not set to the factory default. Restore aborted.
THAT DOES NOT SOUND GOOD.. Now what?
1 Completely restore system to factory defaults
2 restore operating system and retain user data
3 reinstall drivers or applications
Which option should I select? Hoping one of them will work.
After reading the explanations, I chose the first option, but got this message: Hard drive configuration is not set to the factory default. Restore aborted.
THAT DOES NOT SOUND GOOD.. Now what?
Edited by mikison, 27 November 2012 - 03:24 PM.
#87
Posted 27 November 2012 - 03:26 PM
CompCav
-
- Expert
-
- 12,454 posts
Member 5k
Good job mikiI went into Programs and clicked on Gateway Recovery Management but nothing happened. I went into Task Manager and ended all processes that I knew what they were and they tried the Gateway Recovery Management again. This time it opened!
You should pic either 1 or 2. Since I thought you wanted to retain some of your data then I would pick number 2 but if you do not need any of it you could choose 1.
Your choice.
#88
Posted 27 November 2012 - 03:34 PM
mikison
- Topic Starter
-
- Member
-
- 94 posts
Member
After reading the explanations, I chose the first option, but got this message: Hard drive configuration is not set to the factory default. Restore aborted. Got the same message with the 2nd option.
THAT DOES NOT SOUND GOOD.. Now what?
THAT DOES NOT SOUND GOOD.. Now what?
#89
Posted 27 November 2012 - 03:37 PM
CompCav
-
- Expert
-
- 12,454 posts
Member 5k
WE need to take a look at the hard drive configuration:
Step 1.
For x32 (x86) bit systems downloadFarbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.
Plug the flashdrive into the infected PC.
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Step 2.
Please post:
FRST.txt
Step 1.
For x32 (x86) bit systems downloadFarbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.
Plug the flashdrive into the infected PC.
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Select English as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Step 2.
Please post:
FRST.txt
#90
Posted 27 November 2012 - 03:55 PM
mikison
- Topic Starter
-
- Member
-
- 94 posts
Member
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012
Ran by SYSTEM at 27-11-2012 16:49:23
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe [153416 2010-02-03] (Acer Corp.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10103840 2010-03-09] (Realtek Semiconductor)
HKLM\...\Run: [TouchPortal] C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe [6314016 2010-04-19] (Acer Corp.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-07-10] (Adobe Systems Incorporated)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s [167008 2009-11-23] (CyberLink Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [1016832 2010-02-22] (Creative Technology Ltd)
HKLM-x32\...\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave [815704 2010-07-08] (GlavSoft LLC.)
HKLM-x32\...\Run: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe [x]
HKLM-x32\...\Run: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START [105632 2010-08-06] (Corel)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [x]
HKLM-x32\...\Run: [HFALoader] C:\Program Files (x86)\Hamster Soft\Hamster Free Zip Archiver\HamsterArc.exe -loader [2260480 2012-03-06] (Hamster Soft)
HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1466760 2012-05-23] (Garmin)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-06-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [x]
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1061960 2012-08-29] (Carbonite, Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
HKU\Owner\...\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\Owner\...\Run: [Spotify] "C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [x]
HKU\Owner\...\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup [522752 2011-09-07] (Corel, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Auto run of VideoCam Suite 1.0.lnk
ShortcutTarget: Auto run of VideoCam Suite 1.0.lnk -> C:\Program Files (x86)\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe (Matsushita Electric Industrial Co., Ltd.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Device Detector 4.lnk
ShortcutTarget: Device Detector 4.lnk -> C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe (OLYMPUS IMAGING CORP.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Directrec Configuration Tool.lnk
ShortcutTarget: Directrec Configuration Tool.lnk -> C:\Program Files (x86)\OLYMPUS\DirectrecConfig\DirectrecConfigurationTool.exe (OLYMPUS IMAGING CORP.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\The Print Shop 23.1\Remind.exe (Broderbund Properties LLC)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\Owner\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Services (Whitelisted) ===================
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll [4539712 2012-11-09] (Akamai Technologies, Inc.)
3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
2 avgfws; "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" [2321560 2012-06-12] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 LPDSVC; C:\Windows\System32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
2 tvnserver; "C:\Program Files (x86)\TightVNC\tvnserver.exe" -service [815704 2010-07-08] (GlavSoft LLC.)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
==================== Drivers (Whitelisted) =====================
1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)
1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2012-11-27 09:44 - 2012-11-27 09:43 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-1.65.1.1000.exe
2012-11-27 08:44 - 2012-11-27 13:42 - 00054672 ____A C:\Windows\WindowsUpdate.log
2012-11-27 08:37 - 2012-11-25 21:25 - 00480125 ____A C:\Users\Owner\Desktop\AdwCleaner.exe
2012-11-27 08:35 - 2012-11-27 08:35 - 00051101 ____A C:\ComboFix.txt
2012-11-27 08:25 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-27 08:25 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-27 08:25 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-27 08:25 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-27 08:25 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-27 08:25 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-27 08:25 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-27 08:24 - 2012-11-27 08:33 - 00000000 ____D C:\Windows\erdnt
2012-11-27 08:24 - 2012-11-26 20:42 - 05007135 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2012-11-27 08:23 - 2012-11-27 08:23 - 00001242 ____A C:\Users\Owner\Desktop\RKreport[3]_SC_11272012_02d1123.txt
2012-11-27 08:18 - 2012-11-27 08:18 - 00002381 ____A C:\Users\Owner\Desktop\RKreport[2]_D_11272012_02d1118.txt
2012-11-27 08:09 - 2012-11-27 08:09 - 00002823 ____A C:\Users\Owner\Desktop\RKreport[1]_S_11272012_02d1109.txt
2012-11-27 04:37 - 2012-11-27 04:37 - 00031878 ____A C:\Users\Owner\Desktop\ComboFix3.txt
2012-11-26 19:48 - 2012-11-26 19:48 - 00000000 ____D C:\Users\All Users\Mozilla
2012-11-26 18:26 - 2012-11-27 06:35 - 00003673 ____A C:\Users\Owner\Desktop\FSS.txt
2012-11-26 16:02 - 2012-11-26 16:02 - 00000158 ____A C:\Users\Owner\Desktop\Find version.url
2012-11-26 15:15 - 2012-11-26 15:15 - 00000328 ____A C:\Users\Owner\Desktop\Uninstall Flash Player Windows.url
2012-11-26 14:30 - 2012-11-26 14:30 - 00049474 ____A C:\JavaRa.log
2012-11-26 14:27 - 2012-11-26 14:27 - 00000000 ____D C:\Users\Owner\Desktop\JavaRa
2012-11-26 14:26 - 2012-11-26 14:26 - 00160350 ____A C:\Users\Owner\Desktop\JavaRa.zip
2012-11-26 14:22 - 2012-11-26 14:22 - 00000399 ____A C:\Users\Owner\Desktop\Windows 7 will not reboot. Please help! - Geeks to Go Forums - Page 2.url
2012-11-26 11:02 - 2012-11-26 11:13 - 00002120 ____A C:\scu.dat
2012-11-26 08:31 - 2012-11-26 08:31 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-26 04:19 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-11-26 04:19 - 2012-08-24 10:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-11-26 04:19 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-11-26 04:19 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-11-26 04:19 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-11-26 00:32 - 2012-11-26 00:32 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-26 00:32 - 2012-11-26 00:32 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-26 00:32 - 2012-11-26 00:32 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-26 00:31 - 2012-11-26 00:31 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-26 00:31 - 2012-11-26 00:31 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-26 00:31 - 2012-11-26 00:31 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-26 00:11 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-26 00:11 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-26 00:09 - 2012-02-29 22:33 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-11-26 00:09 - 2012-02-29 21:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-11-25 23:59 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-25 23:59 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-25 23:59 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-25 23:59 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-25 23:59 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-11-25 23:59 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-11-25 23:58 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-11-25 23:58 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-11-25 23:58 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-11-25 23:58 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-11-25 23:58 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-11-25 23:58 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-11-25 23:58 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-11-25 23:58 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-11-25 23:57 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-25 23:57 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-11-25 23:57 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-11-25 23:57 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-11-25 23:57 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-11-25 23:57 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-11-25 23:57 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-11-25 23:57 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-11-25 23:57 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-11-25 23:57 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-11-25 23:40 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-11-25 23:40 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-11-25 23:40 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-11-25 22:50 - 2012-11-25 22:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TuneUp Software
2012-11-25 22:47 - 2012-11-25 22:50 - 00000000 ____D C:\Users\All Users\AVG2013
2012-11-25 22:44 - 2012-11-26 16:49 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg2013
2012-11-25 22:44 - 2012-11-25 22:44 - 00000000 ____D C:\Users\Owner\AppData\Local\MFAData
2012-11-25 22:22 - 2012-11-27 11:03 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2012-11-25 22:08 - 2012-11-26 05:18 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-25 22:07 - 2012-11-25 21:27 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2012-11-25 21:57 - 2012-11-25 21:57 - 00000898 ____A C:\AdwCleaner[S2].txt
2012-11-25 21:31 - 2012-11-27 10:59 - 00000000 ____D C:\FRST
2012-11-25 20:26 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-25 20:13 - 2012-11-27 08:18 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine
2012-11-25 20:13 - 2012-11-25 19:47 - 00752128 ____A C:\Users\Owner\Desktop\RogueKiller.exe
2012-11-14 11:16 - 2012-11-14 11:17 - 00000000 ____D C:\Users\Owner\Desktop\Fuji camera
2012-11-14 10:39 - 2012-11-14 10:39 - 00002103 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2012-11-04 17:07 - 2012-11-04 17:07 - 00000000 ____D C:\Users\Owner\Documents\Leawo
2012-11-04 16:22 - 2012-11-04 16:22 - 00000000 ____D C:\Users\Owner\AppData\Local\leawo
2012-11-04 13:35 - 2012-08-21 10:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-11-04 13:34 - 2012-11-27 07:20 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-04 13:34 - 2012-11-27 07:20 - 00000000 ____D C:\Program Files\iTunes
2012-11-04 13:34 - 2012-11-27 07:20 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-11-04 13:34 - 2012-11-27 07:04 - 00000000 ____D C:\Program Files\iPod
2012-11-04 13:24 - 2012-11-27 07:04 - 00000000 ____D C:\Program Files (x86)\Leawo
2012-11-04 13:24 - 2012-11-04 13:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\com.leawo.imediago
2012-11-03 21:00 - 2012-11-27 13:44 - 00001648 ____A C:\Windows\setupact.log
2012-11-03 21:00 - 2012-11-03 21:00 - 00000000 ____A C:\Windows\setuperr.log
2012-10-29 07:51 - 2012-10-29 08:08 - 00000000 ____D C:\Users\Owner\Desktop\usb
==================== One Month Modified Files and Folders =======
2012-11-27 13:46 - 2010-09-12 08:55 - 00000436 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-11-27 13:45 - 2010-09-06 14:20 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-27 13:44 - 2012-11-03 21:00 - 00001648 ____A C:\Windows\setupact.log
2012-11-27 13:44 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-27 13:42 - 2012-11-27 08:44 - 00054672 ____A C:\Windows\WindowsUpdate.log
2012-11-27 13:19 - 2010-09-06 14:20 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-27 13:17 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-27 13:17 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-27 13:16 - 2009-07-13 21:13 - 00005720 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-27 12:55 - 2010-04-12 19:06 - 00419950 ____A C:\Windows\PFRO.log
2012-11-27 12:02 - 2010-09-08 10:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Corel
2012-11-27 12:00 - 2012-11-27 12:00 - 00000008 __RSH C:\Users\All Users\4EED2E65AC.sys
2012-11-27 12:00 - 2011-06-27 21:19 - 00005642 ___AS C:\Users\All Users\KGyGaAvL.sys
2012-11-27 12:00 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\My PSP Files
2012-11-27 11:03 - 2012-11-25 22:22 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2012-11-27 10:59 - 2012-11-25 21:31 - 00000000 ____D C:\FRST
2012-11-27 10:37 - 2011-05-31 16:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-27 10:24 - 2010-09-06 16:03 - 00000000 ____D C:\Users\Owner\Documents\Outlook Files
2012-11-27 09:43 - 2012-11-27 09:44 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-1.65.1.1000.exe
2012-11-27 08:35 - 2012-11-27 08:35 - 00051101 ____A C:\ComboFix.txt
2012-11-27 08:35 - 2010-09-06 16:32 - 00000000 ____D C:\Qoobox
2012-11-27 08:33 - 2012-11-27 08:24 - 00000000 ____D C:\Windows\erdnt
2012-11-27 08:32 - 2010-09-03 15:39 - 00000000 ____D C:\users\Owner
2012-11-27 08:32 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-11-27 08:23 - 2012-11-27 08:23 - 00001242 ____A C:\Users\Owner\Desktop\RKreport[3]_SC_11272012_02d1123.txt
2012-11-27 08:18 - 2012-11-27 08:18 - 00002381 ____A C:\Users\Owner\Desktop\RKreport[2]_D_11272012_02d1118.txt
2012-11-27 08:18 - 2012-11-25 20:13 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine
2012-11-27 08:09 - 2012-11-27 08:09 - 00002823 ____A C:\Users\Owner\Desktop\RKreport[1]_S_11272012_02d1109.txt
2012-11-27 08:08 - 2010-07-09 05:23 - 00568080 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-27 07:21 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ShellNew
2012-11-27 07:21 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-11-27 07:21 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2012-11-27 07:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-27 07:20 - 2012-11-04 13:34 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-27 07:20 - 2012-11-04 13:34 - 00000000 ____D C:\Program Files\iTunes
2012-11-27 07:20 - 2012-11-04 13:34 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-11-27 07:20 - 2012-01-05 16:23 - 00000000 ____D C:\Windows\System32\Macromed
2012-11-27 07:20 - 2011-12-23 02:24 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-11-27 07:20 - 2011-12-15 21:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVG2012
2012-11-27 07:20 - 2011-12-15 21:34 - 00000000 ____D C:\Users\All Users\AVG2012
2012-11-27 07:20 - 2011-11-01 14:41 - 00000000 ____D C:\Users\Owner\AppData\Local\Akamai
2012-11-27 07:20 - 2011-09-11 10:31 - 00000000 ____D C:\Users\All Users\CanonIJScan
2012-11-27 07:20 - 2011-09-02 21:41 - 00000000 ____D C:\Users\All Users\CanonIJEGV
2012-11-27 07:20 - 2011-08-10 02:33 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-11-27 07:20 - 2011-08-10 00:26 - 00000000 ____D C:\Users\All Users\AVG Security Toolbar
2012-11-27 07:20 - 2011-08-10 00:22 - 00000000 ____D C:\Users\All Users\MFAData
2012-11-27 07:20 - 2011-07-28 21:26 - 00000000 ____D C:\Users\Owner\Desktop\Digital Scrapbooking
2012-11-27 07:20 - 2011-04-08 19:44 - 00000000 ____D C:\Users\Owner\Desktop\Travel
2012-11-27 07:20 - 2010-12-01 06:34 - 00000000 ____D C:\Program Files\Carbonite
2012-11-27 07:20 - 2010-12-01 06:34 - 00000000 ____D C:\Program Files (x86)\Carbonite
2012-11-27 07:20 - 2010-11-16 18:13 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HamsterSoft
2012-11-27 07:20 - 2010-09-09 22:13 - 00000000 ____D C:\Users\Owner\Desktop\Comp
2012-11-27 07:20 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\Transcription
2012-11-27 07:20 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\My Data Sources
2012-11-27 07:20 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\My Albums
2012-11-27 07:20 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\Image Converter Plus
2012-11-27 07:20 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Desktop\Video Camera
2012-11-27 07:20 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Desktop\Prod
2012-11-27 07:20 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Desktop\Misc
2012-11-27 07:20 - 2010-09-06 16:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-27 07:20 - 2010-09-06 16:27 - 00000000 ____D C:\HSORGVIS
2012-11-27 07:20 - 2010-09-06 16:26 - 00000000 ____D C:\Abacus
2012-11-27 07:20 - 2010-09-06 14:27 - 00000000 ____D C:\Program Files (x86)\AVG
2012-11-27 07:20 - 2010-09-04 04:44 - 00000000 ____D C:\Users\Owner\AppData\Local\Microsoft Help
2012-11-27 07:20 - 2010-09-03 16:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TouchGadget
2012-11-27 07:20 - 2010-04-12 19:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2012-11-27 07:20 - 2010-04-12 19:02 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-11-27 07:20 - 2010-04-12 18:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2012-11-27 07:20 - 2010-04-12 18:43 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-27 07:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-11-27 07:20 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-11-27 07:19 - 2011-12-07 07:11 - 00000000 ____D C:\Windows\Minidump
2012-11-27 07:18 - 2010-09-03 18:29 - 00000000 ____D C:\Windows\softwaredistribution.bak
2012-11-27 07:09 - 2010-11-16 17:38 - 00000000 ____D C:\Users\Owner\Documents\RER Soft, Inc
2012-11-27 07:09 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\Website TCA files
2012-11-27 07:09 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\Website MT files
2012-11-27 07:09 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\Website knight run files
2012-11-27 07:09 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\Website H2O kids files
2012-11-27 07:09 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\My Webs
2012-11-27 07:08 - 2011-05-29 07:00 - 00000000 ____D C:\Users\Owner\Desktop\School
2012-11-27 07:06 - 2010-09-03 16:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Macromedia
2012-11-27 07:05 - 2012-06-13 13:00 - 00000000 ____D C:\Users\All Users\Real
2012-11-27 07:05 - 2010-09-09 12:40 - 00000000 ____D C:\Users\All Users\CanonBJ
2012-11-27 07:05 - 2010-09-06 16:26 - 00000000 ____D C:\Users\Miki Blumenthal\Application Data\GTek
2012-11-27 07:05 - 2010-09-06 16:26 - 00000000 ____D C:\users\Miki Blumenthal
2012-11-27 07:05 - 2009-07-13 19:20 - 00000000 ___RD C:\users\Default
2012-11-27 07:04 - 2012-11-04 13:34 - 00000000 ____D C:\Program Files\iPod
2012-11-27 07:04 - 2012-11-04 13:24 - 00000000 ____D C:\Program Files (x86)\Leawo
2012-11-27 07:04 - 2010-04-12 19:02 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-27 07:02 - 2010-04-12 19:08 - 00000000 ____D C:\OEM
2012-11-27 06:35 - 2012-11-26 18:26 - 00003673 ____A C:\Users\Owner\Desktop\FSS.txt
2012-11-27 04:37 - 2012-11-27 04:37 - 00031878 ____A C:\Users\Owner\Desktop\ComboFix3.txt
2012-11-26 20:42 - 2012-11-27 08:24 - 05007135 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2012-11-26 19:48 - 2012-11-26 19:48 - 00000000 ____D C:\Users\All Users\Mozilla
2012-11-26 16:49 - 2012-11-25 22:44 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg2013
2012-11-26 16:02 - 2012-11-26 16:02 - 00000158 ____A C:\Users\Owner\Desktop\Find version.url
2012-11-26 15:15 - 2012-11-26 15:15 - 00000328 ____A C:\Users\Owner\Desktop\Uninstall Flash Player Windows.url
2012-11-26 15:11 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\Surf Express
2012-11-26 14:47 - 2010-09-08 03:19 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2012-11-26 14:30 - 2012-11-26 14:30 - 00049474 ____A C:\JavaRa.log
2012-11-26 14:27 - 2012-11-26 14:27 - 00000000 ____D C:\Users\Owner\Desktop\JavaRa
2012-11-26 14:26 - 2012-11-26 14:26 - 00160350 ____A C:\Users\Owner\Desktop\JavaRa.zip
2012-11-26 14:22 - 2012-11-26 14:22 - 00000399 ____A C:\Users\Owner\Desktop\Windows 7 will not reboot. Please help! - Geeks to Go Forums - Page 2.url
2012-11-26 11:13 - 2012-11-26 11:02 - 00002120 ____A C:\scu.dat
2012-11-26 08:31 - 2012-11-26 08:31 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-26 05:18 - 2012-11-25 22:08 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-26 00:32 - 2012-11-26 00:32 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-26 00:32 - 2012-11-26 00:32 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-26 00:32 - 2012-11-26 00:32 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-26 00:31 - 2012-11-26 00:31 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-26 00:31 - 2012-11-26 00:31 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-26 00:31 - 2012-11-26 00:31 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-25 22:51 - 2011-04-12 07:30 - 00000000 ____D C:\$AVG
2012-11-25 22:50 - 2012-11-25 22:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TuneUp Software
2012-11-25 22:50 - 2012-11-25 22:47 - 00000000 ____D C:\Users\All Users\AVG2013
2012-11-25 22:44 - 2012-11-25 22:44 - 00000000 ____D C:\Users\Owner\AppData\Local\MFAData
2012-11-25 21:57 - 2012-11-25 21:57 - 00000898 ____A C:\AdwCleaner[S2].txt
2012-11-25 21:27 - 2012-11-25 22:07 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2012-11-25 21:25 - 2012-11-27 08:37 - 00480125 ____A C:\Users\Owner\Desktop\AdwCleaner.exe
2012-11-25 20:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-11-25 19:47 - 2012-11-25 20:13 - 00752128 ____A C:\Users\Owner\Desktop\RogueKiller.exe
2012-11-25 16:16 - 2010-12-25 08:31 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-11-25 13:04 - 2011-08-10 02:58 - 00000000 ____D C:\Users\Owner\Desktop\MT
2012-11-14 11:17 - 2012-11-14 11:16 - 00000000 ____D C:\Users\Owner\Desktop\Fuji camera
2012-11-14 10:39 - 2012-11-14 10:39 - 00002103 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2012-11-08 13:19 - 2012-08-30 11:50 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-11-06 09:02 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\MT
2012-11-04 17:07 - 2012-11-04 17:07 - 00000000 ____D C:\Users\Owner\Documents\Leawo
2012-11-04 16:23 - 2010-12-25 08:31 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Apple Computer
2012-11-04 16:22 - 2012-11-04 16:22 - 00000000 ____D C:\Users\Owner\AppData\Local\leawo
2012-11-04 13:24 - 2012-11-04 13:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\com.leawo.imediago
2012-11-03 21:00 - 2012-11-03 21:00 - 00000000 ____A C:\Windows\setuperr.log
2012-10-29 10:05 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-10-29 08:08 - 2012-10-29 07:51 - 00000000 ____D C:\Users\Owner\Desktop\usb
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-11-25 23:19:21
Restore point made on: 2012-11-26 00:01:18
Restore point made on: 2012-11-26 03:39:53
Restore point made on: 2012-11-26 04:20:12
Restore point made on: 2012-11-26 14:45:11
Restore point made on: 2012-11-26 14:46:41
Restore point made on: 2012-11-27 06:58:42
Restore point made on: 2012-11-27 08:49:40
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 3839.3 MB
Available physical RAM: 3238.64 MB
Total Pagefile: 3837.45 MB
Available Pagefile: 3244.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
==================== Partitions =============================
1 Drive c: (Gateway) (Fixed) (Total:596.17 GB) (Free:364.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:7.45 GB) (Free:1.51 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 7648 MB 0 B
Disk 2 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 596 GB 1024 KB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Gateway NTFS Partition 596 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7646 MB 1132 KB
==================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT32 Removable 7646 MB Healthy
=========================================================
Last Boot: 2012-11-24 21:26
==================== End Of Log =============================
Ran by SYSTEM at 27-11-2012 16:49:23
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe [153416 2010-02-03] (Acer Corp.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10103840 2010-03-09] (Realtek Semiconductor)
HKLM\...\Run: [TouchPortal] C:\Program Files (x86)\Gateway\Gateway Touch Suite\TouchPortal.exe [6314016 2010-04-19] (Acer Corp.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-07-10] (Adobe Systems Incorporated)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s [167008 2009-11-23] (CyberLink Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [1016832 2010-02-22] (Creative Technology Ltd)
HKLM-x32\...\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave [815704 2010-07-08] (GlavSoft LLC.)
HKLM-x32\...\Run: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe [x]
HKLM-x32\...\Run: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START [105632 2010-08-06] (Corel)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [x]
HKLM-x32\...\Run: [HFALoader] C:\Program Files (x86)\Hamster Soft\Hamster Free Zip Archiver\HamsterArc.exe -loader [2260480 2012-03-06] (Hamster Soft)
HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1466760 2012-05-23] (Garmin)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-06-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [x]
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1061960 2012-08-29] (Carbonite, Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
HKU\Owner\...\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\Owner\...\Run: [Spotify] "C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [x]
HKU\Owner\...\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup [522752 2011-09-07] (Corel, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Auto run of VideoCam Suite 1.0.lnk
ShortcutTarget: Auto run of VideoCam Suite 1.0.lnk -> C:\Program Files (x86)\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe (Matsushita Electric Industrial Co., Ltd.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Device Detector 4.lnk
ShortcutTarget: Device Detector 4.lnk -> C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe (OLYMPUS IMAGING CORP.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Directrec Configuration Tool.lnk
ShortcutTarget: Directrec Configuration Tool.lnk -> C:\Program Files (x86)\OLYMPUS\DirectrecConfig\DirectrecConfigurationTool.exe (OLYMPUS IMAGING CORP.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\The Print Shop 23.1\Remind.exe (Broderbund Properties LLC)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\Owner\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Services (Whitelisted) ===================
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll [4539712 2012-11-09] (Akamai Technologies, Inc.)
3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
2 avgfws; "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" [2321560 2012-06-12] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 LPDSVC; C:\Windows\System32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
2 tvnserver; "C:\Program Files (x86)\TightVNC\tvnserver.exe" -service [815704 2010-07-08] (GlavSoft LLC.)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
==================== Drivers (Whitelisted) =====================
1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)
1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2012-11-27 09:44 - 2012-11-27 09:43 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-1.65.1.1000.exe
2012-11-27 08:44 - 2012-11-27 13:42 - 00054672 ____A C:\Windows\WindowsUpdate.log
2012-11-27 08:37 - 2012-11-25 21:25 - 00480125 ____A C:\Users\Owner\Desktop\AdwCleaner.exe
2012-11-27 08:35 - 2012-11-27 08:35 - 00051101 ____A C:\ComboFix.txt
2012-11-27 08:25 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-27 08:25 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-27 08:25 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-27 08:25 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-27 08:25 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-27 08:25 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-27 08:25 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-27 08:24 - 2012-11-27 08:33 - 00000000 ____D C:\Windows\erdnt
2012-11-27 08:24 - 2012-11-26 20:42 - 05007135 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2012-11-27 08:23 - 2012-11-27 08:23 - 00001242 ____A C:\Users\Owner\Desktop\RKreport[3]_SC_11272012_02d1123.txt
2012-11-27 08:18 - 2012-11-27 08:18 - 00002381 ____A C:\Users\Owner\Desktop\RKreport[2]_D_11272012_02d1118.txt
2012-11-27 08:09 - 2012-11-27 08:09 - 00002823 ____A C:\Users\Owner\Desktop\RKreport[1]_S_11272012_02d1109.txt
2012-11-27 04:37 - 2012-11-27 04:37 - 00031878 ____A C:\Users\Owner\Desktop\ComboFix3.txt
2012-11-26 19:48 - 2012-11-26 19:48 - 00000000 ____D C:\Users\All Users\Mozilla
2012-11-26 18:26 - 2012-11-27 06:35 - 00003673 ____A C:\Users\Owner\Desktop\FSS.txt
2012-11-26 16:02 - 2012-11-26 16:02 - 00000158 ____A C:\Users\Owner\Desktop\Find version.url
2012-11-26 15:15 - 2012-11-26 15:15 - 00000328 ____A C:\Users\Owner\Desktop\Uninstall Flash Player Windows.url
2012-11-26 14:30 - 2012-11-26 14:30 - 00049474 ____A C:\JavaRa.log
2012-11-26 14:27 - 2012-11-26 14:27 - 00000000 ____D C:\Users\Owner\Desktop\JavaRa
2012-11-26 14:26 - 2012-11-26 14:26 - 00160350 ____A C:\Users\Owner\Desktop\JavaRa.zip
2012-11-26 14:22 - 2012-11-26 14:22 - 00000399 ____A C:\Users\Owner\Desktop\Windows 7 will not reboot. Please help! - Geeks to Go Forums - Page 2.url
2012-11-26 11:02 - 2012-11-26 11:13 - 00002120 ____A C:\scu.dat
2012-11-26 08:31 - 2012-11-26 08:31 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-26 04:19 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-11-26 04:19 - 2012-08-24 10:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-11-26 04:19 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-11-26 04:19 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-11-26 04:19 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-11-26 00:32 - 2012-11-26 00:32 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-26 00:32 - 2012-11-26 00:32 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-26 00:32 - 2012-11-26 00:32 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-26 00:31 - 2012-11-26 00:31 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-26 00:31 - 2012-11-26 00:31 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-26 00:31 - 2012-11-26 00:31 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-26 00:11 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-26 00:11 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-26 00:09 - 2012-02-29 22:33 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-11-26 00:09 - 2012-02-29 21:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-11-25 23:59 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-25 23:59 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-25 23:59 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-25 23:59 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-25 23:59 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-11-25 23:59 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-11-25 23:58 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-11-25 23:58 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-11-25 23:58 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-11-25 23:58 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-11-25 23:58 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-11-25 23:58 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-11-25 23:58 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-11-25 23:58 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-11-25 23:57 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-25 23:57 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-11-25 23:57 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-11-25 23:57 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-11-25 23:57 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-11-25 23:57 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-11-25 23:57 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-11-25 23:57 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-11-25 23:57 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-11-25 23:57 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-11-25 23:40 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-11-25 23:40 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-11-25 23:40 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-11-25 22:50 - 2012-11-25 22:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TuneUp Software
2012-11-25 22:47 - 2012-11-25 22:50 - 00000000 ____D C:\Users\All Users\AVG2013
2012-11-25 22:44 - 2012-11-26 16:49 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg2013
2012-11-25 22:44 - 2012-11-25 22:44 - 00000000 ____D C:\Users\Owner\AppData\Local\MFAData
2012-11-25 22:22 - 2012-11-27 11:03 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2012-11-25 22:08 - 2012-11-26 05:18 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-25 22:07 - 2012-11-25 21:27 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2012-11-25 21:57 - 2012-11-25 21:57 - 00000898 ____A C:\AdwCleaner[S2].txt
2012-11-25 21:31 - 2012-11-27 10:59 - 00000000 ____D C:\FRST
2012-11-25 20:26 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-25 20:13 - 2012-11-27 08:18 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine
2012-11-25 20:13 - 2012-11-25 19:47 - 00752128 ____A C:\Users\Owner\Desktop\RogueKiller.exe
2012-11-14 11:16 - 2012-11-14 11:17 - 00000000 ____D C:\Users\Owner\Desktop\Fuji camera
2012-11-14 10:39 - 2012-11-14 10:39 - 00002103 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2012-11-04 17:07 - 2012-11-04 17:07 - 00000000 ____D C:\Users\Owner\Documents\Leawo
2012-11-04 16:22 - 2012-11-04 16:22 - 00000000 ____D C:\Users\Owner\AppData\Local\leawo
2012-11-04 13:35 - 2012-08-21 10:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-11-04 13:34 - 2012-11-27 07:20 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-04 13:34 - 2012-11-27 07:20 - 00000000 ____D C:\Program Files\iTunes
2012-11-04 13:34 - 2012-11-27 07:20 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-11-04 13:34 - 2012-11-27 07:04 - 00000000 ____D C:\Program Files\iPod
2012-11-04 13:24 - 2012-11-27 07:04 - 00000000 ____D C:\Program Files (x86)\Leawo
2012-11-04 13:24 - 2012-11-04 13:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\com.leawo.imediago
2012-11-03 21:00 - 2012-11-27 13:44 - 00001648 ____A C:\Windows\setupact.log
2012-11-03 21:00 - 2012-11-03 21:00 - 00000000 ____A C:\Windows\setuperr.log
2012-10-29 07:51 - 2012-10-29 08:08 - 00000000 ____D C:\Users\Owner\Desktop\usb
==================== One Month Modified Files and Folders =======
2012-11-27 13:46 - 2010-09-12 08:55 - 00000436 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-11-27 13:45 - 2010-09-06 14:20 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-27 13:44 - 2012-11-03 21:00 - 00001648 ____A C:\Windows\setupact.log
2012-11-27 13:44 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-27 13:42 - 2012-11-27 08:44 - 00054672 ____A C:\Windows\WindowsUpdate.log
2012-11-27 13:19 - 2010-09-06 14:20 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-27 13:17 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-27 13:17 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-27 13:16 - 2009-07-13 21:13 - 00005720 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-27 12:55 - 2010-04-12 19:06 - 00419950 ____A C:\Windows\PFRO.log
2012-11-27 12:02 - 2010-09-08 10:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Corel
2012-11-27 12:00 - 2012-11-27 12:00 - 00000008 __RSH C:\Users\All Users\4EED2E65AC.sys
2012-11-27 12:00 - 2011-06-27 21:19 - 00005642 ___AS C:\Users\All Users\KGyGaAvL.sys
2012-11-27 12:00 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\My PSP Files
2012-11-27 11:03 - 2012-11-25 22:22 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2012-11-27 10:59 - 2012-11-25 21:31 - 00000000 ____D C:\FRST
2012-11-27 10:37 - 2011-05-31 16:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-27 10:24 - 2010-09-06 16:03 - 00000000 ____D C:\Users\Owner\Documents\Outlook Files
2012-11-27 09:43 - 2012-11-27 09:44 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-1.65.1.1000.exe
2012-11-27 08:35 - 2012-11-27 08:35 - 00051101 ____A C:\ComboFix.txt
2012-11-27 08:35 - 2010-09-06 16:32 - 00000000 ____D C:\Qoobox
2012-11-27 08:33 - 2012-11-27 08:24 - 00000000 ____D C:\Windows\erdnt
2012-11-27 08:32 - 2010-09-03 15:39 - 00000000 ____D C:\users\Owner
2012-11-27 08:32 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-11-27 08:23 - 2012-11-27 08:23 - 00001242 ____A C:\Users\Owner\Desktop\RKreport[3]_SC_11272012_02d1123.txt
2012-11-27 08:18 - 2012-11-27 08:18 - 00002381 ____A C:\Users\Owner\Desktop\RKreport[2]_D_11272012_02d1118.txt
2012-11-27 08:18 - 2012-11-25 20:13 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine
2012-11-27 08:09 - 2012-11-27 08:09 - 00002823 ____A C:\Users\Owner\Desktop\RKreport[1]_S_11272012_02d1109.txt
2012-11-27 08:08 - 2010-07-09 05:23 - 00568080 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-27 07:21 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ShellNew
2012-11-27 07:21 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-11-27 07:21 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2012-11-27 07:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-27 07:20 - 2012-11-04 13:34 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-27 07:20 - 2012-11-04 13:34 - 00000000 ____D C:\Program Files\iTunes
2012-11-27 07:20 - 2012-11-04 13:34 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-11-27 07:20 - 2012-01-05 16:23 - 00000000 ____D C:\Windows\System32\Macromed
2012-11-27 07:20 - 2011-12-23 02:24 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-11-27 07:20 - 2011-12-15 21:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVG2012
2012-11-27 07:20 - 2011-12-15 21:34 - 00000000 ____D C:\Users\All Users\AVG2012
2012-11-27 07:20 - 2011-11-01 14:41 - 00000000 ____D C:\Users\Owner\AppData\Local\Akamai
2012-11-27 07:20 - 2011-09-11 10:31 - 00000000 ____D C:\Users\All Users\CanonIJScan
2012-11-27 07:20 - 2011-09-02 21:41 - 00000000 ____D C:\Users\All Users\CanonIJEGV
2012-11-27 07:20 - 2011-08-10 02:33 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-11-27 07:20 - 2011-08-10 00:26 - 00000000 ____D C:\Users\All Users\AVG Security Toolbar
2012-11-27 07:20 - 2011-08-10 00:22 - 00000000 ____D C:\Users\All Users\MFAData
2012-11-27 07:20 - 2011-07-28 21:26 - 00000000 ____D C:\Users\Owner\Desktop\Digital Scrapbooking
2012-11-27 07:20 - 2011-04-08 19:44 - 00000000 ____D C:\Users\Owner\Desktop\Travel
2012-11-27 07:20 - 2010-12-01 06:34 - 00000000 ____D C:\Program Files\Carbonite
2012-11-27 07:20 - 2010-12-01 06:34 - 00000000 ____D C:\Program Files (x86)\Carbonite
2012-11-27 07:20 - 2010-11-16 18:13 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HamsterSoft
2012-11-27 07:20 - 2010-09-09 22:13 - 00000000 ____D C:\Users\Owner\Desktop\Comp
2012-11-27 07:20 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\Transcription
2012-11-27 07:20 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\My Data Sources
2012-11-27 07:20 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\My Albums
2012-11-27 07:20 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\Image Converter Plus
2012-11-27 07:20 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Desktop\Video Camera
2012-11-27 07:20 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Desktop\Prod
2012-11-27 07:20 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Desktop\Misc
2012-11-27 07:20 - 2010-09-06 16:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-27 07:20 - 2010-09-06 16:27 - 00000000 ____D C:\HSORGVIS
2012-11-27 07:20 - 2010-09-06 16:26 - 00000000 ____D C:\Abacus
2012-11-27 07:20 - 2010-09-06 14:27 - 00000000 ____D C:\Program Files (x86)\AVG
2012-11-27 07:20 - 2010-09-04 04:44 - 00000000 ____D C:\Users\Owner\AppData\Local\Microsoft Help
2012-11-27 07:20 - 2010-09-03 16:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TouchGadget
2012-11-27 07:20 - 2010-04-12 19:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2012-11-27 07:20 - 2010-04-12 19:02 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-11-27 07:20 - 2010-04-12 18:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2012-11-27 07:20 - 2010-04-12 18:43 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-27 07:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-11-27 07:20 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-11-27 07:19 - 2011-12-07 07:11 - 00000000 ____D C:\Windows\Minidump
2012-11-27 07:18 - 2010-09-03 18:29 - 00000000 ____D C:\Windows\softwaredistribution.bak
2012-11-27 07:09 - 2010-11-16 17:38 - 00000000 ____D C:\Users\Owner\Documents\RER Soft, Inc
2012-11-27 07:09 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\Website TCA files
2012-11-27 07:09 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\Website MT files
2012-11-27 07:09 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\Website knight run files
2012-11-27 07:09 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\Website H2O kids files
2012-11-27 07:09 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\My Webs
2012-11-27 07:08 - 2011-05-29 07:00 - 00000000 ____D C:\Users\Owner\Desktop\School
2012-11-27 07:06 - 2010-09-03 16:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Macromedia
2012-11-27 07:05 - 2012-06-13 13:00 - 00000000 ____D C:\Users\All Users\Real
2012-11-27 07:05 - 2010-09-09 12:40 - 00000000 ____D C:\Users\All Users\CanonBJ
2012-11-27 07:05 - 2010-09-06 16:26 - 00000000 ____D C:\Users\Miki Blumenthal\Application Data\GTek
2012-11-27 07:05 - 2010-09-06 16:26 - 00000000 ____D C:\users\Miki Blumenthal
2012-11-27 07:05 - 2009-07-13 19:20 - 00000000 ___RD C:\users\Default
2012-11-27 07:04 - 2012-11-04 13:34 - 00000000 ____D C:\Program Files\iPod
2012-11-27 07:04 - 2012-11-04 13:24 - 00000000 ____D C:\Program Files (x86)\Leawo
2012-11-27 07:04 - 2010-04-12 19:02 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-27 07:02 - 2010-04-12 19:08 - 00000000 ____D C:\OEM
2012-11-27 06:35 - 2012-11-26 18:26 - 00003673 ____A C:\Users\Owner\Desktop\FSS.txt
2012-11-27 04:37 - 2012-11-27 04:37 - 00031878 ____A C:\Users\Owner\Desktop\ComboFix3.txt
2012-11-26 20:42 - 2012-11-27 08:24 - 05007135 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2012-11-26 19:48 - 2012-11-26 19:48 - 00000000 ____D C:\Users\All Users\Mozilla
2012-11-26 16:49 - 2012-11-25 22:44 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg2013
2012-11-26 16:02 - 2012-11-26 16:02 - 00000158 ____A C:\Users\Owner\Desktop\Find version.url
2012-11-26 15:15 - 2012-11-26 15:15 - 00000328 ____A C:\Users\Owner\Desktop\Uninstall Flash Player Windows.url
2012-11-26 15:11 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\Surf Express
2012-11-26 14:47 - 2010-09-08 03:19 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2012-11-26 14:30 - 2012-11-26 14:30 - 00049474 ____A C:\JavaRa.log
2012-11-26 14:27 - 2012-11-26 14:27 - 00000000 ____D C:\Users\Owner\Desktop\JavaRa
2012-11-26 14:26 - 2012-11-26 14:26 - 00160350 ____A C:\Users\Owner\Desktop\JavaRa.zip
2012-11-26 14:22 - 2012-11-26 14:22 - 00000399 ____A C:\Users\Owner\Desktop\Windows 7 will not reboot. Please help! - Geeks to Go Forums - Page 2.url
2012-11-26 11:13 - 2012-11-26 11:02 - 00002120 ____A C:\scu.dat
2012-11-26 08:31 - 2012-11-26 08:31 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-26 05:18 - 2012-11-25 22:08 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-26 00:32 - 2012-11-26 00:32 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-26 00:32 - 2012-11-26 00:32 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-26 00:32 - 2012-11-26 00:32 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-26 00:31 - 2012-11-26 00:31 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-26 00:31 - 2012-11-26 00:31 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-26 00:31 - 2012-11-26 00:31 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-25 22:51 - 2011-04-12 07:30 - 00000000 ____D C:\$AVG
2012-11-25 22:50 - 2012-11-25 22:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TuneUp Software
2012-11-25 22:50 - 2012-11-25 22:47 - 00000000 ____D C:\Users\All Users\AVG2013
2012-11-25 22:44 - 2012-11-25 22:44 - 00000000 ____D C:\Users\Owner\AppData\Local\MFAData
2012-11-25 21:57 - 2012-11-25 21:57 - 00000898 ____A C:\AdwCleaner[S2].txt
2012-11-25 21:27 - 2012-11-25 22:07 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2012-11-25 21:25 - 2012-11-27 08:37 - 00480125 ____A C:\Users\Owner\Desktop\AdwCleaner.exe
2012-11-25 20:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-11-25 19:47 - 2012-11-25 20:13 - 00752128 ____A C:\Users\Owner\Desktop\RogueKiller.exe
2012-11-25 16:16 - 2010-12-25 08:31 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-11-25 13:04 - 2011-08-10 02:58 - 00000000 ____D C:\Users\Owner\Desktop\MT
2012-11-14 11:17 - 2012-11-14 11:16 - 00000000 ____D C:\Users\Owner\Desktop\Fuji camera
2012-11-14 10:39 - 2012-11-14 10:39 - 00002103 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2012-11-08 13:19 - 2012-08-30 11:50 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-11-06 09:02 - 2010-09-06 16:33 - 00000000 ____D C:\Users\Owner\Documents\MT
2012-11-04 17:07 - 2012-11-04 17:07 - 00000000 ____D C:\Users\Owner\Documents\Leawo
2012-11-04 16:23 - 2010-12-25 08:31 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Apple Computer
2012-11-04 16:22 - 2012-11-04 16:22 - 00000000 ____D C:\Users\Owner\AppData\Local\leawo
2012-11-04 13:24 - 2012-11-04 13:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\com.leawo.imediago
2012-11-03 21:00 - 2012-11-03 21:00 - 00000000 ____A C:\Windows\setuperr.log
2012-10-29 10:05 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-10-29 08:08 - 2012-10-29 07:51 - 00000000 ____D C:\Users\Owner\Desktop\usb
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-11-25 23:19:21
Restore point made on: 2012-11-26 00:01:18
Restore point made on: 2012-11-26 03:39:53
Restore point made on: 2012-11-26 04:20:12
Restore point made on: 2012-11-26 14:45:11
Restore point made on: 2012-11-26 14:46:41
Restore point made on: 2012-11-27 06:58:42
Restore point made on: 2012-11-27 08:49:40
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 3839.3 MB
Available physical RAM: 3238.64 MB
Total Pagefile: 3837.45 MB
Available Pagefile: 3244.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
==================== Partitions =============================
1 Drive c: (Gateway) (Fixed) (Total:596.17 GB) (Free:364.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:7.45 GB) (Free:1.51 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 7648 MB 0 B
Disk 2 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 596 GB 1024 KB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Gateway NTFS Partition 596 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7646 MB 1132 KB
==================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT32 Removable 7646 MB Healthy
=========================================================
Last Boot: 2012-11-24 21:26
==================== End Of Log =============================
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
