Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Wont Boot


  • This topic is locked This topic is locked
17 replies to this topic

#1 RadioDoug

RadioDoug

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 31 December 2011 - 12:36 PM

Farbar: I've followed the instructions you gave 8skin8, successfully thus far. Here's the report from running FSRT64. Now what should I do?

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.1
Ran by SYSTEM at 2011-12-31 11:29:34
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-08-31] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM\...\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe [314880 2009-09-16] (PixArt Imaging Incorporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163568 2010-11-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-07-12] ()
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2244608 2009-09-11] (VIA)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
HKLM-x32\...\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe [2078048 2011-10-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [149280 2010-03-05] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart [3325552 2011-08-01] (Babylon Ltd.)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2011-08-01] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I [362200 2011-09-05] (facemoods.com)
HKU\Owner\...\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\Owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-20] (Google Inc.)
HKU\Owner\...\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-06] (Google Inc.)
HKU\Owner\...\Run: [AppleManagerOnline] rundll32.exe "C:\ProgramData\AppleManagerOnline.dll",DllRegisterServer [x]
HKU\Owner\...\Run: [Wow6432Node Update] rundll32 "C:\Users\Owner\AppData\Local\Mozilla\MozillaUpdate\Mozillaup.DLL",DllRegisterServer [x]
HKU\Owner\...\Run: [Privacy Protection] C:\ProgramData\privacy.exe [817152 2011-11-24] (Cyberlink Corp.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.1.1
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll avgrssta.dll

==================== Services (Whitelisted) ======

2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
2 avg9emc; "C:\Program Files (x86)\AVG\AVG9\avgemc.exe" [921952 2010-07-20] (AVG Technologies CZ, s.r.o.)
2 avg9wd; "C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" [308136 2010-07-15] (AVG Technologies CZ, s.r.o.)
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306416 2010-11-11] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8251120 2010-11-11] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467696 2010-11-11] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
1 AvgLdx64; C:\Windows\System32\Drivers\avgldx64.sys [269904 2010-07-15] (AVG Technologies CZ, s.r.o.)
1 AvgMfx64; C:\Windows\System32\Drivers\avgmfx64.sys [35664 2011-09-12] (AVG Technologies CZ, s.r.o.)
1 AvgTdiA; C:\Windows\System32\Drivers\avgtdia.sys [317520 2011-05-05] (AVG Technologies CZ, s.r.o.)
3 GUCI_AVS; C:\Windows\System32\DRIVERS\GUCI_AVS.sys [692736 2009-10-28] (PixArt Imaging Incorporation)
3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15928 2009-06-18] (Windows ® Win 7 DDK provider)
3 tmlwf; [x]
3 tmwfp; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-12-31 11:29 - 2011-12-31 11:29 - 0000000 ____D C:\FRST
2011-12-26 19:33 - 2011-12-26 19:33 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2011-12-24 12:02 - 2011-12-24 12:02 - 0266124 ____A C:\Users\Owner\Documents\clip0054.avi
2011-12-24 12:01 - 2011-12-24 12:02 - 3157928 ____A C:\Users\Owner\Documents\clip0053.avi
2011-12-24 10:35 - 2011-12-24 10:35 - 0289930 ____A C:\Users\Owner\Documents\clip0052.avi
2011-12-24 10:34 - 2011-12-24 10:35 - 4128336 ____A C:\Users\Owner\Documents\clip0051.avi
2011-12-24 10:34 - 2011-12-24 10:34 - 0423426 ____A C:\Users\Owner\Documents\clip0050.avi
2011-12-24 10:32 - 2011-12-24 10:32 - 0712232 ____A C:\Users\Owner\Documents\clip0049.avi
2011-12-24 10:31 - 2011-12-24 10:32 - 10606886 ____A C:\Users\Owner\Documents\clip0048.avi
2011-12-24 10:31 - 2011-12-24 10:31 - 0152528 ____A C:\Users\Owner\Documents\clip0047.avi
2011-12-24 10:30 - 2011-12-24 10:30 - 0516710 ____A C:\Users\Owner\Documents\clip0046.avi
2011-12-24 10:30 - 2011-12-24 10:30 - 0297378 ____A C:\Users\Owner\Documents\clip0045.avi
2011-12-23 17:43 - 2011-12-23 17:43 - 0094888 ____A C:\Users\Owner\Documents\clip0044.avi
2011-12-23 17:37 - 2011-12-23 17:37 - 0545404 ____A C:\Users\Owner\Documents\clip0043.avi
2011-12-23 17:36 - 2011-12-23 17:36 - 0110662 ____A C:\Users\Owner\Documents\clip0041.avi
2011-12-23 17:36 - 2011-12-23 17:36 - 0093134 ____A C:\Users\Owner\Documents\clip0042.avi
2011-12-23 17:17 - 2011-12-23 17:17 - 2123370 ____A C:\Users\Owner\Documents\clip0040.avi
2011-12-23 15:26 - 2011-12-23 15:27 - 77400544 ____A C:\Users\Owner\Documents\clip0039.avi
2011-12-23 12:59 - 2011-12-23 12:59 - 1479542 ____A C:\Users\Owner\Documents\clip0034.avi
2011-12-23 12:55 - 2011-12-23 12:55 - 0000000 ____D C:\Users\Owner\AppData\Local\{4AD52629-ACB9-409F-96AA-5FD7A8700E69}
2011-12-23 12:54 - 2011-12-23 12:55 - 0000000 ____D C:\Users\Owner\AppData\Local\{41932D73-2EB0-45FE-BE8D-B0715F5E1C27}
2011-12-23 12:47 - 2011-12-23 12:48 - 5979400 ____A C:\Users\Owner\Documents\clip0030.avi
2011-12-23 12:44 - 2011-12-23 12:44 - 4391266 ____A C:\Users\Owner\Documents\clip0029.avi
2011-12-22 19:14 - 2011-12-22 19:55 - 0006163 ____A C:\Users\Owner\songList.txt
2011-12-22 19:14 - 2011-12-22 19:55 - 0000013 ____A C:\Users\Owner\rlvote.txt
2011-12-22 19:14 - 2011-12-22 19:24 - 0000000 ____D C:\RecklessPk
2011-12-20 19:57 - 2011-12-20 19:57 - 0015620 ____A C:\Users\Owner\Desktop\hs_err_pid6064.log
2011-12-17 14:46 - 2011-12-17 14:46 - 0015648 ____A C:\Users\Owner\Desktop\hs_err_pid5424.log
2011-12-16 18:39 - 2011-12-16 18:39 - 0015736 ____A C:\Users\Owner\Desktop\hs_err_pid4812.log

============ 3 Months Modified Files and Folders =============

2011-12-31 11:29 - 2011-12-31 11:29 - 0000000 ____D C:\FRST
2011-12-30 06:16 - 2010-03-05 12:38 - 0000000 ____D C:\users\Owner
2011-12-30 06:16 - 2010-01-22 10:54 - 0000000 ____D C:\Users\All Users\P4G
2011-12-30 06:16 - 2010-01-22 10:54 - 0000000 ____D C:\ProgramData\P4G
2011-12-30 06:16 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2011-12-30 06:16 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-12-30 06:16 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2011-12-30 06:16 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2011-12-30 06:16 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2011-12-30 06:16 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2011-12-30 06:16 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2011-12-30 06:16 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2011-12-30 06:15 - 2011-11-29 18:47 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2011-12-30 06:15 - 2011-11-07 19:21 - 0000000 ____D C:\Program Files (x86)\facemoods.com
2011-12-30 06:15 - 2011-11-07 19:13 - 0000000 ____D C:\Program Files (x86)\HyperCam 2
2011-12-30 06:15 - 2011-10-12 17:33 - 0000000 ____D C:\Data
2011-12-30 06:15 - 2011-09-21 17:16 - 0000000 ____D C:\Users\All Users\Tarma Installer
2011-12-30 06:15 - 2011-09-21 17:16 - 0000000 ____D C:\ProgramData\Tarma Installer
2011-12-30 06:15 - 2011-09-21 17:14 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2011-12-30 06:15 - 2011-09-21 17:14 - 0000000 ____D C:\ProgramData\Yahoo! Companion
2011-12-30 06:15 - 2011-06-16 09:56 - 0000000 ____D C:\Program Files (x86)\somototoolbar
2011-12-30 06:15 - 2011-05-29 21:38 - 0000000 ____D C:\Users\Owner\AppData\Local\BearShare
2011-12-30 06:15 - 2011-05-29 20:51 - 0000000 ___RD C:\Users\Owner\Podcasts
2011-12-30 06:15 - 2010-08-28 04:49 - 0000000 ____D C:\Windows\.jagex_cache_32
2011-12-30 06:15 - 2010-03-05 13:48 - 0000000 ____D C:\Windows\System32\Drivers\Avg
2011-12-30 06:15 - 2010-03-05 13:45 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-12-30 06:15 - 2010-01-22 10:45 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2011-12-30 06:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2011-12-30 06:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2011-12-30 06:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2011-12-30 06:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2011-12-30 06:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2011-12-30 06:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2011-12-30 06:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2011-12-30 06:15 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-12-30 06:15 - 2009-07-13 19:18 - 0000000 __SHD C:\$RECYCLE.BIN
2011-12-30 06:14 - 2011-11-29 16:02 - 0000000 ____D C:\Windows\ERDNT
2011-12-30 06:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2011-12-30 05:59 - 2010-03-05 12:38 - 0000000 ____D C:\Users\Owner\AppData\LocalLow
2011-12-30 05:59 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2011-12-30 05:57 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2011-12-30 05:56 - 2010-01-22 10:45 - 0000000 ____D C:\Intel
2011-12-30 05:56 - 2010-01-22 10:27 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2011-12-28 13:03 - 2011-10-29 11:08 - 0000040 ____A C:\Users\Owner\jagex_cl_runescape_LIVE.dat
2011-12-28 13:01 - 2011-11-16 17:04 - 0000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2011-12-28 12:54 - 2010-03-06 04:35 - 2388459520 __ASH C:\hiberfil.sys
2011-12-27 00:28 - 2011-11-29 18:48 - 0000000 ____D C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2011-12-27 00:28 - 2011-11-29 18:47 - 0000000 ____D C:\Users\All Users\!SASCORE
2011-12-27 00:28 - 2011-11-29 18:47 - 0000000 ____D C:\ProgramData\!SASCORE
2011-12-27 00:28 - 2011-11-29 16:01 - 0000000 ____D C:\Qoobox
2011-12-26 22:32 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2011-12-26 19:33 - 2011-12-26 19:33 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2011-12-24 12:02 - 2011-12-24 12:02 - 0266124 ____A C:\Users\Owner\Documents\clip0054.avi
2011-12-24 12:02 - 2011-12-24 12:01 - 3157928 ____A C:\Users\Owner\Documents\clip0053.avi
2011-12-24 10:35 - 2011-12-24 10:35 - 0289930 ____A C:\Users\Owner\Documents\clip0052.avi
2011-12-24 10:35 - 2011-12-24 10:34 - 4128336 ____A C:\Users\Owner\Documents\clip0051.avi
2011-12-24 10:34 - 2011-12-24 10:34 - 0423426 ____A C:\Users\Owner\Documents\clip0050.avi
2011-12-24 10:32 - 2011-12-24 10:32 - 0712232 ____A C:\Users\Owner\Documents\clip0049.avi
2011-12-24 10:32 - 2011-12-24 10:31 - 10606886 ____A C:\Users\Owner\Documents\clip0048.avi
2011-12-24 10:31 - 2011-12-24 10:31 - 0152528 ____A C:\Users\Owner\Documents\clip0047.avi
2011-12-24 10:30 - 2011-12-24 10:30 - 0516710 ____A C:\Users\Owner\Documents\clip0046.avi
2011-12-24 10:30 - 2011-12-24 10:30 - 0297378 ____A C:\Users\Owner\Documents\clip0045.avi
2011-12-23 17:43 - 2011-12-23 17:43 - 0094888 ____A C:\Users\Owner\Documents\clip0044.avi
2011-12-23 17:37 - 2011-12-23 17:37 - 0545404 ____A C:\Users\Owner\Documents\clip0043.avi
2011-12-23 17:36 - 2011-12-23 17:36 - 0110662 ____A C:\Users\Owner\Documents\clip0041.avi
2011-12-23 17:36 - 2011-12-23 17:36 - 0093134 ____A C:\Users\Owner\Documents\clip0042.avi
2011-12-23 17:17 - 2011-12-23 17:17 - 2123370 ____A C:\Users\Owner\Documents\clip0040.avi
2011-12-23 15:27 - 2011-12-23 15:26 - 77400544 ____A C:\Users\Owner\Documents\clip0039.avi
2011-12-23 12:59 - 2011-12-23 12:59 - 1479542 ____A C:\Users\Owner\Documents\clip0034.avi
2011-12-23 12:55 - 2011-12-23 12:55 - 0000000 ____D C:\Users\Owner\AppData\Local\{4AD52629-ACB9-409F-96AA-5FD7A8700E69}
2011-12-23 12:55 - 2011-12-23 12:54 - 0000000 ____D C:\Users\Owner\AppData\Local\{41932D73-2EB0-45FE-BE8D-B0715F5E1C27}
2011-12-23 12:48 - 2011-12-23 12:47 - 5979400 ____A C:\Users\Owner\Documents\clip0030.avi
2011-12-23 12:44 - 2011-12-23 12:44 - 4391266 ____A C:\Users\Owner\Documents\clip0029.avi
2011-12-22 19:55 - 2011-12-22 19:14 - 0006163 ____A C:\Users\Owner\songList.txt
2011-12-22 19:55 - 2011-12-22 19:14 - 0000013 ____A C:\Users\Owner\rlvote.txt
2011-12-22 19:24 - 2011-12-22 19:14 - 0000000 ____D C:\RecklessPk
2011-12-20 19:57 - 2011-12-20 19:57 - 0015620 ____A C:\Users\Owner\Desktop\hs_err_pid6064.log
2011-12-17 14:46 - 2011-12-17 14:46 - 0015648 ____A C:\Users\Owner\Desktop\hs_err_pid5424.log
2011-12-16 18:39 - 2011-12-16 18:39 - 0015736 ____A C:\Users\Owner\Desktop\hs_err_pid4812.log
2011-11-29 18:48 - 2011-11-29 18:48 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2011-11-29 18:48 - 2011-11-29 18:48 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2011-11-29 16:24 - 2011-11-29 16:24 - 0026570 ____A C:\ComboFix.txt
2011-11-29 15:52 - 2011-11-29 15:52 - 0000000 ____A C:\Users\Owner\AppData\Local\{13B08C96-A95C-4BCF-8E08-7ABEDA0603D1}
2011-11-28 17:20 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2011-11-28 17:20 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2011-11-28 16:33 - 2010-01-22 10:29 - 1942603 ____A C:\Windows\WindowsUpdate.log
2011-11-28 16:29 - 2011-01-20 10:01 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-11-28 16:28 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-11-28 16:28 - 2009-07-13 20:51 - 0101225 ____A C:\Windows\setupact.log
2011-11-28 16:24 - 2011-07-11 09:36 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153577237-2293766148-3167515859-1000UA.job
2011-11-28 16:24 - 2011-07-11 09:36 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153577237-2293766148-3167515859-1000Core.job
2011-11-28 16:24 - 2011-01-20 10:01 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-11-27 10:00 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-11-27 10:00 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-11-27 09:56 - 2011-11-27 09:56 - 0000000 ____A C:\Users\Owner\AppData\Local\{B53270BD-6B94-40A7-A08D-EC6F9FE77933}
2011-11-26 05:51 - 2011-08-05 19:44 - 0000000 ____D C:\Users\All Users\Babylon
2011-11-26 05:51 - 2011-08-05 19:44 - 0000000 ____D C:\ProgramData\Babylon
2011-11-25 16:04 - 2011-11-25 16:04 - 0000000 ____D C:\Users\Owner\AppData\Local\{8178C4B0-CBBB-4FD9-A237-02E41D7A76AA}
2011-11-25 16:04 - 2010-03-05 13:28 - 0000000 ____D C:\Users\Owner\Tracing
2011-11-25 15:58 - 2011-11-25 15:58 - 0000000 ____A C:\Users\Owner\AppData\Local\{80981151-A9B2-47A6-B7BB-2F2F527672D7}
2011-11-25 15:56 - 2011-11-25 15:56 - 0000000 ___AH C:\Users\Owner\AppData\Local\BITF132.tmp
2011-11-25 15:56 - 2011-11-25 15:56 - 0000000 ____A C:\Users\Owner\AppData\Local\{2E5E2A40-1389-4FAC-B33A-5BEA4D101C66}
2011-11-24 19:42 - 2010-01-22 10:54 - 0002044 ____A C:\Windows\System32\AutoRunFilter.ini
2011-11-24 19:39 - 2011-11-24 19:39 - 0817152 ____A (Cyberlink Corp.) C:\Users\All Users\privacy.exe
2011-11-24 19:39 - 2011-11-24 19:39 - 0817152 ____A (Cyberlink Corp.) C:\ProgramData\privacy.exe
2011-11-24 19:39 - 2011-11-24 19:39 - 0000630 ____A C:\Users\Public\Desktop\Privacy Protection.lnk
2011-11-24 17:17 - 2011-11-24 17:09 - 0000000 ____D C:\Users\Owner\AppData\Local\{5781C297-9CA9-4952-A52A-3B11E73FE365}
2011-11-24 17:12 - 2009-07-13 21:13 - 0732638 ____A C:\Windows\System32\PerfStringBackup.INI
2011-11-24 17:10 - 2011-11-24 17:10 - 0000000 ____D C:\Users\Owner\AppData\Local\{58B54D05-A4A8-4367-8AE7-0FCC65CB40A9}
2011-11-24 17:10 - 2011-11-24 17:09 - 0000000 ____D C:\Users\Owner\AppData\Local\{4875B2AE-FAF1-4A05-B474-770F6081BAD4}
2011-11-23 15:01 - 2011-02-09 15:11 - 0000502 ___AH C:\Windows\Tasks\Norton Security Scan for Owner.job
2011-11-23 11:52 - 2011-11-23 11:52 - 0000000 ____D C:\Users\Owner\AppData\Local\{D3DAA2E1-FC62-4ACF-9B36-FF076B3104C2}
2011-11-23 11:52 - 2011-11-23 11:52 - 0000000 ____D C:\Users\Owner\AppData\Local\{57C6984E-959C-4C4F-A187-7290E6B63167}
2011-11-22 15:33 - 2011-11-22 15:33 - 0000000 ____D C:\Users\Owner\AppData\Local\{5B87341D-BE3C-4A78-A458-353A801AFC58}
2011-11-22 15:33 - 2011-11-22 15:33 - 0000000 ____D C:\Users\Owner\AppData\Local\{12E3A542-1222-44A5-8D4C-9589C9A14C8F}
2011-11-21 14:40 - 2011-11-21 14:40 - 0000000 ____D C:\Users\Owner\AppData\Local\{632E4357-EDE5-4E16-A9D7-B91F0EF77EC7}
2011-11-20 14:08 - 2011-10-12 17:33 - 0000000 ____D C:\e
2011-11-20 08:42 - 2011-11-20 08:42 - 0000000 ____D C:\Users\Owner\AppData\Local\{001DA7B5-0617-4C15-901C-4470DAEAC7F0}
2011-11-20 08:41 - 2011-11-20 08:41 - 0000000 ____D C:\Users\Owner\AppData\Local\{5A8CD9D9-68D2-4EFC-B261-5C60B10AE7D9}
2011-11-19 18:33 - 2011-11-19 18:32 - 0000000 ____D C:\Users\Owner\AppData\Local\{F9F1ABD7-BEFF-4C96-A424-E4F72B8EB873}
2011-11-19 18:32 - 2011-11-19 18:32 - 0000000 ____D C:\Users\Owner\AppData\Local\{92BFF084-14D2-4D85-819B-0DCED01F26A1}
2011-11-19 18:22 - 2011-11-19 18:22 - 0000000 ____D C:\Users\Owner\AppData\Local\{087D72E4-6368-4745-97CF-CC8F4C085322}
2011-11-19 18:22 - 2011-11-19 06:18 - 0000000 ____D C:\Users\Owner\AppData\Local\{853E8933-D172-4346-8645-1D7D1A1E7D37}
2011-11-19 07:18 - 2011-11-19 18:23 - 0125952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srrstr.dll
2011-11-19 07:18 - 2010-03-05 13:45 - 0000000 ____D C:\Users\Owner\AppData\Local\Mozilla
2011-11-19 06:18 - 2011-11-19 06:18 - 0000000 ____D C:\Users\Owner\AppData\Local\{1FB5F73A-A1F0-4CF1-8C31-D06351EE30CA}
2011-11-18 14:27 - 2011-11-18 14:27 - 0000000 ____D C:\Users\Owner\AppData\Local\{FFBC5569-8D80-4470-ABD3-17B972AAE1FA}
2011-11-18 14:27 - 2011-11-18 14:27 - 0000000 ____D C:\Users\Owner\AppData\Local\{EC60FBF3-5E7E-4C45-8500-2601CCE5726D}
2011-11-17 18:46 - 2011-11-17 18:46 - 0000000 ____D C:\Users\Owner\AppData\Local\{47AC2063-138C-4000-86C8-026A63838FE3}
2011-11-17 18:46 - 2011-11-17 18:45 - 0000000 ____D C:\Users\Owner\AppData\Local\{3B6086D2-E5D7-4D06-A2DC-1721884D2C47}
2011-11-16 17:41 - 2011-11-16 17:41 - 0000000 ____D C:\Users\Owner\AppData\Local\{AAD13C44-ED55-4F52-AEA9-4D45F03C7EE6}
2011-11-16 17:41 - 2011-11-16 17:41 - 0000000 ____D C:\Users\Owner\AppData\Local\{3587BCF8-9702-4795-8F7C-60B550CBBB91}
2011-11-16 17:40 - 2011-11-16 17:40 - 0000000 ____D C:\Users\Owner\AppData\Local\{7DFB31B6-CE79-4441-9ED2-1082BDBBB43F}
2011-11-16 17:33 - 2011-11-16 17:33 - 0000000 ____D C:\Windows\en
2011-11-16 17:33 - 2010-01-22 10:39 - 0000000 ____D C:\Program Files (x86)\Windows Live
2011-11-16 17:14 - 2010-01-22 10:41 - 0000000 ____D C:\Program Files\Windows Live
2011-11-16 17:09 - 2010-01-22 10:40 - 0063530 ____A C:\Windows\DirectX.log
2011-11-12 12:55 - 2010-04-09 18:42 - 0000129 ____A C:\Users\Owner\jagex_runescape_preferences2.dat
2011-11-12 12:53 - 2011-11-12 12:53 - 0000045 ____A C:\Users\Owner\jagex_cl_runescape_LIVE1.dat
2011-11-12 12:53 - 2011-11-12 12:53 - 0000000 ____D C:\Users\Owner\jagexcache1
2011-11-12 12:53 - 2010-04-09 18:41 - 0000046 ____A C:\Users\Owner\jagex_runescape_preferences.dat
2011-11-09 18:38 - 2009-07-13 20:45 - 0358664 ____A C:\Windows\System32\FNTCACHE.DAT
2011-11-09 17:54 - 2010-03-05 13:37 - 52174280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-11-07 19:14 - 2011-11-07 19:14 - 0000000 ____D C:\Users\All Users\SweetIM
2011-11-07 19:14 - 2011-11-07 19:14 - 0000000 ____D C:\ProgramData\SweetIM
2011-11-07 19:14 - 2011-11-07 19:14 - 0000000 ____D C:\Program Files (x86)\SweetIM
2011-11-07 19:14 - 2011-11-07 19:14 - 0000000 ____D C:\Program Files (x86)\Hyperionics DB Toolbar
2011-11-06 11:37 - 2011-11-06 11:37 - 0015256 ____A C:\Users\Owner\Desktop\hs_err_pid3428.log
2011-11-05 08:27 - 2011-11-05 08:17 - 0000000 ____D C:\runeinsanityv6
2011-11-04 17:58 - 2011-11-04 17:58 - 0015561 ____A C:\Users\Owner\Desktop\hs_err_pid5500.log
2011-11-02 18:08 - 2011-11-02 18:08 - 0015167 ____A C:\Users\Owner\Desktop\hs_err_pid5808.log
2011-10-31 14:41 - 2011-10-31 14:41 - 0000000 ____D C:\$AVG
2011-10-30 16:38 - 2011-10-30 16:38 - 0015294 ____A C:\Users\Owner\Desktop\hs_err_pid664.log
2011-10-29 11:20 - 2011-10-29 11:20 - 0016493 ____A C:\Users\Owner\Desktop\hs_err_pid4084.log
2011-10-25 17:59 - 2009-07-13 21:08 - 0032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-10-24 17:01 - 2011-10-24 17:01 - 0000000 ___AH C:\Users\Owner\Desktop\pavlaojagb.tmp
2011-10-24 14:41 - 2010-12-13 15:46 - 0000000 ____D C:\Users\Owner\AppData\Local\Apple
2011-10-23 17:51 - 2011-07-22 17:19 - 0000000 ____D C:\Users\Owner\YanilleScape2
2011-10-12 17:57 - 2011-10-12 17:57 - 0000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2011-10-12 17:47 - 2010-01-22 10:42 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-10-12 17:33 - 2011-10-12 17:33 - 0001406 ____A C:\cayas2.ico
2011-10-12 17:33 - 2011-10-12 17:33 - 0000380 ____A C:\edu.bmp
2011-10-12 17:33 - 2011-10-12 17:33 - 0000304 ____A C:\dir.bmp
2011-10-12 17:33 - 2011-10-12 17:33 - 0000284 ____A C:\srch_map_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000279 ____A C:\hj_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000277 ____A C:\mov_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000274 ____A C:\trav_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000273 ____A C:\srch_stk_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000268 ____A C:\ab_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000265 ____A C:\srch_ans_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000240 ____A C:\srch_site_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000235 ____A C:\srch_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000138 ____A C:\flk2.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000131 ____A C:\srch_loc_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000123 ____A C:\srch_sh_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000121 ____A C:\srch_nws_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000113 ____A C:\srch_aud_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000112 ____A C:\srch_vid_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000112 ____A C:\srch_img_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000103 ____A C:\del_1.gif
2011-10-09 16:43 - 2011-10-09 16:43 - 0000000 ____D C:\rsps_hybridpvp_v3
2011-10-09 07:42 - 2011-10-09 07:39 - 0000000 ____D C:\.rune-legacy_v11

========================= Known DLLs (Whitelisted) ============

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:44 AM

Posted 06 January 2012 - 11:52 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 RadioDoug

RadioDoug
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 06 January 2012 - 07:58 PM

Thanks for the reply. My other pc is a Windows 7 ASUS pc. I believe it is a 64 bit machine as it had to run a different version of flash.
I bought the laptop from a local shop (which is now out of business) It did not come with any discs.

The problem is in the booting of the pc. In regular mode it will for a few seconds act like it's going to boot and then when the screen starts to turn to the windows sky boot screen, it freezes, with just a couple of lines at the top of the screen changed from the previous black screen to the blue screen.

When trying to boot in safe mode, the first few lines of code show before it locks up. A screen shot of attempting to boot in safe mode is attached.

#4 RadioDoug

RadioDoug
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 06 January 2012 - 08:10 PM

I've downloaded OTL and attempted to run it. Since it won't boot windows, I attempted to run it thru the command prompt of system recovery options; however it comes up with a message: "the subsystem needed to support the image type is not present". Is there another version I can download and run from the c prompt?

Thanks,
Doug

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:44 AM

Posted 06 January 2012 - 11:20 PM

Hi,

please try FRST:
You need to download and run the FRST64 version:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
If that doens't work we will try making a bootable flash drive form which to access your laptop.

Your laptop also likely contains a recovery partition which allows you to reset the PC to factory settings should we not get the PC fixed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 RadioDoug

RadioDoug
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 07 January 2012 - 09:57 AM

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.1
Ran by SYSTEM at 2012-01-07 08:55:08
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-08-31] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM\...\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe [314880 2009-09-16] (PixArt Imaging Incorporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163568 2010-11-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-07-12] ()
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2244608 2009-09-11] (VIA)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe [2078048 2011-10-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [149280 2010-03-05] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart [3325552 2011-08-01] (Babylon Ltd.)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2011-08-01] (SweetIM Technologies Ltd.)
HKU\Owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-20] (Google Inc.)
HKU\Owner\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2988784 2010-11-22] (SUPERAntiSpyware.com)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.1.1
AppInit_DLLs: C:\Windows\System32\avgrssta.dll

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [128752 2010-06-29] (SUPERAntiSpyware.com)
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
2 avg9emc; "C:\Program Files (x86)\AVG\AVG9\avgemc.exe" [921952 2010-07-20] (AVG Technologies CZ, s.r.o.)
2 avg9wd; "C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" [308136 2010-07-15] (AVG Technologies CZ, s.r.o.)
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306416 2010-11-11] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8251120 2010-11-11] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467696 2010-11-11] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
1 AvgLdx64; C:\Windows\System32\Drivers\avgldx64.sys [269904 2010-07-15] (AVG Technologies CZ, s.r.o.)
1 AvgMfx64; C:\Windows\System32\Drivers\avgmfx64.sys [35664 2011-09-12] (AVG Technologies CZ, s.r.o.)
1 AvgTdiA; C:\Windows\System32\Drivers\avgtdia.sys [317520 2011-05-05] (AVG Technologies CZ, s.r.o.)
3 GUCI_AVS; C:\Windows\System32\DRIVERS\GUCI_AVS.sys [692736 2009-10-28] (PixArt Imaging Incorporation)
3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15928 2009-06-18] (Windows ® Win 7 DDK provider)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 tmlwf; [x]
3 tmwfp; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-12-31 11:29 - 2012-01-07 08:55 - 0000000 ____D C:\FRST
2011-12-26 19:33 - 2012-01-05 20:14 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2011-12-26 18:55 - 2012-01-05 21:02 - 0000000 ____D C:\Windows\Minidump
2011-12-24 12:02 - 2011-12-24 12:02 - 0266124 ____A C:\Users\Owner\Documents\clip0054.avi
2011-12-24 12:01 - 2011-12-24 12:02 - 3157928 ____A C:\Users\Owner\Documents\clip0053.avi
2011-12-24 10:35 - 2011-12-24 10:35 - 0289930 ____A C:\Users\Owner\Documents\clip0052.avi
2011-12-24 10:34 - 2011-12-24 10:35 - 4128336 ____A C:\Users\Owner\Documents\clip0051.avi
2011-12-24 10:34 - 2011-12-24 10:34 - 0423426 ____A C:\Users\Owner\Documents\clip0050.avi
2011-12-24 10:32 - 2011-12-24 10:32 - 0712232 ____A C:\Users\Owner\Documents\clip0049.avi
2011-12-24 10:31 - 2011-12-24 10:32 - 10606886 ____A C:\Users\Owner\Documents\clip0048.avi
2011-12-24 10:31 - 2011-12-24 10:31 - 0152528 ____A C:\Users\Owner\Documents\clip0047.avi
2011-12-24 10:30 - 2011-12-24 10:30 - 0516710 ____A C:\Users\Owner\Documents\clip0046.avi
2011-12-24 10:30 - 2011-12-24 10:30 - 0297378 ____A C:\Users\Owner\Documents\clip0045.avi
2011-12-23 17:43 - 2011-12-23 17:43 - 0094888 ____A C:\Users\Owner\Documents\clip0044.avi
2011-12-23 17:37 - 2011-12-23 17:37 - 0545404 ____A C:\Users\Owner\Documents\clip0043.avi
2011-12-23 17:36 - 2011-12-23 17:36 - 0110662 ____A C:\Users\Owner\Documents\clip0041.avi
2011-12-23 17:36 - 2011-12-23 17:36 - 0093134 ____A C:\Users\Owner\Documents\clip0042.avi
2011-12-23 17:17 - 2011-12-23 17:17 - 2123370 ____A C:\Users\Owner\Documents\clip0040.avi
2011-12-23 15:26 - 2011-12-23 15:27 - 77400544 ____A C:\Users\Owner\Documents\clip0039.avi
2011-12-23 12:59 - 2011-12-23 12:59 - 1479542 ____A C:\Users\Owner\Documents\clip0034.avi
2011-12-23 12:55 - 2011-12-23 12:55 - 0000000 ____D C:\Users\Owner\AppData\Local\{4AD52629-ACB9-409F-96AA-5FD7A8700E69}
2011-12-23 12:54 - 2011-12-23 12:55 - 0000000 ____D C:\Users\Owner\AppData\Local\{41932D73-2EB0-45FE-BE8D-B0715F5E1C27}
2011-12-23 12:47 - 2011-12-23 12:48 - 5979400 ____A C:\Users\Owner\Documents\clip0030.avi
2011-12-23 12:44 - 2011-12-23 12:44 - 4391266 ____A C:\Users\Owner\Documents\clip0029.avi
2011-12-22 19:14 - 2011-12-22 19:55 - 0006163 ____A C:\Users\Owner\songList.txt
2011-12-22 19:14 - 2011-12-22 19:55 - 0000013 ____A C:\Users\Owner\rlvote.txt
2011-12-22 19:14 - 2011-12-22 19:24 - 0000000 ____D C:\RecklessPk
2011-12-20 19:57 - 2011-12-20 19:57 - 0015620 ____A C:\Users\Owner\Desktop\hs_err_pid6064.log
2011-12-17 14:46 - 2011-12-17 14:46 - 0015648 ____A C:\Users\Owner\Desktop\hs_err_pid5424.log
2011-12-16 18:39 - 2011-12-16 18:39 - 0015736 ____A C:\Users\Owner\Desktop\hs_err_pid4812.log

============ 3 Months Modified Files and Folders =============

2012-01-07 08:55 - 2011-12-31 11:29 - 0000000 ____D C:\FRST
2012-01-05 21:58 - 2010-03-05 12:38 - 0000000 ____D C:\users\Owner
2012-01-05 21:58 - 2010-01-22 10:54 - 0000000 ____D C:\Users\All Users\P4G
2012-01-05 21:58 - 2010-01-22 10:54 - 0000000 ____D C:\ProgramData\P4G
2012-01-05 21:58 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-01-05 21:58 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-01-05 21:58 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2012-01-05 21:58 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-01-05 21:58 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-01-05 21:58 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-01-05 21:58 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-01-05 21:58 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-01-05 21:58 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-01-05 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-01-05 21:57 - 2011-11-29 16:02 - 0000000 ____D C:\Windows\ERDNT
2012-01-05 21:57 - 2010-03-05 13:48 - 0000000 ____D C:\Windows\System32\Drivers\Avg
2012-01-05 21:56 - 2011-11-29 18:47 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-01-05 21:56 - 2011-11-28 16:33 - 0000000 ____D C:\0648f96b4338c2a7bc7c34481dc34f
2012-01-05 21:56 - 2011-11-07 19:13 - 0000000 ____D C:\Program Files (x86)\HyperCam 2
2012-01-05 21:56 - 2011-09-21 17:14 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2012-01-05 21:56 - 2011-09-21 17:14 - 0000000 ____D C:\ProgramData\Yahoo! Companion
2012-01-05 21:56 - 2011-05-29 20:51 - 0000000 ___RD C:\Users\Owner\Podcasts
2012-01-05 21:56 - 2010-03-05 13:45 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-01-05 21:55 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-01-05 21:47 - 2010-01-22 10:45 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-01-05 21:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-01-05 21:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-01-05 21:46 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-01-05 21:46 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2012-01-05 21:46 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-01-05 21:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2012-01-05 21:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-01-05 21:38 - 2011-11-29 18:48 - 0000000 ____D C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-01-05 21:38 - 2011-11-29 18:47 - 0000000 ____D C:\Users\All Users\!SASCORE
2012-01-05 21:38 - 2011-11-29 18:47 - 0000000 ____D C:\ProgramData\!SASCORE
2012-01-05 21:38 - 2011-11-29 16:01 - 0000000 ____D C:\Qoobox
2012-01-05 21:38 - 2010-08-28 04:49 - 0000000 ____D C:\Windows\.jagex_cache_32
2012-01-05 21:38 - 2010-03-05 12:38 - 0000000 ____D C:\Users\Owner\AppData\LocalLow
2012-01-05 21:38 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-01-05 21:38 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-01-05 21:38 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-01-05 21:37 - 2011-11-29 16:14 - 0000000 ____D C:\$RECYCLE.BIN
2012-01-05 21:37 - 2010-01-22 10:45 - 0000000 ____D C:\Intel
2012-01-05 21:37 - 2010-01-22 10:27 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-01-05 21:02 - 2011-12-26 18:55 - 0000000 ____D C:\Windows\Minidump
2012-01-05 21:02 - 2011-05-29 21:38 - 0000000 ____D C:\Users\Owner\AppData\Local\BearShare
2012-01-05 20:14 - 2011-12-26 19:33 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2011-12-28 13:03 - 2011-10-29 11:08 - 0000040 ____A C:\Users\Owner\jagex_cl_runescape_LIVE.dat
2011-12-28 13:01 - 2011-11-16 17:04 - 0000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2011-12-28 12:54 - 2010-03-06 04:35 - 2388459520 __ASH C:\hiberfil.sys
2011-12-26 22:32 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2011-12-24 12:02 - 2011-12-24 12:02 - 0266124 ____A C:\Users\Owner\Documents\clip0054.avi
2011-12-24 12:02 - 2011-12-24 12:01 - 3157928 ____A C:\Users\Owner\Documents\clip0053.avi
2011-12-24 10:35 - 2011-12-24 10:35 - 0289930 ____A C:\Users\Owner\Documents\clip0052.avi
2011-12-24 10:35 - 2011-12-24 10:34 - 4128336 ____A C:\Users\Owner\Documents\clip0051.avi
2011-12-24 10:34 - 2011-12-24 10:34 - 0423426 ____A C:\Users\Owner\Documents\clip0050.avi
2011-12-24 10:32 - 2011-12-24 10:32 - 0712232 ____A C:\Users\Owner\Documents\clip0049.avi
2011-12-24 10:32 - 2011-12-24 10:31 - 10606886 ____A C:\Users\Owner\Documents\clip0048.avi
2011-12-24 10:31 - 2011-12-24 10:31 - 0152528 ____A C:\Users\Owner\Documents\clip0047.avi
2011-12-24 10:30 - 2011-12-24 10:30 - 0516710 ____A C:\Users\Owner\Documents\clip0046.avi
2011-12-24 10:30 - 2011-12-24 10:30 - 0297378 ____A C:\Users\Owner\Documents\clip0045.avi
2011-12-23 17:43 - 2011-12-23 17:43 - 0094888 ____A C:\Users\Owner\Documents\clip0044.avi
2011-12-23 17:37 - 2011-12-23 17:37 - 0545404 ____A C:\Users\Owner\Documents\clip0043.avi
2011-12-23 17:36 - 2011-12-23 17:36 - 0110662 ____A C:\Users\Owner\Documents\clip0041.avi
2011-12-23 17:36 - 2011-12-23 17:36 - 0093134 ____A C:\Users\Owner\Documents\clip0042.avi
2011-12-23 17:17 - 2011-12-23 17:17 - 2123370 ____A C:\Users\Owner\Documents\clip0040.avi
2011-12-23 15:27 - 2011-12-23 15:26 - 77400544 ____A C:\Users\Owner\Documents\clip0039.avi
2011-12-23 12:59 - 2011-12-23 12:59 - 1479542 ____A C:\Users\Owner\Documents\clip0034.avi
2011-12-23 12:55 - 2011-12-23 12:55 - 0000000 ____D C:\Users\Owner\AppData\Local\{4AD52629-ACB9-409F-96AA-5FD7A8700E69}
2011-12-23 12:55 - 2011-12-23 12:54 - 0000000 ____D C:\Users\Owner\AppData\Local\{41932D73-2EB0-45FE-BE8D-B0715F5E1C27}
2011-12-23 12:48 - 2011-12-23 12:47 - 5979400 ____A C:\Users\Owner\Documents\clip0030.avi
2011-12-23 12:44 - 2011-12-23 12:44 - 4391266 ____A C:\Users\Owner\Documents\clip0029.avi
2011-12-22 19:55 - 2011-12-22 19:14 - 0006163 ____A C:\Users\Owner\songList.txt
2011-12-22 19:55 - 2011-12-22 19:14 - 0000013 ____A C:\Users\Owner\rlvote.txt
2011-12-22 19:24 - 2011-12-22 19:14 - 0000000 ____D C:\RecklessPk
2011-12-20 19:57 - 2011-12-20 19:57 - 0015620 ____A C:\Users\Owner\Desktop\hs_err_pid6064.log
2011-12-17 14:46 - 2011-12-17 14:46 - 0015648 ____A C:\Users\Owner\Desktop\hs_err_pid5424.log
2011-12-16 18:39 - 2011-12-16 18:39 - 0015736 ____A C:\Users\Owner\Desktop\hs_err_pid4812.log
2011-11-30 03:53 - 2011-08-05 19:44 - 0000000 ____D C:\Users\All Users\Babylon
2011-11-30 03:53 - 2011-08-05 19:44 - 0000000 ____D C:\ProgramData\Babylon
2011-11-30 03:53 - 2011-07-11 09:36 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153577237-2293766148-3167515859-1000UA.job
2011-11-30 03:53 - 2010-01-22 10:29 - 1561910 ____A C:\Windows\WindowsUpdate.log
2011-11-30 03:52 - 2011-01-20 10:01 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-11-29 18:58 - 2011-07-11 09:36 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153577237-2293766148-3167515859-1000Core.job
2011-11-29 18:48 - 2011-11-29 18:48 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2011-11-29 18:48 - 2011-11-29 18:48 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2011-11-29 18:47 - 2011-11-29 18:47 - 0001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2011-11-29 16:26 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-11-29 16:26 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-11-29 16:24 - 2011-11-29 16:24 - 0026570 ____A C:\ComboFix.txt
2011-11-29 16:22 - 2009-07-13 21:13 - 0732638 ____A C:\Windows\System32\PerfStringBackup.INI
2011-11-29 16:14 - 2011-01-20 10:01 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-11-29 16:14 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2011-11-29 16:14 - 2009-07-13 18:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2011-11-29 16:13 - 2010-03-05 12:55 - 0041606 ____A C:\Windows\PFRO.log
2011-11-29 16:13 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-11-29 16:13 - 2009-07-13 20:51 - 0102299 ____A C:\Windows\setupact.log
2011-11-29 16:12 - 2011-02-10 16:58 - 0352962 ____A C:\Windows\ntbtlog.txt
2011-11-29 16:11 - 2011-06-16 09:56 - 0000000 ____D C:\Program Files (x86)\somototoolbar
2011-11-29 15:52 - 2011-11-29 15:52 - 0000000 ____A C:\Users\Owner\AppData\Local\{13B08C96-A95C-4BCF-8E08-7ABEDA0603D1}
2011-11-28 17:26 - 2010-03-05 12:40 - 0000174 __ASH C:\Users\Owner\Start Menu\Programs\Startup\desktop.ini
2011-11-28 17:26 - 2010-03-05 12:40 - 0000174 __ASH C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-11-28 17:23 - 2009-07-13 20:45 - 0358664 ____A C:\Windows\System32\FNTCACHE.DAT
2011-11-28 16:49 - 2011-11-28 16:49 - 0000919 ____A C:\Windows\IE9_main.log
2011-11-28 16:47 - 2009-07-13 18:36 - 0175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2011-11-28 16:47 - 2009-07-13 18:36 - 0152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2011-11-27 09:56 - 2011-11-27 09:56 - 0000000 ____A C:\Users\Owner\AppData\Local\{B53270BD-6B94-40A7-A08D-EC6F9FE77933}
2011-11-25 16:04 - 2011-11-25 16:04 - 0000000 ____D C:\Users\Owner\AppData\Local\{8178C4B0-CBBB-4FD9-A237-02E41D7A76AA}
2011-11-25 16:04 - 2010-03-05 13:28 - 0000000 ____D C:\Users\Owner\Tracing
2011-11-25 15:58 - 2011-11-25 15:58 - 0000000 ____A C:\Users\Owner\AppData\Local\{80981151-A9B2-47A6-B7BB-2F2F527672D7}
2011-11-25 15:56 - 2011-11-25 15:56 - 0000000 ___AH C:\Users\Owner\AppData\Local\BITF132.tmp
2011-11-25 15:56 - 2011-11-25 15:56 - 0000000 ____A C:\Users\Owner\AppData\Local\{2E5E2A40-1389-4FAC-B33A-5BEA4D101C66}
2011-11-24 19:42 - 2010-01-22 10:54 - 0002044 ____A C:\Windows\System32\AutoRunFilter.ini
2011-11-24 17:17 - 2011-11-24 17:09 - 0000000 ____D C:\Users\Owner\AppData\Local\{5781C297-9CA9-4952-A52A-3B11E73FE365}
2011-11-24 17:10 - 2011-11-24 17:10 - 0000000 ____D C:\Users\Owner\AppData\Local\{58B54D05-A4A8-4367-8AE7-0FCC65CB40A9}
2011-11-24 17:10 - 2011-11-24 17:09 - 0000000 ____D C:\Users\Owner\AppData\Local\{4875B2AE-FAF1-4A05-B474-770F6081BAD4}
2011-11-23 15:01 - 2011-02-09 15:11 - 0000502 ___AH C:\Windows\Tasks\Norton Security Scan for Owner.job
2011-11-23 11:52 - 2011-11-23 11:52 - 0000000 ____D C:\Users\Owner\AppData\Local\{D3DAA2E1-FC62-4ACF-9B36-FF076B3104C2}
2011-11-23 11:52 - 2011-11-23 11:52 - 0000000 ____D C:\Users\Owner\AppData\Local\{57C6984E-959C-4C4F-A187-7290E6B63167}
2011-11-22 15:33 - 2011-11-22 15:33 - 0000000 ____D C:\Users\Owner\AppData\Local\{5B87341D-BE3C-4A78-A458-353A801AFC58}
2011-11-22 15:33 - 2011-11-22 15:33 - 0000000 ____D C:\Users\Owner\AppData\Local\{12E3A542-1222-44A5-8D4C-9589C9A14C8F}
2011-11-21 14:40 - 2011-11-21 14:40 - 0000000 ____D C:\Users\Owner\AppData\Local\{632E4357-EDE5-4E16-A9D7-B91F0EF77EC7}
2011-11-20 14:08 - 2011-10-12 17:33 - 0000000 ____D C:\e
2011-11-20 08:42 - 2011-11-20 08:42 - 0000000 ____D C:\Users\Owner\AppData\Local\{001DA7B5-0617-4C15-901C-4470DAEAC7F0}
2011-11-20 08:41 - 2011-11-20 08:41 - 0000000 ____D C:\Users\Owner\AppData\Local\{5A8CD9D9-68D2-4EFC-B261-5C60B10AE7D9}
2011-11-19 18:33 - 2011-11-19 18:32 - 0000000 ____D C:\Users\Owner\AppData\Local\{F9F1ABD7-BEFF-4C96-A424-E4F72B8EB873}
2011-11-19 18:32 - 2011-11-19 18:32 - 0000000 ____D C:\Users\Owner\AppData\Local\{92BFF084-14D2-4D85-819B-0DCED01F26A1}
2011-11-19 18:22 - 2011-11-19 18:22 - 0000000 ____D C:\Users\Owner\AppData\Local\{087D72E4-6368-4745-97CF-CC8F4C085322}
2011-11-19 18:22 - 2011-11-19 06:18 - 0000000 ____D C:\Users\Owner\AppData\Local\{853E8933-D172-4346-8645-1D7D1A1E7D37}
2011-11-19 07:18 - 2011-11-19 18:23 - 0125952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srrstr.dll
2011-11-19 07:18 - 2010-03-05 13:45 - 0000000 ____D C:\Users\Owner\AppData\Local\Mozilla
2011-11-19 06:18 - 2011-11-19 06:18 - 0000000 ____D C:\Users\Owner\AppData\Local\{1FB5F73A-A1F0-4CF1-8C31-D06351EE30CA}
2011-11-18 14:27 - 2011-11-18 14:27 - 0000000 ____D C:\Users\Owner\AppData\Local\{FFBC5569-8D80-4470-ABD3-17B972AAE1FA}
2011-11-18 14:27 - 2011-11-18 14:27 - 0000000 ____D C:\Users\Owner\AppData\Local\{EC60FBF3-5E7E-4C45-8500-2601CCE5726D}
2011-11-17 18:46 - 2011-11-17 18:46 - 0000000 ____D C:\Users\Owner\AppData\Local\{47AC2063-138C-4000-86C8-026A63838FE3}
2011-11-17 18:46 - 2011-11-17 18:45 - 0000000 ____D C:\Users\Owner\AppData\Local\{3B6086D2-E5D7-4D06-A2DC-1721884D2C47}
2011-11-16 17:41 - 2011-11-16 17:41 - 0000000 ____D C:\Users\Owner\AppData\Local\{AAD13C44-ED55-4F52-AEA9-4D45F03C7EE6}
2011-11-16 17:41 - 2011-11-16 17:41 - 0000000 ____D C:\Users\Owner\AppData\Local\{3587BCF8-9702-4795-8F7C-60B550CBBB91}
2011-11-16 17:40 - 2011-11-16 17:40 - 0000000 ____D C:\Users\Owner\AppData\Local\{7DFB31B6-CE79-4441-9ED2-1082BDBBB43F}
2011-11-16 17:33 - 2011-11-16 17:33 - 0000000 ____D C:\Windows\en
2011-11-16 17:33 - 2010-01-22 10:39 - 0000000 ____D C:\Program Files (x86)\Windows Live
2011-11-16 17:14 - 2010-01-22 10:41 - 0000000 ____D C:\Program Files\Windows Live
2011-11-16 17:09 - 2010-01-22 10:40 - 0063530 ____A C:\Windows\DirectX.log
2011-11-12 12:55 - 2010-04-09 18:42 - 0000129 ____A C:\Users\Owner\jagex_runescape_preferences2.dat
2011-11-12 12:53 - 2011-11-12 12:53 - 0000045 ____A C:\Users\Owner\jagex_cl_runescape_LIVE1.dat
2011-11-12 12:53 - 2011-11-12 12:53 - 0000000 ____D C:\Users\Owner\jagexcache1
2011-11-12 12:53 - 2010-04-09 18:41 - 0000046 ____A C:\Users\Owner\jagex_runescape_preferences.dat
2011-11-09 17:54 - 2010-03-05 13:37 - 52174280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-11-07 19:14 - 2011-11-07 19:14 - 0000000 ____D C:\Users\All Users\SweetIM
2011-11-07 19:14 - 2011-11-07 19:14 - 0000000 ____D C:\ProgramData\SweetIM
2011-11-07 19:14 - 2011-11-07 19:14 - 0000000 ____D C:\Program Files (x86)\SweetIM
2011-11-07 19:14 - 2011-11-07 19:14 - 0000000 ____D C:\Program Files (x86)\Hyperionics DB Toolbar
2011-11-06 11:37 - 2011-11-06 11:37 - 0015256 ____A C:\Users\Owner\Desktop\hs_err_pid3428.log
2011-11-05 08:27 - 2011-11-05 08:17 - 0000000 ____D C:\runeinsanityv6
2011-11-04 17:58 - 2011-11-04 17:58 - 0015561 ____A C:\Users\Owner\Desktop\hs_err_pid5500.log
2011-11-02 18:08 - 2011-11-02 18:08 - 0015167 ____A C:\Users\Owner\Desktop\hs_err_pid5808.log
2011-10-31 14:41 - 2011-10-31 14:41 - 0000000 ____D C:\$AVG
2011-10-30 16:38 - 2011-10-30 16:38 - 0015294 ____A C:\Users\Owner\Desktop\hs_err_pid664.log
2011-10-29 11:20 - 2011-10-29 11:20 - 0016493 ____A C:\Users\Owner\Desktop\hs_err_pid4084.log
2011-10-25 17:59 - 2009-07-13 21:08 - 0032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-10-24 17:01 - 2011-10-24 17:01 - 0000000 ___AH C:\Users\Owner\Desktop\pavlaojagb.tmp
2011-10-24 14:41 - 2010-12-13 15:46 - 0000000 ____D C:\Users\Owner\AppData\Local\Apple
2011-10-23 17:51 - 2011-07-22 17:19 - 0000000 ____D C:\Users\Owner\YanilleScape2
2011-10-12 17:57 - 2011-10-12 17:57 - 0000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2011-10-12 17:47 - 2010-01-22 10:42 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-10-12 17:33 - 2011-10-12 17:33 - 0001406 ____A C:\cayas2.ico
2011-10-12 17:33 - 2011-10-12 17:33 - 0000380 ____A C:\edu.bmp
2011-10-12 17:33 - 2011-10-12 17:33 - 0000304 ____A C:\dir.bmp
2011-10-12 17:33 - 2011-10-12 17:33 - 0000284 ____A C:\srch_map_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000279 ____A C:\hj_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000277 ____A C:\mov_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000274 ____A C:\trav_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000273 ____A C:\srch_stk_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000268 ____A C:\ab_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000265 ____A C:\srch_ans_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000240 ____A C:\srch_site_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000235 ____A C:\srch_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000138 ____A C:\flk2.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000131 ____A C:\srch_loc_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000123 ____A C:\srch_sh_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000121 ____A C:\srch_nws_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000113 ____A C:\srch_aud_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000112 ____A C:\srch_vid_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000112 ____A C:\srch_img_1.gif
2011-10-12 17:33 - 2011-10-12 17:33 - 0000103 ____A C:\del_1.gif

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3037.09 MB
Available physical RAM: 2539.21 MB
Total Pagefile: 3035.23 MB
Available Pagefile: 2530.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.44 GB) (Free:219.77 GB) NTFS ==>[Drive with boot components]
3 Drive e: () (Removable) (Total:3.74 GB) (Free:2.58 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3827 MB 0 B

Partitions of Disk 0:

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 1024 KB
Partition 2 Primary 283 GB 14 GB

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 283 GB Healthy

==========================================================

Last Boot: 2011-08-13 17:06

======================= End Of Log ==========================

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:44 AM

Posted 07 January 2012 - 10:04 AM

Hi,

that doesn't show anything obvious.

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK and make sure to select the downloaded ISO file as source and don't let the installer get the linux from th internet.
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • You will see a list of folders: sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB, please open that and confirm it's your flash drive.
  • If it is your flash drive press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 RadioDoug

RadioDoug
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 07 January 2012 - 10:47 AM

To the step where I reboot and press F12. nothing appears to happen here and the system continues to try to boot then locking up as originally described. I can reboot where it will go to system repair (which has been unsuccessful) or I can successfully press F8 and go to the advanced boot options..... should I try one of the options here?

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:44 AM

Posted 07 January 2012 - 11:39 AM

Hi,

no the BIOS menu is before the F8 menu. Do you see any kind of text say "press key xyz to enter menu" before the F8 menu?

Can you try F2 if F12 isn't wokring?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 RadioDoug

RadioDoug
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 07 January 2012 - 11:53 AM

We're back in business.... except I cant open the c32 file. I tried to attach it, but an error message pops up stating 'you aren't permitted to upload this kind of file" any thoughts?

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:44 AM

Posted 07 January 2012 - 05:43 PM

Hi,

what is the c32 file? If you want to attach it try zipping and attaching it then?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 RadioDoug

RadioDoug
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 07 January 2012 - 09:25 PM

Sorry for the delayed response. Back home finally. Is the attached file what you're wanting to see?

Thanks
Doug

Attached Files

  • Attached File  mbr.zip   678bytes   1 downloads


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:44 AM

Posted 08 January 2012 - 06:43 AM

Hi,

yes it is, but I'm gonna have to ask how did you get it? And why was it zipped twice?


What kind of PC is this? Prebuilt?

It looks as if we will need to replace the MBR, which means you could loose access to your recovery partition. Do you have the Recovery CDs for the PC?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 RadioDoug

RadioDoug
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 08 January 2012 - 07:29 AM

For reason unknown to me, the first time I zipped it, the error message could not attach this type of file came up.

It is a prebuilt pc, ASUS brand, model K501. I bought it from a local shop off the display shelf, which unfortunately for me, did not include backup discs, etc.

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:44 AM

Posted 08 January 2012 - 11:12 AM

Hi,

ok, we need to see if we can recover the original MBR code somehow then.


please boot into xPUD again and run the following command from command line just as before: dd if=/dev/sda of=MBRbackup2.zip bs=512 count=63.

Please attach MBRbackup2.zip to your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users