Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems with boot


  • This topic is locked This topic is locked
34 replies to this topic

#1 JackieBrown

JackieBrown

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:05:09 PM

Posted 02 July 2012 - 08:48 AM

I had some issues and i tried to solve here Other Topic
but now i can't launch windows 7 normally.
If you read the topic you notice that i have choose to boot in safe mode from msconfig
and i don't know how to first uncheck this option and second to boot on desktop normally
because now i see only a black screen and cursor.

What did you suggest me? Whta can i do?

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,070 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:09 PM

Posted 02 July 2012 - 01:25 PM

Hello,
First of all, please be aware of the fact that at BC we do not support the usage of Hiren's boot CD, see also this topic.

Second, please read and take head of this article, I do not recommend to use linux rescue disks, continuing to do so can cause more harm than good to your computer and for that reason I request you not to use any as long as we are working to solve your issues.

Please follow instructions carefully, do not undertake fixes on your own, as you have seen that doesn't do a lot of good.

Can you explain me where exactly you see the black screen/blinking cursor? Do you still see the windows splash screen, is the F8 advanced boot options menu available?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 JackieBrown

JackieBrown
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:05:09 PM

Posted 02 July 2012 - 03:11 PM

OK, i understand but in this situation i don't have another option, i can boot 100% only with live cd.

After the drivers loaded the monitor is black and only the cursor it appears.
Yes, F2, for me, is available. I had tried to choose the normal boot way but it didn't worked,
after my selection it appears a message that windows load in safe mode.
The same black enviroment with the cursor and nasdaq said to me to ask here in windows forum.

What did you mean splash screen? The win 7 logo?
I ask because i have choose to boot with verbose mode and i can't see anything else exept the drivers
that load and after that the black screen and not the screen with the users :(

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,070 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:09 PM

Posted 02 July 2012 - 03:20 PM

So, you see the black safe mode screen. Can you try if Alt-Ctrl-Del brings up the Task manager?

Also, start the computer and tap F8 until the Advanced Boot Options menu comes up. Do you see the Repair Windows option?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 JackieBrown

JackieBrown
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:05:09 PM

Posted 03 July 2012 - 09:37 AM

Task manager doesn't work neither left mouse button or win button

Basically nothing works :(

F8 is for boot device order
F2 is for windows error recovery

I chose all the ways and in normal mode it shows a message that windows loading in safe mode
and the result is black screen and the cursor. In safe mode, safe mode with network and safe mode
with command line the same result with previous option, but i noticed that in all options the procedure
of loading drivers sticks a few seconds on classpnp.sys, after that black screen follows...

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,070 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:09 PM

Posted 03 July 2012 - 09:58 AM

Also, start the computer and tap F8 until the Advanced Boot Options menu comes up. Do you see the Repair Windows option?

This would be at the same screen where you can choose the different safe mode options. If its not there, highlight Normal Mode, put one finger on the F8 key, press enter and immediatly tap F8, that should bring up a similar list with more options.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 JackieBrown

JackieBrown
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:05:09 PM

Posted 03 July 2012 - 11:58 AM

If its not there, highlight Normal Mode, put one finger on the F8 key, press enter and immediatly tap F8, that should bring up a similar list with more options.


Nop, nothing bring up, it passes F8 and continuing to boot

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,070 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:09 PM

Posted 03 July 2012 - 12:11 PM

Do you have another computer with Windows 7 (must match 32 bit or 64 bit with this computer) that you could use to create a recovery disk?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 JackieBrown

JackieBrown
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:05:09 PM

Posted 03 July 2012 - 12:54 PM

I don't have another pc with 7, but i can create a recovery disk with another way...
I found the files for the recovery disk and i'm trying to find the installation disc now...

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,070 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:09 PM

Posted 03 July 2012 - 01:17 PM

If you can obtain a legit recovery disk then its okay. Let me know when you have it.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 JackieBrown

JackieBrown
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:05:09 PM

Posted 03 July 2012 - 02:28 PM

Efforts were in vain and will burn a disk,
then what should i do when i start with the disk?
Which options will be my selections?
I will select to repair pc?
Could you guide me?

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,070 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:09 PM

Posted 03 July 2012 - 02:36 PM

After you create the disk, do the following:

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options by using Windows 7 recovery disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 JackieBrown

JackieBrown
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:05:09 PM

Posted 03 July 2012 - 05:15 PM

FRST log:
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 01-07-2012
Ran by SYSTEM at 04-07-2012 01:44:20
Running from G:\
Windows 7 Ultimate (X86) OS Language: 0Greek
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [202296 2011-04-24] (Kaspersky Lab ZAO)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\RedOne\...\Run: [SpybotSD TeaTimer] C:\Program Files\SpybotSearch&Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\RedTwo\...\Run: [SpybotSD TeaTimer] C:\Program Files\SpybotSearch&Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit [1716784 2012-04-24] (Soluto)
Winlogon\Notify\!SASWinLogon: M:\PortableApps\SuperAntiSpy\SASWINLO.DLL [X]
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO)
Tcpip\..\Interfaces\{5C5160B5-5CF5-4164-96E7-FB49A818AF7B}: [NameServer]62.169.194.47,62.169.194.48
Startup: C:\Users\RedTwo\Start Menu\Programs\Startup\AutorunsDisabled ()

================================ Services (Whitelisted) ==================

4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -r [202296 2011-04-24] (Kaspersky Lab ZAO)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-14] (Microsoft Corporation)
4 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [335872 2006-10-26] (Microsoft Corporation)
3 Microsoft Office Groove Audit Service; "C:\Program Files\MicrosoftOffice\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1262400 2012-05-15] (NVIDIA Corporation)
2 SBSDWSCService; C:\Program Files\SpybotSearch&Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
3 SolutoService; "C:\Program Files\Soluto\SolutoService.exe" [584224 2012-04-24] (Soluto)
3 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382272 2012-05-15] (NVIDIA Corporation)
2 !SASCORE; "C:\PortableApps\SuperAntiSpy\SASCORE.EXE" [x]
4 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
3 es1371; C:\Windows\System32\drivers\es1371mp.sys [40832 2002-06-03] (Creative Technology Ltd.)
0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO)
1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [570160 2011-04-20] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [23856 2011-03-10] (Kaspersky Lab ZAO)
3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [14904 2010-07-07] (Secunia)
0 Soluto; C:\Windows\System32\DRIVERS\Soluto.sys [51144 2012-04-24] (Soluto LTD.)
4 catchme; \??\C:\Users\RedOne\AppData\Local\Temp\catchme.sys [x]
3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [x]
3 PORTMON; \??\C:\Program Files\PortApps\PortableApps\WSCCPortable\SysInternals\PORTMSYS.SYS [x]
3 PROCEXP150; \??\C:\Windows\system32\Drivers\PROCEXP150.SYS [x]
3 PROCEXP151; \??\C:\Windows\system32\Drivers\PROCEXP151.SYS [x]
1 SASDIFSV; \??\M:\PortableApps\SuperAntiSpy\SASDIFSV.SYS [x]
1 SASKUTIL; \??\M:\PortableApps\SuperAntiSpy\SASKUTIL.SYS [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-29 13:20 - 2012-06-29 13:26 - 522565534 ____A C:\Users\RedTwo\Downloads\Hirens.BootCD.15.1.zip
2012-06-29 12:24 - 2012-06-29 12:26 - 88193576 ____A C:\Users\RedTwo\Downloads\DrWeb.exe
2012-06-26 08:48 - 2012-06-26 08:48 - 00000000 ____D C:\Malwarebytes
2012-06-26 07:59 - 2012-06-26 07:58 - 00442125 ___RA C:\Windows\System32\Drivers\etc\hosts.20120626-085934.backup
2012-06-26 07:17 - 2012-06-26 07:17 - 00000000 ____D C:\Users\RedOne\AppData\Local\Macromedia
2012-06-26 06:57 - 2012-06-26 06:57 - 00109216 ____A C:\Users\RedOne\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-26 04:29 - 2012-06-26 04:29 - 00109216 ____A C:\Users\RedTwo\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-25 18:53 - 2012-06-25 18:53 - 00000000 ____D C:\Users\RedTwo\AppData\Roaming\SUPERAntiSpyware.com
2012-06-25 16:13 - 2012-06-25 16:14 - 17369822 ____A (PortableApps.com) C:\Users\RedTwo\Downloads\WiresharkPortable-1.0.0.paf.exe
2012-06-25 14:31 - 2012-06-25 14:31 - 00404368 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-24 20:54 - 2012-06-24 20:54 - 00131956 ____A C:\Users\RedTwo\Desktop\OTL.Txt
2012-06-24 19:15 - 2012-06-24 19:15 - 00596992 ____A (OldTimer Tools) C:\Users\RedTwo\Desktop\OTL.exe
2012-06-24 16:04 - 2012-06-30 13:01 - 00000636 ____A C:\Users\RedTwo\Desktop\SystemLook.txt
2012-06-24 16:03 - 2012-06-24 16:03 - 00139264 ____A C:\Users\RedTwo\Desktop\SystemLook.exe
2012-06-24 00:51 - 2012-06-24 00:49 - 00442125 ___RA C:\Windows\System32\Drivers\etc\hosts.20120624-015108.backup
2012-06-24 00:49 - 2012-06-23 20:27 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.20120624-014915.backup
2012-06-23 20:30 - 2012-06-23 20:30 - 00016897 ____A C:\ComboFix.txt
2012-06-23 19:33 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-23 19:33 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-23 19:33 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-23 19:33 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-23 19:33 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-23 19:33 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-23 19:33 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-23 19:33 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-23 19:32 - 2012-06-23 20:30 - 00000000 ___AD C:\Qoobox
2012-06-23 19:32 - 2012-06-23 20:30 - 00000000 ____D C:\ComboFix
2012-06-23 19:32 - 2012-06-23 20:29 - 00000000 ____D C:\Windows\erdnt
2012-06-23 17:57 - 2012-06-23 17:57 - 04565820 ____R (Swearware) C:\Users\RedTwo\Desktop\ComboFix.exe
2012-06-22 23:43 - 2012-06-22 23:43 - 00000000 ____D C:\Program Files\VirusTotalUploader2
2012-06-22 23:42 - 2012-06-22 23:41 - 00142981 ____A C:\Users\RedTwo\Downloads\VirusTotal Uploader2.0.exe
2012-06-22 12:23 - 2012-06-22 12:25 - 00000000 ___RD C:\Users\RedTwo\Documents\All.DOC.Files
2012-06-22 12:21 - 2012-07-03 17:34 - 00000000 ___RD C:\Users\RedTwo\Documents\All.TXT.Files
2012-06-22 08:42 - 2012-06-03 00:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 08:42 - 2012-06-03 00:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 08:42 - 2012-06-03 00:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 08:42 - 2012-06-03 00:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 08:42 - 2012-06-03 00:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 08:42 - 2012-06-03 00:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 08:42 - 2012-06-03 00:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 08:42 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 08:42 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 21:15 - 2012-06-20 21:15 - 00000492 ____A C:\Windows\UPDLL.LOG
2012-06-20 21:14 - 2012-06-20 21:14 - 00000000 ___AD C:\Windows\VDLL.DLL
2012-06-20 21:14 - 2012-06-20 21:14 - 00000000 ___AD C:\Windows\System32\runouce.exe
2012-06-20 21:14 - 2012-06-20 21:14 - 00000000 ___AD C:\Windows\rundll16.exe
2012-06-20 21:14 - 2012-06-20 21:14 - 00000000 ___AD C:\Windows\RUNDL132.EXE
2012-06-20 21:14 - 2012-06-20 21:14 - 00000000 ___AD C:\Windows\logo1_.exe
2012-06-20 21:14 - 2012-06-20 21:14 - 00000000 ___AD C:\Windows\logo_1.exe
2012-06-20 21:11 - 2012-06-20 21:11 - 00001268 ____A C:\Windows\ESCAN.LOG
2012-06-20 21:10 - 2012-06-20 21:13 - 00000176 ____A C:\Windows\general.log
2012-06-20 21:10 - 2012-06-20 21:13 - 00000056 ____A C:\Windows\Lic.xxx
2012-06-20 21:08 - 2012-06-20 21:08 - 00655872 ____A (Microsoft Corporation) C:\Windows\System32\msvcr90.dll
2012-06-20 21:08 - 2012-06-20 21:08 - 00632064 ____A (Microsoft Corporation) C:\Windows\System32\msvcr80.dll
2012-06-20 21:08 - 2012-06-20 21:08 - 00572928 ____A (Microsoft Corporation) C:\Windows\System32\msvcp90.dll
2012-06-20 21:08 - 2012-06-20 21:08 - 00554240 ____A (Microsoft Corporation) C:\Windows\System32\msvcp80.dll
2012-06-20 21:08 - 2012-06-20 21:08 - 00034048 ____A (MicroWorld Technologies Inc.) C:\Windows\System32\eEmpty.exe
2012-06-20 21:08 - 2012-06-20 21:08 - 00000000 ____D C:\Program Files\Common Files\MicroWorld
2012-06-20 21:07 - 2012-06-20 21:08 - 00000000 ____D C:\Users\All Users\MicroWorld
2012-06-19 16:27 - 2012-06-19 16:27 - 00000000 ____D C:\Users\RedOne\AppData\Roaming\f-secure
2012-06-19 16:26 - 2012-06-19 16:26 - 00000000 ____D C:\Users\All Users\F-Secure
2012-06-19 16:13 - 2012-06-19 16:13 - 00000000 ____D C:\Users\All Users\Sun
2012-06-19 16:13 - 2012-06-19 16:13 - 00000000 ____D C:\Program Files\Common Files\Java
2012-06-19 16:11 - 2012-06-19 16:11 - 00000000 ____D C:\Program Files\Oracle
2012-06-19 16:10 - 2012-06-19 16:10 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-19 16:10 - 2012-06-19 16:10 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-19 16:10 - 2012-06-19 16:10 - 00000000 ____D C:\Program Files\Java
2012-06-19 16:10 - 2012-05-04 18:29 - 00772504 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-19 16:10 - 2012-05-04 18:29 - 00687504 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-19 16:10 - 2012-05-04 18:29 - 00227720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-19 02:38 - 2012-06-19 02:31 - 00443021 ___RA C:\Windows\System32\Drivers\etc\hosts.20120619-033835.backup
2012-06-16 11:28 - 2012-06-16 11:28 - 00017408 ____A C:\Users\RedTwo\AppData\Local\WebpageIcons.db
2012-06-14 18:44 - 2012-06-14 18:43 - 01095984 ____A (ThinstallSoft.com) C:\Users\RedTwo\Downloads\PowerToolPortable_4.2_English.paf.exe
2012-06-14 17:57 - 2012-06-14 17:57 - 00000000 ____D C:\Users\All Users\Sophos
2012-06-13 19:03 - 2012-05-15 03:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 19:01 - 2012-04-26 06:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 19:01 - 2012-04-26 06:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 19:01 - 2012-04-26 06:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 18:59 - 2012-05-18 01:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 18:59 - 2012-05-18 00:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 18:59 - 2012-05-18 00:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 18:59 - 2012-05-18 00:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 18:59 - 2012-05-18 00:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 18:59 - 2012-05-18 00:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 18:59 - 2012-05-18 00:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 18:59 - 2012-05-18 00:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 18:59 - 2012-05-18 00:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 18:59 - 2012-05-18 00:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 18:59 - 2012-05-18 00:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 18:59 - 2012-05-18 00:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 18:59 - 2012-05-18 00:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 18:59 - 2012-05-18 00:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 18:57 - 2012-04-28 06:41 - 00919040 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-06-13 18:57 - 2012-04-28 05:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 18:25 - 2012-05-01 06:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 18:25 - 2012-04-24 06:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 18:25 - 2012-04-24 06:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 18:25 - 2012-04-24 06:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 18:25 - 2012-04-07 13:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 00:43 - 2012-06-13 00:43 - 00000000 ____D C:\Users\RedOne\Pavark
2012-06-13 00:34 - 2012-06-14 18:40 - 00205072 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2012-06-13 00:34 - 2012-06-13 01:06 - 00131344 ____A (trend_company_name) C:\Windows\System32\Drivers\tmrkb.sys
2012-06-10 21:02 - 2012-06-23 16:48 - 00000000 ___RD C:\Users\RedTwo\Documents\BleepingComputer
2012-06-10 20:46 - 2012-06-10 20:46 - 00000000 ____A C:\Users\RedOne\defogger_reenable
2012-06-10 20:39 - 2012-06-29 12:08 - 00000000 ___RD C:\Users\RedTwo\Downloads\BleepingComputer
2012-06-10 16:36 - 2012-06-10 16:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-10 16:35 - 2012-06-10 16:35 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-10 16:35 - 2012-04-04 14:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-10 15:36 - 2012-06-10 16:31 - 00000000 ____D C:\Users\RedOne\AppData\Roaming\SUPERAntiSpyware.com
2012-06-10 15:36 - 2012-06-10 15:36 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-10 15:32 - 2009-07-14 03:14 - 01397248 ____A (Microsoft Corporation) C:\Windows\System32\utilman.exe.bak
2012-06-10 15:29 - 2012-06-10 15:29 - 00028125 ____A C:\Startup Programs (REDONEDESK) 2012-06-10 16.28.41.txt
2012-06-09 19:36 - 2012-06-09 19:36 - 00000000 ____D C:\Users\RedTwo\AppData\Local\Macromedia
2012-06-09 17:51 - 2012-06-09 17:52 - 00000000 ____D C:\Program Files\GIMP


============ 3 Months Modified Files ========================

2012-06-30 13:01 - 2012-06-24 16:04 - 00000636 ____A C:\Users\RedTwo\Desktop\SystemLook.txt
2012-06-29 13:26 - 2012-06-29 13:20 - 522565534 ____A C:\Users\RedTwo\Downloads\Hirens.BootCD.15.1.zip
2012-06-29 12:26 - 2012-06-29 12:24 - 88193576 ____A C:\Users\RedTwo\Downloads\DrWeb.exe
2012-06-26 08:00 - 2011-05-19 16:23 - 01444127 ____A C:\Windows\WindowsUpdate.log
2012-06-26 07:58 - 2012-06-26 07:59 - 00442125 ___RA C:\Windows\System32\Drivers\etc\hosts.20120626-085934.backup
2012-06-26 07:04 - 2009-07-14 06:34 - 00014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-26 07:04 - 2009-07-14 06:34 - 00014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-26 07:02 - 2011-05-19 16:36 - 01364140 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-26 06:57 - 2012-06-26 06:57 - 00109216 ____A C:\Users\RedOne\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-26 06:57 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-26 06:57 - 2009-07-14 06:39 - 00038210 ____A C:\Windows\setupact.log
2012-06-26 04:29 - 2012-06-26 04:29 - 00109216 ____A C:\Users\RedTwo\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-25 16:14 - 2012-06-25 16:13 - 17369822 ____A (PortableApps.com) C:\Users\RedTwo\Downloads\WiresharkPortable-1.0.0.paf.exe
2012-06-25 14:31 - 2012-06-25 14:31 - 00404368 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-25 14:30 - 2011-05-19 16:26 - 00101500 ____A C:\Windows\PFRO.log
2012-06-24 20:54 - 2012-06-24 20:54 - 00131956 ____A C:\Users\RedTwo\Desktop\OTL.Txt
2012-06-24 19:15 - 2012-06-24 19:15 - 00596992 ____A (OldTimer Tools) C:\Users\RedTwo\Desktop\OTL.exe
2012-06-24 16:03 - 2012-06-24 16:03 - 00139264 ____A C:\Users\RedTwo\Desktop\SystemLook.exe
2012-06-24 12:27 - 2012-04-04 22:30 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-24 12:27 - 2011-09-29 23:31 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-24 01:22 - 2011-05-19 21:08 - 00007619 ____A C:\Users\RedOne\AppData\Local\Resmon.ResmonCfg
2012-06-24 00:51 - 2009-07-14 04:04 - 00442125 ___RA C:\Windows\System32\Drivers\etc\hosts.20120626-085816.backup
2012-06-24 00:49 - 2012-06-24 00:51 - 00442125 ___RA C:\Windows\System32\Drivers\etc\hosts.20120624-015108.backup
2012-06-23 20:30 - 2012-06-23 20:30 - 00016897 ____A C:\ComboFix.txt
2012-06-23 20:28 - 2009-07-14 04:04 - 00000215 ____A C:\Windows\system.ini
2012-06-23 20:27 - 2012-06-24 00:49 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.20120624-014915.backup
2012-06-23 17:57 - 2012-06-23 17:57 - 04565820 ____R (Swearware) C:\Users\RedTwo\Desktop\ComboFix.exe
2012-06-22 23:41 - 2012-06-22 23:42 - 00142981 ____A C:\Users\RedTwo\Downloads\VirusTotal Uploader2.0.exe
2012-06-21 14:40 - 2011-05-20 01:32 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-21 13:33 - 2009-07-14 04:04 - 00000736 ___RA C:\Windows\System32\Drivers\etc\hosts.20120621-173527.backup
2012-06-20 21:15 - 2012-06-20 21:15 - 00000492 ____A C:\Windows\UPDLL.LOG
2012-06-20 21:13 - 2012-06-20 21:10 - 00000176 ____A C:\Windows\general.log
2012-06-20 21:13 - 2012-06-20 21:10 - 00000056 ____A C:\Windows\Lic.xxx
2012-06-20 21:11 - 2012-06-20 21:11 - 00001268 ____A C:\Windows\ESCAN.LOG
2012-06-20 21:11 - 2009-07-14 04:04 - 00000855 ____A C:\Windows\win.ini
2012-06-20 21:08 - 2012-06-20 21:08 - 00655872 ____A (Microsoft Corporation) C:\Windows\System32\msvcr90.dll
2012-06-20 21:08 - 2012-06-20 21:08 - 00632064 ____A (Microsoft Corporation) C:\Windows\System32\msvcr80.dll
2012-06-20 21:08 - 2012-06-20 21:08 - 00572928 ____A (Microsoft Corporation) C:\Windows\System32\msvcp90.dll
2012-06-20 21:08 - 2012-06-20 21:08 - 00554240 ____A (Microsoft Corporation) C:\Windows\System32\msvcp80.dll
2012-06-20 21:08 - 2012-06-20 21:08 - 00034048 ____A (MicroWorld Technologies Inc.) C:\Windows\System32\eEmpty.exe
2012-06-19 16:10 - 2012-06-19 16:10 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-19 16:10 - 2012-06-19 16:10 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-19 02:38 - 2009-07-14 04:04 - 00443021 ____A C:\Windows\System32\Drivers\etc\hosts.74546271
2012-06-19 02:31 - 2012-06-19 02:38 - 00443021 ___RA C:\Windows\System32\Drivers\etc\hosts.20120619-033835.backup
2012-06-16 11:28 - 2012-06-16 11:28 - 00017408 ____A C:\Users\RedTwo\AppData\Local\WebpageIcons.db
2012-06-14 20:54 - 2009-07-14 04:04 - 00443021 ___RA C:\Windows\System32\Drivers\etc\hosts.20120619-033133.backup
2012-06-14 18:43 - 2012-06-14 18:44 - 01095984 ____A (ThinstallSoft.com) C:\Users\RedTwo\Downloads\PowerToolPortable_4.2_English.paf.exe
2012-06-14 18:40 - 2012-06-13 00:34 - 00205072 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2012-06-13 01:06 - 2012-06-13 00:34 - 00131344 ____A (trend_company_name) C:\Windows\System32\Drivers\tmrkb.sys
2012-06-10 20:46 - 2012-06-10 20:46 - 00000000 ____A C:\Users\RedOne\defogger_reenable
2012-06-10 15:32 - 2009-07-14 02:13 - 00669184 ____A () C:\Windows\System32\Utilman.exe
2012-06-10 15:29 - 2012-06-10 15:29 - 00028125 ____A C:\Startup Programs (REDONEDESK) 2012-06-10 16.28.41.txt
2012-06-03 00:19 - 2012-06-22 08:42 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-03 00:19 - 2012-06-22 08:42 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-03 00:19 - 2012-06-22 08:42 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-03 00:19 - 2012-06-22 08:42 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-03 00:19 - 2012-06-22 08:42 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-03 00:12 - 2012-06-22 08:42 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-03 00:12 - 2012-06-22 08:42 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:19 - 2012-06-22 08:42 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:12 - 2012-06-22 08:42 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-24 23:18 - 2012-05-24 23:18 - 04472832 ____A (Google Inc.) C:\Windows\System32\GPhotos.scr
2012-05-18 03:13 - 2012-05-18 03:13 - 00001459 ____A C:\Users\RedTwo\.recently-used.xbel
2012-05-18 01:11 - 2012-06-13 18:59 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-18 00:48 - 2012-06-13 18:59 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-18 00:45 - 2012-06-13 18:59 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-18 00:36 - 2012-06-13 18:59 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-18 00:35 - 2012-06-13 18:59 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-18 00:35 - 2012-06-13 18:59 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-18 00:33 - 2012-06-13 18:59 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-18 00:31 - 2012-06-13 18:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-18 00:29 - 2012-06-13 18:59 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-18 00:29 - 2012-06-13 18:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-18 00:27 - 2012-06-13 18:59 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-18 00:25 - 2012-06-13 18:59 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-18 00:24 - 2012-06-13 18:59 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-18 00:20 - 2012-06-13 18:59 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-15 12:26 - 2012-05-25 11:42 - 19607872 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-05-15 12:26 - 2012-05-25 11:42 - 17551680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 12:26 - 2012-05-25 11:42 - 11354944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 12:26 - 2012-05-25 11:42 - 08105280 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2um.dll
2012-05-15 12:26 - 2012-05-25 11:42 - 05982528 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 12:26 - 2012-05-25 11:42 - 02524992 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 12:26 - 2012-05-25 11:42 - 02445120 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 12:26 - 2012-04-09 16:30 - 00061248 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 12:26 - 2012-02-29 17:12 - 15322432 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dum.dll
2012-05-15 12:26 - 2012-02-29 17:12 - 01000768 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2012-05-15 12:26 - 2012-02-29 17:12 - 00883008 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2012-05-15 12:26 - 2012-02-29 17:12 - 00011190 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 12:26 - 2010-07-10 04:37 - 02368832 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
2012-05-15 11:28 - 2011-06-30 18:02 - 02561344 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-05-15 11:28 - 2011-02-23 00:40 - 03931456 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-15 11:28 - 2011-02-23 00:38 - 00645440 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 11:28 - 2011-02-23 00:38 - 00108352 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 11:28 - 2010-07-09 15:37 - 00062272 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 11:27 - 2011-02-23 00:39 - 02759488 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc.dll
2012-05-15 04:45 - 2011-09-05 00:17 - 00001172 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-15 03:52 - 2011-09-05 00:17 - 00001168 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-15 03:05 - 2012-06-13 19:03 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-15 01:21 - 2012-05-15 01:21 - 00423744 ____A C:\Windows\System32\nvStreaming.exe
2012-05-14 16:02 - 2009-07-14 04:04 - 00442949 ___RA C:\Windows\System32\Drivers\etc\hosts.20120614-215438.backup
2012-05-11 20:25 - 2009-07-14 04:04 - 00442949 ___RA C:\Windows\System32\Drivers\etc\hosts.20120514-170203.backup
2012-05-11 19:21 - 2009-07-14 04:04 - 00442949 ___RA C:\Windows\System32\Drivers\etc\hosts.20120511-212552.backup
2012-05-08 05:13 - 2012-05-08 05:13 - 00000098 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.351.32.bc
2012-05-04 18:29 - 2012-06-19 16:10 - 00772504 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-05-04 18:29 - 2012-06-19 16:10 - 00687504 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-05-04 18:29 - 2012-06-19 16:10 - 00227720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-05-01 06:44 - 2012-06-13 18:25 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 06:41 - 2012-06-13 18:57 - 00919040 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-28 05:17 - 2012-06-13 18:57 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 06:45 - 2012-06-13 19:01 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 06:45 - 2012-06-13 19:01 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 06:41 - 2012-06-13 19:01 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 16:13 - 2012-05-08 05:11 - 00051144 ____A (Soluto LTD.) C:\Windows\System32\Drivers\Soluto.sys
2012-04-24 12:02 - 2012-04-08 11:53 - 00014088 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\Drivers\PROCEXP141.SYS
2012-04-24 06:36 - 2012-06-13 18:25 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 06:36 - 2012-06-13 18:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 06:36 - 2012-06-13 18:25 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-18 09:08 - 2012-04-18 09:08 - 00000059 ____A C:\Users\RedTwo\AppData\Roaming\WebThread.log
2012-04-17 20:57 - 2009-07-14 04:04 - 00442768 ___RA C:\Windows\System32\Drivers\etc\hosts.20120511-202140.backup
2012-04-17 15:47 - 2012-04-17 15:47 - 00001365 ____A C:\Users\RedTwo\Desktop\Mojo.lnk
2012-04-09 19:59 - 2009-07-14 04:04 - 00442223 ___RA C:\Windows\System32\Drivers\etc\hosts.20120417-215737.backup
2012-04-09 16:34 - 2012-04-09 16:34 - 00000020 ___SH C:\Users\UpdatusUser.RedOneDesk.000\ntuser.ini
2012-04-08 14:41 - 2012-04-08 14:41 - 00262144 ____A C:\users\UpdatusUser.RedOneDesk
2012-04-08 11:39 - 2012-04-08 11:39 - 01383584 ____A (PortableApps.com) C:\Users\RedTwo\Downloads\wsccportable.paf.exe
2012-04-07 13:26 - 2012-06-13 18:25 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 4095.3 MB
Available physical RAM: 3565.6 MB
Total Pagefile: 4093.58 MB
Available Pagefile: 3573.94 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.29 MB

======================= Partitions =========================

1 Drive c: (RedOneDesk001) (Fixed) (Total:223.57 GB) (Free:149.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RedOneDesk002) (Fixed) (Total:149.05 GB) (Free:148.96 GB) NTFS
4 Drive f: (WINDOWS7_GREEK_DVD) (CDROM) (Total:3.65 GB) (Free:0 GB) UDF
5 Drive g: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:270.89 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

œ˜ ›˜˜˜ © 1999-2008 ‘ š: MININT-7O16EII

ƒ婡 ### ‰˜ᩫ˜ž ‹šœŸ „œŸœ 騦 Dyn Gpt
---------- ---------- ------- --------------- --- ---
ƒ婡 0 ‹œ ›œž 298 GB 0 B
ƒ婡 1 ‹œ ›œž 149 GB 0 B
ƒ婡 2 ‹œ ›œž 931 GB 0 B

‰œ婠 DiskPart...


==========================================================

Last Boot: 2012-06-17 23:30

======================= End Of Log ==========================

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,070 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:09 PM

Posted 04 July 2012 - 01:06 AM

Please restart the computer without CD. Tap F10 until the Edit Boot Menu options come up. Let me know what is between the brackets ([.... ]).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 JackieBrown

JackieBrown
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:05:09 PM

Posted 04 July 2012 - 12:43 PM

HDD: PM-ST3320620A
CDROM: PS-HL-DT-STDVD-RAM GH22NP
CDROM: 3M-TSSTcorp CDDVDw TS-H65
SATA: 4M-ST3160815AS

Could you please do not use F buttons to avoid confusions?
Described to me what you want is better, because as i said above my F buttons have different functions.

Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users