Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Black Screen Movable Mouse. Windows 7 64


  • This topic is locked This topic is locked
66 replies to this topic

#1 dontknowitall

dontknowitall

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 10 January 2013 - 12:48 PM

Hello,

I have a Windows 7 Home Premium 64bit machine that boots only to a black screen, with a movable mouse pointer.

I have tried all the various modes. I've tried system restore but it only points to a restore point from 2010. I've tried startup repair. I've manually rolled the registry back to about a week ago, but it still has the same problem. I'm not sure what else to do.

I've also tried to hood the HDD externally to another PC. When attempting to access the drive I get Access Denied errors. After taking ownership of the files I was able to see them, but it didn't resolve any issues. Attemping to hook the HDD to any other PC's or user accounts provides the same permission errors. Hope that helps some.

Any halp is appreciated. Thank you.

***Note: Right now I am running this command from the command prompt in the recovery console. icacls * /T /Q /C /RESET

Edited by dontknowitall, 10 January 2013 - 12:59 PM.


BC AdBot (Login to Remove)

 


#2 dontknowitall

dontknowitall
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 10 January 2013 - 12:59 PM

***Note: Right now I am running this command from the command prompt in the recovery console. icacls * /T /Q /C /RESET

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,443 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:27 AM

Posted 10 January 2013 - 01:43 PM

Hello,

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#4 dontknowitall

dontknowitall
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 10 January 2013 - 02:15 PM

Its running the scan now. Just so youknow the CACLS command kept comming up with "The system cannot find the path specified" on EVERY file, so I stopped it and ran the FRST program.

#5 dontknowitall

dontknowitall
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 10 January 2013 - 02:17 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013
Ran by SYSTEM at 10-01-2013 13:13:46
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2010-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [273528 2011-08-26] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [202328 2012-08-30] (Kaspersky Lab ZAO)
HKU\Bob\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-12-09] (Google Inc.)
HKU\Bob\...\Run: [Spotify] "C:\Users\Bob\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [7880664 2012-11-07] (Spotify Ltd)
HKU\Bob\...\Run: [Spotify Web Helper] "C:\Users\Bob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-11-07] (Spotify Ltd)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Startup: C:\Users\Administrator\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\MRI_DISABLED ()
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\UpdatusUser\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AVP; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" -r [202328 2012-08-30] (Kaspersky Lab ZAO)
2 Creative Service for CDROM Access; C:\Windows\SysWOW64\CTsvcCDA.EXE [44032 1999-12-12] (Creative Technology Ltd)
2 CrossLoopService; "C:\Users\Bob\AppData\Local\CrossLoop\CrossLoopService.exe" --service [569072 2012-01-06] (CrossLoop)
2 CSObjectsSrv; "C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe" [743992 2009-12-21] (Infowatch)
2 DefaultTabUpdate; "C:\Users\Fred\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe" [114240 2012-05-15] (TODO: <Company name>)
2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1174824 2012-07-18] (Starfield Technologies)
4 Fix-It Utilities 10 Essentials Task Manager; C:\PROGRA~2\AVANQU~1\Fix-It\mxtask.exe -Service [529688 2010-03-25] (Avanquest Software)
3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
4 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [53248 2011-03-29] (NOS Microsystems Ltd.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-10-21] ()
2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [214520 2013-01-01] ()
2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [931640 2011-11-07] (Trusteer Ltd.)
4 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [244904 2009-07-02] ()
3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe [93848 2009-08-10] (SiSoftware)
3 tvnserver; "C:\Users\Bob\AppData\Local\CrossLoop\tvnserver.exe" -service [814080 2010-07-21] (GlavSoft LLC.)
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) =====================

3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-01-14] (Ralink Technology Corp.)
0 CSCrySec; C:\Windows\System32\Drivers\CSCrySec.sys [85048 2009-12-14] (Infowatch)
1 CSVirtualDiskDrv; C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch)
1 dvdfabio; C:\Windows\System32\Drivers\dvdfabio.sys [13184 2012-02-03] (Fengtao Software Inc.)
3 e1express; C:\Windows\System32\DRIVERS\e1e6232e.sys [286936 2009-06-05] (Intel Corporation)
0 KL1; C:\Windows\System32\Drivers\KL1.sys [458032 2011-10-20] (Kaspersky Lab ZAO)
1 kl2; C:\Windows\System32\Drivers\kl2.sys [13616 2011-10-20] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [636760 2012-12-23] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
3 klmouflt; C:\Windows\System32\Drivers\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-29] (Broadcom Corporation)
3 NPF; C:\Windows\System32\Drivers\NPF.sys [40464 2009-06-18] (CACE Technologies)
3 NPF; C:\Windows\SysWow64\Drivers\NPF.sys [34064 2009-06-18] (CACE Technologies)
1 RapportCerberus_43926; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-10-30] ()
1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2011-11-07] (Trusteer Ltd.)
0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [63760 2011-11-07] (Trusteer Ltd.)
1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [61712 2011-11-07] (Trusteer Ltd.)
3 RivaTuner64; \??\C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2011-01-01] ()
3 RTCore64; \??\C:\Program Files (x86)\EVGA Precision\RTCore64.sys [14440 2010-11-18] ()
3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
3 vdrive; C:\Windows\System32\Drivers\vdrive.sys [45952 2012-02-03] (Fengtao Software Inc.)
3 a2exec; \??\C:\Program Files (x86)\a-squared Anti-Malware\a2exec64.sys [x]
0 AvanquestFltr; C:\Windows\System32\DRIVERS\mxRCycle.sys [x]
2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-10 13:13 - 2013-01-10 13:13 - 00000000 ____D C:\FRST
2013-01-10 03:17 - 2011-02-24 17:19 - 02871808 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2013-01-05 08:52 - 2013-01-05 08:52 - 00003352 ____A C:\bootsqm.dat_.bak
2013-01-04 02:55 - 2013-01-04 02:55 - 00000049 ____A C:\Windows\.directory
2013-01-03 21:03 - 2012-12-24 23:31 - 00098304 ____A C:\bad__.bak
2013-01-03 21:02 - 2013-01-04 11:30 - 41156608 ____A C:\Windows\System32\config\SYSTEM_old
2013-01-03 21:01 - 2013-01-04 11:30 - 99762176 ____A C:\Windows\System32\config\SOFTWARE_old
2013-01-03 21:01 - 2013-01-04 11:12 - 00032768 ____A C:\Windows\System32\config\SECURITY_old
2013-01-03 21:00 - 2013-01-04 11:12 - 00098304 ____A C:\Windows\System32\config\SAM_old
2012-12-28 20:45 - 2012-12-28 20:45 - 00000000 ____D C:\Users\Bob\Application Data\WinRAR
2012-12-28 20:45 - 2012-12-28 20:45 - 00000000 ____D C:\Users\Bob\AppData\Roaming\WinRAR
2012-12-28 20:13 - 2012-12-28 20:13 - 00000000 ____D C:\bfa10c2d710a08e9b51383d66024bf3f
2012-12-27 17:07 - 2012-12-27 17:07 - 56725552 ____A (Creative Technology Ltd) C:\Users\Bob\Downloads\SBXF_PCDRV_LB_2_18_0013 (1).exe
2012-12-27 17:03 - 2012-12-27 17:04 - 56725552 ____A (Creative Technology Ltd) C:\Users\Bob\Downloads\SBXF_PCDRV_LB_2_18_0013.exe
2012-12-24 13:50 - 2012-12-24 13:50 - 01581424 ____A C:\Users\Bob\Downloads\PlayFizzSetup.exe
2012-12-24 13:50 - 2012-12-24 13:50 - 01581424 ____A C:\Users\Bob\Downloads\PlayFizzSetup (1).exe
2012-12-23 08:41 - 2012-12-23 08:41 - 00153053 ____A C:\Windows\System32\Drivers\klin.dat
2012-12-23 08:41 - 2012-12-23 08:41 - 00107384 ____A C:\Windows\System32\Drivers\klick.dat
2012-12-23 08:41 - 2009-12-14 09:44 - 00085048 ____A (Infowatch) C:\Windows\System32\Drivers\CSCrySec.sys
2012-12-23 08:41 - 2009-12-14 09:44 - 00066104 ____A (Infowatch) C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys
2012-12-23 08:39 - 2012-12-23 08:39 - 00636760 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2012-12-23 08:22 - 2012-12-23 08:22 - 00000000 ___SD C:\Users\Bob\My Documents\Passwords Database
2012-12-23 08:22 - 2012-12-23 08:22 - 00000000 ___SD C:\Users\Bob\Documents\Passwords Database
2012-12-22 06:06 - 2012-12-22 06:06 - 00017408 ____A C:\Users\Bob\Local Settings\WebpageIcons.db
2012-12-22 06:06 - 2012-12-22 06:06 - 00017408 ____A C:\Users\Bob\Local Settings\Application Data\WebpageIcons.db
2012-12-22 06:06 - 2012-12-22 06:06 - 00017408 ____A C:\Users\Bob\AppData\Local\WebpageIcons.db
2012-12-22 06:06 - 2012-12-22 06:06 - 00000000 ___RD C:\Backup
2012-12-21 00:07 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-21 00:07 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-21 00:07 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-21 00:07 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-13 00:10 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-13 00:10 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-13 00:10 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-13 00:10 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-13 00:10 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-13 00:10 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-13 00:10 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-13 00:10 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-13 00:10 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-13 00:10 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-13 00:10 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-13 00:10 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-13 00:10 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-13 00:10 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-13 00:10 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-13 00:10 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-13 00:10 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-13 00:10 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-13 00:10 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-13 00:10 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-13 00:10 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-13 00:10 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-13 00:10 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-13 00:10 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-13 00:10 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-13 00:10 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-13 00:10 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-13 00:10 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-13 00:10 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-13 00:10 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-13 00:10 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-13 00:10 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-12 14:05 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-12 14:05 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-12 14:05 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-12 14:05 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-12 14:05 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-12 14:05 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-12 14:05 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-12 14:05 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-12 14:05 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-12 14:05 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-12 14:05 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-12 14:05 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-12 14:05 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-12 14:05 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-12 14:05 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-12 14:05 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-12 14:05 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 14:05 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-12 14:04 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-12 14:04 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll


==================== One Month Modified Files and Folders =======

2013-01-10 13:13 - 2013-01-10 13:13 - 00000000 ____D C:\FRST
2013-01-10 13:13 - 2010-02-08 13:32 - 00000000 ___HD C:\users\Fred
2013-01-10 08:44 - 2011-01-23 19:27 - 00000000 ____D C:\Users\All Users\NVIDIA
2013-01-10 08:44 - 2011-01-23 19:27 - 00000000 ____D C:\Users\All Users\Application Data\NVIDIA
2013-01-10 08:20 - 2012-07-26 18:39 - 00040065 ____A C:\Windows\offSyncService.log
2013-01-10 08:20 - 2011-01-30 02:21 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2013-01-10 08:20 - 2011-01-30 02:21 - 00000000 ____D C:\Users\All Users\Application Data\Kaspersky Lab
2013-01-10 08:18 - 2010-02-08 13:52 - 2095517696 __ASH C:\hiberfil.sy_
2013-01-10 08:18 - 2009-08-01 19:53 - 268435456 __ASH C:\pagefile.sy_
2013-01-10 08:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\winevt
2013-01-08 17:27 - 2012-06-12 21:15 - 00000000 ____D C:\Program Files (x86)\CDRViewer
2013-01-08 17:27 - 2011-01-25 15:23 - 00000000 ____D C:\Program Files (x86)\ImTOO
2013-01-08 17:27 - 2010-02-28 03:29 - 00000000 ____D C:\Program Files (x86)\GetFLV
2013-01-08 08:42 - 2012-07-09 18:16 - 00000000 ____D C:\Program Files (x86)\1ClickDownload
2013-01-07 04:06 - 2012-08-19 13:01 - 00000000 ____D C:\users\Bob
2013-01-07 04:06 - 2011-08-18 16:39 - 00000000 ____D C:\users\Admin
2013-01-07 04:06 - 2011-04-02 14:01 - 00000000 ____D C:\users\[221 GB]
2013-01-07 04:06 - 2010-10-21 07:08 - 00000000 ____D C:\users\Administrator
2013-01-05 08:52 - 2013-01-05 08:52 - 00003352 ____A C:\bootsqm.dat_.bak
2013-01-04 11:30 - 2013-01-03 21:02 - 41156608 ____A C:\Windows\System32\config\SYSTEM_old
2013-01-04 11:30 - 2013-01-03 21:01 - 99762176 ____A C:\Windows\System32\config\SOFTWARE_old
2013-01-04 11:12 - 2013-01-03 21:01 - 00032768 ____A C:\Windows\System32\config\SECURITY_old
2013-01-04 11:12 - 2013-01-03 21:00 - 00098304 ____A C:\Windows\System32\config\SAM_old
2013-01-04 02:55 - 2013-01-04 02:55 - 00000049 ____A C:\Windows\.directory
2013-01-01 23:15 - 2010-02-08 12:02 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-01 23:04 - 2012-08-11 06:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-01 22:19 - 2009-07-13 18:34 - 00524288 ____A C:\Windows\System32\config\default_bak
2013-01-01 22:17 - 2010-02-08 13:15 - 00023312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-01 22:17 - 2010-02-08 13:15 - 00023312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-01 22:12 - 2010-03-28 22:42 - 00065536 ____A C:\Windows\System32\bits.log
2013-01-01 22:11 - 2012-11-07 06:16 - 00000000 ____D C:\Users\Bob\Application Data\Spotify
2013-01-01 22:11 - 2012-11-07 06:16 - 00000000 ____D C:\Users\Bob\AppData\Roaming\Spotify
2013-01-01 22:09 - 2012-07-17 15:46 - 01356319 ____A C:\Windows\setupact.log
2013-01-01 22:09 - 2010-02-12 10:13 - 00000322 ____A C:\Windows\Tasks\GlaryInitialize.job
2013-01-01 22:09 - 2010-02-08 12:02 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-01 22:09 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-01 20:38 - 2010-12-26 14:37 - 00000000 ____D C:\Program Files (x86)\Steam
2013-01-01 19:45 - 2011-01-03 12:16 - 00214520 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-01-01 19:45 - 2011-01-03 12:09 - 00214520 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-01-01 19:30 - 2011-01-03 12:09 - 00214520 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-01-01 15:04 - 2012-09-16 09:29 - 00000000 ____D C:\Users\Bob\Local Settings\CrashDumps
2013-01-01 15:04 - 2012-09-16 09:29 - 00000000 ____D C:\Users\Bob\Local Settings\Application Data\CrashDumps
2013-01-01 15:04 - 2012-09-16 09:29 - 00000000 ____D C:\Users\Bob\AppData\Local\CrashDumps
2013-01-01 14:51 - 2012-09-14 06:23 - 00000000 ____D C:\Users\Bob\Local Settings\FileServe Manager
2013-01-01 14:51 - 2012-09-14 06:23 - 00000000 ____D C:\Users\Bob\Local Settings\Application Data\FileServe Manager
2013-01-01 14:51 - 2012-09-14 06:23 - 00000000 ____D C:\Users\Bob\AppData\Local\FileServe Manager
2013-01-01 14:26 - 2010-02-08 13:50 - 01390835 ____A C:\Windows\WindowsUpdate.log
2013-01-01 05:56 - 2010-03-28 22:42 - 00131072 ____A C:\Windows\System32\bits.bak
2013-01-01 00:10 - 2009-07-13 21:13 - 00831962 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-28 20:45 - 2012-12-28 20:45 - 00000000 ____D C:\Users\Bob\Application Data\WinRAR
2012-12-28 20:45 - 2012-12-28 20:45 - 00000000 ____D C:\Users\Bob\AppData\Roaming\WinRAR
2012-12-28 20:13 - 2012-12-28 20:13 - 00000000 ____D C:\bfa10c2d710a08e9b51383d66024bf3f
2012-12-27 17:07 - 2012-12-27 17:07 - 56725552 ____A (Creative Technology Ltd) C:\Users\Bob\Downloads\SBXF_PCDRV_LB_2_18_0013 (1).exe
2012-12-27 17:04 - 2012-12-27 17:03 - 56725552 ____A (Creative Technology Ltd) C:\Users\Bob\Downloads\SBXF_PCDRV_LB_2_18_0013.exe
2012-12-27 14:45 - 2010-02-21 15:55 - 00000000 ____D C:\Users\All Users\Real
2012-12-27 14:45 - 2010-02-21 15:55 - 00000000 ____D C:\Users\All Users\Application Data\Real
2012-12-27 14:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-12-27 14:16 - 2010-07-01 13:17 - 00000398 ____A C:\Windows\Tasks\EasyShare Registration Task.job
2012-12-26 20:08 - 2012-07-26 18:38 - 00028940 ____A C:\Windows\PFRO.log
2012-12-24 23:31 - 2013-01-03 21:03 - 00098304 ____A C:\bad__.bak
2012-12-24 13:50 - 2012-12-24 13:50 - 01581424 ____A C:\Users\Bob\Downloads\PlayFizzSetup.exe
2012-12-24 13:50 - 2012-12-24 13:50 - 01581424 ____A C:\Users\Bob\Downloads\PlayFizzSetup (1).exe
2012-12-24 08:05 - 2012-11-07 06:16 - 00000000 ____D C:\Users\Bob\Local Settings\Spotify
2012-12-24 08:05 - 2012-11-07 06:16 - 00000000 ____D C:\Users\Bob\Local Settings\Application Data\Spotify
2012-12-24 08:05 - 2012-11-07 06:16 - 00000000 ____D C:\Users\Bob\AppData\Local\Spotify
2012-12-23 08:41 - 2012-12-23 08:41 - 00153053 ____A C:\Windows\System32\Drivers\klin.dat
2012-12-23 08:41 - 2012-12-23 08:41 - 00107384 ____A C:\Windows\System32\Drivers\klick.dat
2012-12-23 08:40 - 2011-01-30 02:07 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2012-12-23 08:39 - 2012-12-23 08:39 - 00636760 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2012-12-23 08:22 - 2012-12-23 08:22 - 00000000 ___SD C:\Users\Bob\My Documents\Passwords Database
2012-12-23 08:22 - 2012-12-23 08:22 - 00000000 ___SD C:\Users\Bob\Documents\Passwords Database
2012-12-22 06:06 - 2012-12-22 06:06 - 00017408 ____A C:\Users\Bob\Local Settings\WebpageIcons.db
2012-12-22 06:06 - 2012-12-22 06:06 - 00017408 ____A C:\Users\Bob\Local Settings\Application Data\WebpageIcons.db
2012-12-22 06:06 - 2012-12-22 06:06 - 00017408 ____A C:\Users\Bob\AppData\Local\WebpageIcons.db
2012-12-22 06:06 - 2012-12-22 06:06 - 00000000 ___RD C:\Backup
2012-12-21 00:31 - 2009-07-13 20:45 - 00473512 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-19 18:03 - 2012-04-10 19:12 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-19 18:03 - 2011-05-18 10:04 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-19 18:03 - 2008-12-09 20:41 - 00000000 ____D C:\Users\All Users\Application Data\Adobe
2012-12-19 18:03 - 2008-12-09 20:41 - 00000000 ____D C:\Users\All Users\Adobe
2012-12-16 09:11 - 2012-12-21 00:07 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-16 06:45 - 2012-12-21 00:07 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-16 06:13 - 2012-12-21 00:07 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-16 06:13 - 2012-12-21 00:07 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-15 04:21 - 2012-08-19 13:17 - 00000000 ____D C:\Users\Bob\Local Settings\Google
2012-12-15 04:21 - 2012-08-19 13:17 - 00000000 ____D C:\Users\Bob\Local Settings\Application Data\Google
2012-12-15 04:21 - 2012-08-19 13:17 - 00000000 ____D C:\Users\Bob\AppData\Local\Google
2012-12-13 01:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-13 00:40 - 2010-02-10 00:20 - 00001080 ____A C:\Windows\System32\settingsbkup.sfm
2012-12-13 00:40 - 2010-02-10 00:20 - 00001080 ____A C:\Windows\System32\settings.sfm
2012-12-13 00:21 - 2010-02-09 15:50 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-13 00:21 - 2010-02-09 15:50 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-12-13 00:12 - 2010-02-10 21:57 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 8125.93 MB
Available physical RAM: 6831.63 MB
Total Pagefile: 8124.07 MB
Available Pagefile: 6985.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:683.57 GB) (Free:342.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:5.16 GB) NTFS
8 Drive j: (NIGHTTIME) (Removable) (Total:1.86 GB) (Free:0.05 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 1910 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 62 MB 31 KB
Partition 2 Primary 15 GB 63 MB
Partition 3 Primary 683 GB 15 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 62 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 15 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 683 GB Healthy

=========================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1910 MB 31 KB

==================================================================================

Disk: 5
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J NIGHTTIME FAT32 Removable 1910 MB Healthy

=========================================================

Last Boot: 2012-12-24 23:31

==================== End Of Log =============================

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,443 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:27 AM

Posted 10 January 2013 - 03:44 PM

Could you please tell me what exactly happened before this problem occurred?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 dontknowitall

dontknowitall
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 10 January 2013 - 03:50 PM

From what I gather, there was a problem with no internet. After restart, this is what happened.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,443 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:27 AM

Posted 11 January 2013 - 01:40 AM

Have you tried a Startup Repair in the Recovery Environment? If not, please do so.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 dontknowitall

dontknowitall
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 11 January 2013 - 10:06 AM

Yes that has been attempted. No luck

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,443 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:27 AM

Posted 11 January 2013 - 10:43 AM

Did it find no errors or did it say it couldn't fix the error. If the latter, what was the error message?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 dontknowitall

dontknowitall
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 11 January 2013 - 12:47 PM

It said it could not find any errors.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,443 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:27 AM

Posted 11 January 2013 - 01:02 PM

Please open a command prompt in the recovery environment. Type the following lines and press enter after each one.

c:

chkdsk /r


When asked to unmount the volume, please confirm. If the disk check doesn't start automatically afterward, repeat the command. Let the disk check run unhindered. Note that this may take quite some time.

Please let me know if any errors were found when done.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 dontknowitall

dontknowitall
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 11 January 2013 - 04:43 PM

It did not resolve the problem, but did repair errors.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,443 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:27 AM

Posted 12 January 2013 - 04:54 AM

Did it report any bad sectors?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 dontknowitall

dontknowitall
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 14 January 2013 - 12:54 PM

No bad sectors. I ran it again and it said it found no errors.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users