Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware.Packer.Gen / Win7 won't start / HELP


  • This topic is locked This topic is locked
20 replies to this topic

#1 pespecial

pespecial

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lisbon, Portugal
  • Local time:08:30 PM

Posted 27 February 2013 - 12:59 PM

Hi,

 

Two days ago my laptop went dead.

I had been working at home all day, and had stopped for a while. When I came back, the laptop was off. I though it had "suspended". Pressed the button, and it made a strange beep (like the buffer beep). There was some disk activity, but the monitor wouldn't turn on, and so I switched the laptop off. And it never turned back on correctly again.

 

So this is what happens now:

 

Select Start Windows normally

Win 7 starts loading, but at the end of the "starting Windows logo" it appears the BSOD and restarts again. Over and over.

 

Select Startup Repair

It loads HP Recovery Manager.

System Restore - tried different restore points, but none works. Non specified error during system restore. (0x80070002)

Chkdsk Windows Partition - OK

Chkdsk Recovery Partition - OK

 

Select F8 (safe mode)

Every option makes BSOD

Stop BSOD reboot option - at the BSOD the Technical Information is:

*** STOP: 0x000000F4 (0x0000000000000003, 0xFFFFFA8008FF2B30, 0xFFFFFA8008FF2E10, 0xFFFFF80003B82470)

 

Booting with Hiren's Boot CD

The Antivirus behave strangely and mostly won't update or run.

Malwarebytes runs an detects the following

                                             
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.27.04

Windows XP x86 NTFS
Internet Explorer 6.0.2800.5512
SYSTEM :: MiniXP [administrator]

2013-02-27 17:43:29
mbam-log-2013-02-27 (17-43-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 87248
Time elapsed: 15 second(s)

Memory Processes Detected: 1
X:\I386\System32\keybtray.exe (Malware.Packer.Gen) -> 1752 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F} (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F} (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKCR\Interface\{3F4DACA0-160D-11D2-A8E9-00104B365C9F} (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKCR\VBScript.RegExp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
X:\I386\System32\keybtray.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
X:\I386\System32\msxml2.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
X:\I386\System32\vbscript.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
X:\I386\System32\wzcsvc.dll (Trojan.FakeAV) -> Quarantined and deleted successfully.
X:\I386\System32\sfcfiles.dll (Trojan.Patched) -> Quarantined and deleted successfully.

(end)

It cleans inected items, but at reboot they are all there again.

 

Tryed using Cameleon, but at a certain point... BSOD

 

Tryed using McAfee's Stinger. Scans all drives perfectly, except OS drive - again BSOD. Technical information: ntfs.sys

 

Can anyone help?

 

Thanks in advance

 

Pedro

 

 



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:30 PM

Posted 27 February 2013 - 05:09 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 pespecial

pespecial
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lisbon, Portugal
  • Local time:08:30 PM

Posted 27 February 2013 - 07:23 PM

Hi, CatByte! Thanks for the quick response!

 

Here it goes, then

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2013 01
Ran by SYSTEM at 28-02-2013 00:13:50
Running from I:\
Windows 7 Home Premium   (X64) OS Language: English(US)
The current controlset is ControlSet001


 

==================== Registry (Whitelisted) ===================


 

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM\...\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe [107832 2009-08-19] (Hewlett-Packard )
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-06] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-12-01] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [104480 2012-09-29] (Symantec)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot [296056 2012-06-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKU\Convidado\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1689144 2010-06-29] (Hewlett-Packard)
HKU\Convidado\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-07-21] (Hewlett-Packard Company)
HKU\Convidado\...\Policies\system: [WallpaperStyle] 2
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1689144 2010-06-29] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1689144 2010-06-29] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\Pedro\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [911160 2012-01-17] (Microsoft Corporation)
HKU\Pedro\...\Run: [Akamai NetSession Interface] "C:\Users\Pedro\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\Pedro\...\Run: []  [x]
HKU\Pedro\...\Policies\system: [WallpaperStyle] 2
HKU\Pedro\...\Policies\system: [LogonHoursAction] 2
HKU\Pedro\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Teresa\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1689144 2010-06-29] (Hewlett-Packard)
HKU\Teresa\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-07-21] (Hewlett-Packard Company)
HKU\Teresa\...\Run: [AdobeBridge]  [x]
HKU\Teresa\...\Policies\system: [WallpaperStyle] 2
HKU\Teresa\...\Policies\system: [LogonHoursAction] 2
HKU\Teresa\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1689144 2010-06-29] (Hewlett-Packard)
HKU\UpdatusUser\...\Policies\system: [WallpaperStyle] 2
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, [26624 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
AppInit_DLLs: acaptuser64.dll
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)


 

==================== Services (Whitelisted) ===================


 

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll [4539712 2012-11-12] (Akamai Technologies, Inc.)
4 Automatic CDROM Monitor; C:\Windows\SysWow64\SupportAppPT\ztemon_cd.exe [86016 2008-04-17] ()
2 CLKMSVC10_C6F09094; "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe" /svc [241648 2011-03-22] (CyberLink)
2 CrypKey License; C:\Windows\system32\crypserv.exe [126976 2010-03-18] (CrypKey (Canada) Ltd.)
3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)
2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [1053184 2012-12-06] (iolo technologies, LLC)
2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2003-04-18] ()
2 N360; "C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 NMSAccess; C:\Windows\SysWOW64\NMSAccessU.exe [71096 2009-01-12] ()
2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)
2 nvsvc; "C:\Windows\system32\nvvsvc.exe" [877856 2013-02-09] (NVIDIA Corporation)
2 nvUpdatusService; "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [1266464 2013-02-09] (NVIDIA Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-04-17] ()
3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\RpcAgentSrv.exe [93848 2009-08-10] (SiSoftware)
3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]


 

==================== Drivers (Whitelisted) =====================


 

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation)
1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
2 cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys [20968 2010-03-30] (Windows ® Win 7 DDK provider)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-13] (Symantec Corporation)
1 ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-12-06] (EldoS Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130222.001\IDSvia64.sys [513184 2012-11-30] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130225.004\ENG64.SYS [126192 2013-01-19] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130225.004\EX64.SYS [2087664 2013-01-19] (Symantec Corporation)
1 NetworkX; C:\Windows\System32\ckldrv.sys [30272 2010-03-18] ()
2 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
3 nvlddmkm; C:\Windows\System32\Drivers\nvlddmkm.sys [11040544 2013-02-09] ()
1 prodrv06; C:\Windows\SysWow64\Drivers\prodrv06.sys [52224 2004-01-26] (Protection Technology)
0 prohlp02; C:\Windows\SysWow64\Drivers\prohlp02.sys [95552 2004-01-26] (Protection Technology)
0 prosync1; C:\Windows\SysWow64\Drivers\prosync1.sys [6944 2003-09-06] (Protection Technology)
3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
0 sfhlp01; C:\Windows\SysWow64\Drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows ® Server 2003 DDK provider)
3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2012-03-28] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-05-26] (Symantec Corporation)
1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2012-03-28] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2012-03-28] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2012-03-28] (Symantec Corporation)
2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-08-26] (CyberLink Corp.)
3 cpuz130; \??\C:\Users\Pedro\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
4 eabfiltr;  [x]
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
3 Ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [x]
0 SMR311; C:\Windows\System32\drivers\SMR311.SYS [x]
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [x]
2 wuaserv;  [x]


 

==================== NetSvcs (Whitelisted) ====================


 


==================== One Month Created Files and Folders ========


 

2013-02-28 00:13 - 2013-02-28 00:13 - 00000000 ____D C:\FRST
2013-02-25 21:46 - 2013-02-25 21:46 - 00000000 ____D C:\NPE
2013-02-22 09:22 - 2013-02-22 09:22 - 00001680 ____A C:\Windows\System32\esnecil.ind
2013-02-22 09:22 - 2013-02-22 09:22 - 00000004 ____A C:\Windows\vx86036.dat
2013-02-22 09:21 - 2013-02-22 09:21 - 00000000 ____D C:\ProgramData\CrypKey
2013-02-22 09:18 - 2013-02-27 09:36 - 00003858 ____A C:\Windows\errord.log
2013-02-22 09:18 - 2013-02-23 02:26 - 00000404 ____A C:\Windows\error.log
2013-02-22 09:18 - 2013-02-22 09:18 - 00001098 ____A C:\Users\UpdatusUser\Desktop\PM FASTrack v7.lnk
2013-02-22 09:18 - 2013-02-22 09:18 - 00001098 ____A C:\Users\Teresa\Desktop\PM FASTrack v7.lnk
2013-02-22 09:18 - 2013-02-22 09:18 - 00001098 ____A C:\Users\Pedro\Desktop\PM FASTrack v7.lnk
2013-02-22 09:18 - 2013-02-22 09:18 - 00001098 ____A C:\Users\Convidado\Desktop\PM FASTrack v7.lnk
2013-02-22 09:18 - 2013-02-22 09:18 - 00000054 ____A C:\Windows\Crypkey.ini
2013-02-22 09:18 - 2010-03-18 15:11 - 00030272 ____A C:\Windows\System32\Ckldrv.sys
2013-02-22 09:18 - 2010-03-18 12:25 - 00126976 ____A (CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
2013-02-22 09:18 - 2010-01-20 08:28 - 00165888 ___RA (Kenonic Controls) C:\Windows\Ckconfig.exe
2013-02-22 09:18 - 2010-01-20 08:28 - 00011776 ____A C:\Windows\Ckrfresh.exe
2013-02-22 09:17 - 2013-02-22 09:28 - 00000000 ____D C:\Program Files (x86)\PM FASTrack v7
2013-02-22 08:39 - 2013-02-22 08:39 - 00001755 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-02-22 08:38 - 2013-02-22 08:38 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-22 08:38 - 2013-02-22 08:38 - 00000000 ____D C:\Program Files\iTunes
2013-02-22 08:38 - 2013-02-22 08:38 - 00000000 ____D C:\Program Files\iPod
2013-02-21 17:18 - 2013-02-22 01:58 - 904567958 ____A C:\Users\Pedro\Downloads\X-Art - Working Out Together - Kristen [1080p].mov
2013-02-21 09:43 - 2013-02-21 09:43 - 00000434 ____A C:\Users\Pedro\Desktop\Scommessa Fatale - Hardcore sex video - Tube8.com.website
2013-02-21 09:43 - 2013-02-21 09:43 - 00000422 ____A C:\Users\Pedro\Desktop\don tonino - Hardcore sex video - Tube8.com.website
2013-02-21 09:42 - 2013-02-21 17:26 - 00000571 ____A C:\Users\Pedro\Desktop\Marc Dorcel Offertes a tout 05 - Hardcore sex video - Tube8.com.website
2013-02-21 06:32 - 2013-02-21 06:32 - 04189792 ____A (Piriform Ltd) C:\Users\Pedro\Downloads\ccsetup327.exe
2013-02-20 16:38 - 2013-02-20 16:38 - 46878744 ____A (Microsoft Corporation) C:\Users\Pedro\Downloads\IE10-Windows6.1-x64-pt-pt.exe
2013-02-20 14:58 - 2013-02-20 14:58 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-02-20 14:54 - 2013-02-09 19:25 - 26947360 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-02-20 14:54 - 2013-02-09 19:25 - 25256736 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-02-20 14:54 - 2013-02-09 19:25 - 20534560 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-02-20 14:54 - 2013-02-09 19:25 - 17987192 ____A C:\Windows\System32\nvd3dumx.dll
2013-02-20 14:54 - 2013-02-09 19:25 - 17560352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-02-20 14:54 - 2013-02-09 19:25 - 15038296 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-02-20 14:54 - 2013-02-09 19:25 - 12862400 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-02-20 14:54 - 2013-02-09 19:25 - 11040544 ____A C:\Windows\System32\Drivers\nvlddmkm.sys
2013-02-20 14:54 - 2013-02-09 19:25 - 09422672 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-02-20 14:54 - 2013-02-09 19:25 - 07964680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-02-20 14:54 - 2013-02-09 19:25 - 07569184 ____A C:\Windows\System32\nvopencl.dll
2013-02-20 14:54 - 2013-02-09 19:25 - 06267240 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-02-20 14:54 - 2013-02-09 19:25 - 02911008 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-02-20 14:54 - 2013-02-09 19:25 - 02726176 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-02-20 14:54 - 2013-02-09 19:25 - 02528840 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-02-20 14:54 - 2013-02-09 19:25 - 02350368 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-02-20 14:54 - 2013-02-09 19:25 - 01990944 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-02-20 14:54 - 2013-02-09 19:25 - 01807136 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco6420294.dll
2013-02-20 14:54 - 2013-02-09 19:25 - 01510176 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6420162.dll
2013-02-20 14:54 - 2012-12-18 21:42 - 00031672 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2013-02-20 14:54 - 2012-12-18 21:41 - 00194488 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2013-02-20 14:54 - 2012-12-18 00:31 - 01510328 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2013-02-20 13:45 - 2013-02-21 09:23 - 00000507 ____A C:\Users\Pedro\Desktop\Coroebus's Videos  New  Page 5.website
2013-02-20 11:23 - 2013-02-20 11:24 - 226055376 ____A (NVIDIA Corporation) C:\Users\Pedro\Downloads\314.07-notebook-win8-win7-winvista-64bit-international-whql.exe
2013-02-20 11:22 - 2013-02-20 11:22 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-02-19 17:06 - 2013-02-19 17:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-16 16:41 - 2013-02-16 16:41 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-02-15 05:45 - 2013-02-15 05:45 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-02-15 05:45 - 2013-02-15 05:45 - 00000000 __SHD C:\Users\UpdatusUser\Os meus documentos
2013-02-15 05:45 - 2013-02-15 05:45 - 00000000 __SHD C:\Users\UpdatusUser\Modelos
2013-02-15 05:45 - 2013-02-15 05:45 - 00000000 __SHD C:\Users\UpdatusUser\Menu Iniciar
2013-02-15 05:45 - 2013-02-15 05:45 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Os meus vídeos
2013-02-15 05:45 - 2013-02-15 05:45 - 00000000 __SHD C:\Users\UpdatusUser\Documents\As minhas imagens
2013-02-15 05:45 - 2013-02-15 05:45 - 00000000 __SHD C:\Users\UpdatusUser\Documents\A minha música
2013-02-15 05:45 - 2013-02-15 05:45 - 00000000 __SHD C:\Users\UpdatusUser\Definições locais
2013-02-15 05:45 - 2013-02-15 05:45 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Histórico
2013-02-15 05:45 - 2012-09-20 01:59 - 00000000 ____D C:\Users\UpdatusUser\AppData\LocalGoogle
2013-02-15 05:45 - 2012-09-20 01:58 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Google
2013-02-15 05:45 - 2010-05-07 15:46 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2013-02-15 05:45 - 2010-02-19 16:43 - 00002328 ____A C:\Users\UpdatusUser\Desktop\CyberLink PowerDirector.lnk
2013-02-15 05:45 - 2010-02-13 18:18 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2013-02-12 16:00 - 2013-02-12 16:00 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-02-12 15:57 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-12 15:57 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-12 15:57 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-12 15:57 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-12 15:57 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-12 15:57 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-12 15:57 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-12 15:57 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-12 15:57 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-12 15:57 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-12 15:57 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-12 15:57 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-12 15:57 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-12 15:57 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-12 15:57 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-12 15:57 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-12 15:57 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-12 15:57 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-12 15:57 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-12 15:57 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-12 15:57 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-12 15:57 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-12 15:57 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-12 15:57 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-12 15:57 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-12 15:57 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-12 15:57 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-12 15:57 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-12 15:57 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-12 15:57 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-12 15:57 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-12 15:57 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-12 15:55 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-12 15:55 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-02-12 15:55 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-02-12 15:55 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-12 15:55 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-12 15:55 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-12 15:55 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-12 15:55 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-12 15:55 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-12 15:55 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-12 15:55 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-12 15:55 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-02-07 10:09 - 2013-02-07 10:09 - 00001853 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-02-07 10:09 - 2013-02-07 10:09 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-02-07 06:21 - 2013-02-07 06:22 - 00000000 ____D C:\Users\Pedro\Downloads\Arcade Fire [Discography]
2013-02-06 08:14 - 2013-02-06 08:14 - 00000000 ____A C:\Users\Pedro\Desktop\Novo Documento de Texto.txt
2013-02-05 11:36 - 2013-02-05 14:54 - 00000785 ____A C:\Users\Pedro\Desktop\Róisín Murphy - Simulation (OFFICIAL VIDEO) [HD] - YouTube.website
2013-02-04 06:25 - 2013-02-04 06:25 - 18104320 ____A C:\Users\Pedro\s-1-5-21-4203615034-718385012-1651184523-1000.rrr
2013-02-04 06:25 - 2013-02-04 06:25 - 04911104 ____A C:\Users\Teresa\s-1-5-21-4203615034-718385012-1651184523-1003.rrr
2013-02-04 06:25 - 2013-02-04 06:25 - 01716224 ____A C:\Users\Convidado\s-1-5-21-4203615034-718385012-1651184523-501.rrr
2013-02-04 06:17 - 2013-02-04 06:17 - 04808704 ____A C:\Windows\System32\config\default.rrr
2013-02-04 01:43 - 2013-02-04 01:43 - 00000406 ____A C:\Windows\System32\ioloBootDefrag.cfg
2013-02-04 01:41 - 2013-02-04 01:41 - 00002225 ____A C:\Users\Pedro\Desktop\System Mechanic.lnk
2013-02-04 01:41 - 2013-02-04 01:41 - 00000000 ____D C:\Program Files (x86)\iolo
2013-02-04 01:41 - 2012-12-06 15:58 - 00057144 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe
2013-02-04 01:41 - 2012-12-06 15:57 - 00025744 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe
2013-02-04 01:41 - 2012-12-06 15:42 - 02155248 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll
2013-02-04 01:41 - 2012-12-06 15:42 - 02097032 ____A (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
2013-02-04 01:41 - 2012-12-06 15:35 - 00069000 ____A (Microsoft Corporation) C:\Windows\System32\offreg.dll
2013-02-04 01:41 - 2012-12-06 15:35 - 00056200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2013-02-04 01:36 - 2013-02-04 01:36 - 00074703 ____A C:\Windows\SysWOW64\mfc45.dat
2013-02-04 01:36 - 2012-12-06 16:05 - 30567016 ____A (iolo technologies, LLC                                      ) C:\Users\Pedro\Downloads\SystemMechanic.exe
2013-02-04 01:36 - 2012-12-06 15:35 - 00030752 ____A (EldoS Corporation) C:\Windows\System32\Drivers\ElRawDsk.sys
2013-02-04 01:26 - 2013-02-04 01:26 - 00000000 ____D C:\iolo
2013-02-04 01:22 - 2013-02-04 07:10 - 00000000 ____D C:\ProgramData\iolo
2013-02-04 01:22 - 2013-02-04 01:43 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\iolo
2013-02-04 01:22 - 2013-02-04 01:22 - 00074703 ____A C:\Windows\SysWOW64mfc45.dll
2013-02-03 16:21 - 2013-02-04 06:25 - 116989952 ____A C:\Windows\System32\config\software.rrr
2013-02-03 14:10 - 2013-02-07 11:49 - 00061386 ____A C:\Windows\SysWOW64\AppLog.log
2013-02-03 08:55 - 2013-02-03 09:23 - 1554970624 ____A C:\Users\Pedro\Desktop\Festa Natal FAV2012.mpg
2013-02-03 02:14 - 2013-02-04 07:08 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\Norton Utilities 16
2013-02-02 16:40 - 2013-02-24 04:50 - 00000288 ____A C:\Windows\Tasks\NUAutoUpdate.job
2013-02-02 16:40 - 2013-02-02 16:40 - 00000000 ____D C:\Users\Pedro\Documents\Norton Utilities 16
2013-02-02 16:39 - 2013-02-02 16:39 - 00000064 ____A C:\Users\Pedro\Documents\my money.lrd
2013-02-02 16:28 - 2013-02-02 16:28 - 00001221 ____A C:\Users\Public\Desktop\Norton Utilities 16.lnk
2013-02-02 16:28 - 2013-02-02 16:28 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\Product_NU16
2013-02-02 16:28 - 2012-09-29 14:50 - 00512544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll
2013-02-02 16:28 - 2012-09-29 14:49 - 00040992 ____A C:\Windows\System32\CleanMFT64.exe
2013-02-02 16:28 - 2008-04-02 07:54 - 01101824 ____A (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox210.ocx
2013-02-02 16:28 - 2008-04-02 07:53 - 00880640 ____A (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox10.ocx
2013-02-02 16:28 - 2008-04-02 07:53 - 00212992 ____A (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBoxVB12.ocx
2013-02-01 15:36 - 2013-02-01 15:36 - 00000000 ____D C:\Download
2013-01-31 17:04 - 2010-02-16 01:57 - 00000883 ____A C:\Windows\System32\Drivers\etc\hosts.20130201-010427.backup
2013-01-31 04:59 - 2013-01-31 04:59 - 00001211 ____A C:\Users\Pedro\Desktop\SyncBackPro.lnk
2013-01-31 04:59 - 2011-05-31 11:03 - 00020480 ____A C:\Windows\SysWOW64\SyncBackPro.dll
2013-01-31 04:59 - 2009-01-12 00:15 - 00071096 ____A C:\Windows\SysWOW64\NMSAccessU.exe
2013-01-30 16:33 - 2013-01-30 16:40 - 14625436 ____A C:\Users\Pedro\Downloads\SyncBackPro_6.3.7.0 (1).rar
2013-01-30 16:24 - 2013-01-30 16:25 - 00000000 ____D C:\Program Files (x86)\Norton Power Eraser
2013-01-30 16:10 - 2013-01-30 16:10 - 00000000 ____D C:\Windows\System32\Drivers\NBRTWizardx64
2013-01-30 16:10 - 2013-01-30 16:10 - 00000000 ____D C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2013-01-30 16:09 - 2013-01-30 16:09 - 00912712 ____A (Symantec Corporation) C:\Users\Pedro\Downloads\NBRT-Retail-Downloader(2).exe
2013-01-30 16:09 - 2013-01-30 16:09 - 00912712 ____A (Symantec Corporation) C:\Users\Pedro\Downloads\NBRT-Retail-Downloader(1).exe
2013-01-30 16:06 - 2013-01-30 16:09 - 00001266 ____A C:\Users\Pedro\Desktop\Norton Download Manager.lnk
2013-01-30 16:06 - 2013-01-30 16:06 - 00912712 ____A (Symantec Corporation) C:\Users\Pedro\Downloads\NBRT-Retail-Downloader.exe
2013-01-30 16:00 - 2013-01-30 16:01 - 00000000 ____D C:\Users\Pedro\Desktop\TV
2013-01-30 14:58 - 2013-02-02 16:27 - 00000000 ____D C:\Users\Pedro\Downloads\Norton Utilities 2013 16.0.0.126 Final + Crack
2013-01-30 13:31 - 2013-01-30 13:33 - 00021601 ____A C:\Users\Pedro\Desktop\MBRCheck_01.30.13_21.31.04.txt
2013-01-30 06:23 - 2013-01-30 06:27 - 621283886 ____A C:\Users\Pedro\Downloads\Hirens.BootCD.15.2.zip
2013-01-29 10:15 - 2013-01-29 10:15 - 00862664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2013-01-29 10:15 - 2013-01-29 10:15 - 00828872 ____A (Microsoft Corporation) C:\Windows\System32\msvcr110.dll
2013-01-29 10:15 - 2013-01-29 10:15 - 00661448 ____A (Microsoft Corporation) C:\Windows\System32\msvcp110.dll
2013-01-29 10:15 - 2013-01-29 10:15 - 00534480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2013-01-29 10:15 - 2013-01-29 10:15 - 00354264 ____A (Microsoft Corporation) C:\Windows\System32\vccorlib110.dll
2013-01-29 10:15 - 2013-01-29 10:15 - 00251864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll
2013-01-29 10:15 - 2013-01-29 10:15 - 00050800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\point64.sys


 

==================== One Month Modified Files and Folders =======


 

2013-02-28 00:13 - 2013-02-28 00:13 - 00000000 ____D C:\FRST
2013-02-27 17:28 - 2010-02-27 20:24 - 00000000 ____D C:\ProgramData\Recovery
2013-02-27 09:38 - 2009-10-16 16:47 - 00985870 ____A C:\Windows\PFRO.log
2013-02-27 09:36 - 2013-02-22 09:18 - 00003858 ____A C:\Windows\errord.log
2013-02-25 21:46 - 2013-02-25 21:46 - 00000000 ____D C:\NPE
2013-02-25 11:21 - 2009-10-16 16:28 - 01430380 ____A C:\Windows\WindowsUpdate.log
2013-02-25 10:52 - 2011-10-02 10:03 - 00001010 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-25 10:49 - 2012-09-11 03:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-25 04:52 - 2011-10-02 10:03 - 00001006 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-24 11:17 - 2010-12-27 16:58 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\vlc
2013-02-24 10:56 - 2012-11-25 01:43 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForPedro.job
2013-02-24 04:50 - 2013-02-02 16:40 - 00000288 ____A C:\Windows\Tasks\NUAutoUpdate.job
2013-02-24 04:50 - 2010-02-09 14:36 - 00161168 ____A C:\Users\Teresa\AppData\Local\GDIPFONTCACHEV1.DAT
2013-02-24 04:49 - 2012-07-25 08:10 - 00000340 ____A C:\Windows\Tasks\DriverScanner.job
2013-02-24 02:51 - 2010-03-29 15:19 - 00000000 ____D C:\Users\Pedro\AppData\Local\CrashDumps
2013-02-24 02:49 - 2009-07-13 20:45 - 00026192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-24 02:49 - 2009-07-13 20:45 - 00026192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-23 02:27 - 2009-07-13 18:34 - 00000533 ____A C:\Windows\win.ini
2013-02-23 02:26 - 2013-02-22 09:18 - 00000404 ____A C:\Windows\error.log
2013-02-23 02:26 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-23 02:26 - 2009-07-13 20:51 - 00449580 ____A C:\Windows\setupact.log
2013-02-22 09:40 - 2012-08-28 00:15 - 00000000 ___SD C:\Users\Pedro\Google Drive
2013-02-22 09:28 - 2013-02-22 09:17 - 00000000 ____D C:\Program Files (x86)\PM FASTrack v7
2013-02-22 09:22 - 2013-02-22 09:22 - 00001680 ____A C:\Windows\System32\esnecil.ind
2013-02-22 09:22 - 2013-02-22 09:22 - 00000004 ____A C:\Windows\vx86036.dat
2013-02-22 09:21 - 2013-02-22 09:21 - 00000000 ____D C:\ProgramData\CrypKey
2013-02-22 09:18 - 2013-02-22 09:18 - 00001098 ____A C:\Users\UpdatusUser\Desktop\PM FASTrack v7.lnk
2013-02-22 09:18 - 2013-02-22 09:18 - 00001098 ____A C:\Users\Teresa\Desktop\PM FASTrack v7.lnk
2013-02-22 09:18 - 2013-02-22 09:18 - 00001098 ____A C:\Users\Pedro\Desktop\PM FASTrack v7.lnk
2013-02-22 09:18 - 2013-02-22 09:18 - 00001098 ____A C:\Users\Convidado\Desktop\PM FASTrack v7.lnk
2013-02-22 09:18 - 2013-02-22 09:18 - 00000054 ____A C:\Windows\Crypkey.ini
2013-02-22 08:39 - 2013-02-22 08:39 - 00001755 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-02-22 08:38 - 2013-02-22 08:38 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-22 08:38 - 2013-02-22 08:38 - 00000000 ____D C:\Program Files\iTunes
2013-02-22 08:38 - 2013-02-22 08:38 - 00000000 ____D C:\Program Files\iPod
2013-02-22 06:44 - 2012-09-12 06:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-02-22 04:40 - 2011-05-21 10:25 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\uTorrent
2013-02-22 01:58 - 2013-02-21 17:18 - 904567958 ____A C:\Users\Pedro\Downloads\X-Art - Working Out Together - Kristen [1080p].mov
2013-02-21 17:26 - 2013-02-21 09:42 - 00000571 ____A C:\Users\Pedro\Desktop\Marc Dorcel Offertes a tout 05 - Hardcore sex video - Tube8.com.website
2013-02-21 09:43 - 2013-02-21 09:43 - 00000434 ____A C:\Users\Pedro\Desktop\Scommessa Fatale - Hardcore sex video - Tube8.com.website
2013-02-21 09:43 - 2013-02-21 09:43 - 00000422 ____A C:\Users\Pedro\Desktop\don tonino - Hardcore sex video - Tube8.com.website
2013-02-21 09:23 - 2013-02-20 13:45 - 00000507 ____A C:\Users\Pedro\Desktop\Coroebus's Videos  New  Page 5.website
2013-02-21 09:05 - 2010-04-23 14:59 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-02-21 06:32 - 2013-02-21 06:32 - 04189792 ____A (Piriform Ltd) C:\Users\Pedro\Downloads\ccsetup327.exe
2013-02-20 16:38 - 2013-02-20 16:38 - 46878744 ____A (Microsoft Corporation) C:\Users\Pedro\Downloads\IE10-Windows6.1-x64-pt-pt.exe
2013-02-20 14:58 - 2013-02-20 14:58 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-02-20 14:57 - 2010-07-03 00:23 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-02-20 14:57 - 2010-07-03 00:21 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-02-20 14:57 - 2009-10-16 17:39 - 00000000 ____D C:\ProgramData\NVIDIA
2013-02-20 13:51 - 2009-07-13 20:45 - 05347528 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-20 11:24 - 2013-02-20 11:23 - 226055376 ____A (NVIDIA Corporation) C:\Users\Pedro\Downloads\314.07-notebook-win8-win7-winvista-64bit-international-whql.exe
2013-02-20 11:22 - 2013-02-20 11:22 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-02-20 02:11 - 2010-01-02 17:54 - 00007653 ____A C:\Users\Pedro\AppData\Local\Resmon.ResmonCfg
2013-02-19 17:06 - 2013-02-19 17:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-19 17:02 - 2010-03-07 13:06 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\Skype
2013-02-19 16:10 - 2009-12-30 15:18 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\HpUpdate
2013-02-19 03:32 - 2009-12-30 15:11 - 00161168 ____A C:\Users\Pedro\AppData\Local\GDIPFONTCACHEV1.DAT
2013-02-19 03:32 - 2009-09-21 06:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-02-18 23:39 - 2012-04-21 10:13 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-18 23:39 - 2011-05-20 15:24 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-18 23:39 - 2009-09-21 07:21 - 00000000 ____D C:\ProgramData\Adobe
2013-02-18 04:31 - 2010-03-07 13:06 - 00000000 ____D C:\ProgramData\Skype
2013-02-18 04:30 - 2012-08-26 15:59 - 00002545 ____A C:\Users\Public\Desktop\Skype.lnk
2013-02-18 04:30 - 2012-08-26 15:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-02-18 02:45 - 2010-01-19 17:18 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\PrimoPDF
2013-02-18 02:02 - 2012-06-11 16:23 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\Samsung
2013-02-18 02:02 - 2012-06-11 16:22 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-02-17 12:42 - 2009-09-21 14:06 - 00682480 ____A C:\Windows\System32\prfh0816.dat
2013-02-17 12:42 - 2009-09-21 14:06 - 00134830 ____A C:\Windows\System32\prfc0816.dat
2013-02-17 12:42 - 2009-07-13 21:13 - 01546290 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-17 10:37 - 2012-11-15 03:22 - 00000450 ____A C:\Users\Pedro\Desktop\Fujinet.website
2013-02-16 16:44 - 2009-09-21 05:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-02-16 16:42 - 2009-09-21 05:17 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-02-16 16:41 - 2013-02-16 16:41 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-02-15 05:45 - 2013-02-15 05:45 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-02-15 05:45 - 2013-02-15 05:45 - 00000000 __SHD C:\Users\UpdatusUser\Os meus documentos
2013-02-15 05:45 - 2013-02-15 05:45 - 00000000 __SHD C:\Users\UpdatusUser\Modelos
2013-02-15 05:45 - 2013-02-15 05:45 - 00000000 __SHD C:\Users\UpdatusUser\Menu Iniciar
2013-02-15 05:45 - 2013-02-15 05:45 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Os meus vídeos
2013-02-15 05:45 - 2013-02-15 05:45 - 00000000 __SHD C:\Users\UpdatusUser\Documents\As minhas imagens
2013-02-15 05:45 - 2013-02-15 05:45 - 00000000 __SHD C:\Users\UpdatusUser\Documents\A minha música
2013-02-15 05:45 - 2013-02-15 05:45 - 00000000 __SHD C:\Users\UpdatusUser\Definições locais
2013-02-15 05:45 - 2013-02-15 05:45 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Histórico
2013-02-13 16:20 - 2012-09-27 06:47 - 00000000 ____D C:\Users\Pedro\Desktop\Links por ver
2013-02-13 08:32 - 2010-02-14 18:23 - 00000020 ____H C:\ProgramData\PKP_DLbx.DAT
2013-02-12 16:14 - 2009-12-30 15:34 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-12 16:00 - 2013-02-12 16:00 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-02-09 19:25 - 2013-02-20 14:54 - 26947360 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-02-09 19:25 - 2013-02-20 14:54 - 25256736 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-02-09 19:25 - 2013-02-20 14:54 - 20534560 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-02-09 19:25 - 2013-02-20 14:54 - 17987192 ____A C:\Windows\System32\nvd3dumx.dll
2013-02-09 19:25 - 2013-02-20 14:54 - 17560352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-02-09 19:25 - 2013-02-20 14:54 - 15038296 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-02-09 19:25 - 2013-02-20 14:54 - 12862400 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-02-09 19:25 - 2013-02-20 14:54 - 11040544 ____A C:\Windows\System32\Drivers\nvlddmkm.sys
2013-02-09 19:25 - 2013-02-20 14:54 - 09422672 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-02-09 19:25 - 2013-02-20 14:54 - 07964680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-02-09 19:25 - 2013-02-20 14:54 - 07569184 ____A C:\Windows\System32\nvopencl.dll
2013-02-09 19:25 - 2013-02-20 14:54 - 06267240 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-02-09 19:25 - 2013-02-20 14:54 - 02911008 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-02-09 19:25 - 2013-02-20 14:54 - 02726176 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-02-09 19:25 - 2013-02-20 14:54 - 02528840 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-02-09 19:25 - 2013-02-20 14:54 - 02350368 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-02-09 19:25 - 2013-02-20 14:54 - 01990944 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-02-09 19:25 - 2013-02-20 14:54 - 01807136 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco6420294.dll
2013-02-09 19:25 - 2013-02-20 14:54 - 01510176 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6420162.dll
2013-02-09 19:25 - 2010-07-03 00:20 - 00017738 ____A C:\Windows\System32\nvinfo.pb
2013-02-09 19:25 - 2009-07-23 14:01 - 15275744 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-02-09 19:25 - 2009-07-23 14:01 - 02854344 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2013-02-09 17:04 - 2010-06-07 08:21 - 06393120 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-02-09 17:04 - 2010-06-07 08:21 - 03472672 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-02-09 17:04 - 2010-06-07 08:21 - 02555680 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-02-09 17:04 - 2010-06-07 08:21 - 00877856 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-02-09 17:04 - 2010-06-07 08:21 - 00237856 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-02-09 17:04 - 2009-07-23 06:40 - 00063776 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-02-08 09:07 - 2010-02-15 14:51 - 00000020 ____H C:\ProgramData\PKP_DLdu.DAT
2013-02-08 03:46 - 2010-03-06 08:47 - 00000000 ____D C:\Users\Pedro\Documents\Pessoal
2013-02-07 11:49 - 2013-02-03 14:10 - 00061386 ____A C:\Windows\SysWOW64\AppLog.log
2013-02-07 10:09 - 2013-02-07 10:09 - 00001853 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-02-07 10:09 - 2013-02-07 10:09 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-02-07 06:22 - 2013-02-07 06:21 - 00000000 ____D C:\Users\Pedro\Downloads\Arcade Fire [Discography]
2013-02-07 04:20 - 2010-09-06 14:33 - 00000000 ____D C:\Users\Pedro\Documents\Madalena
2013-02-07 04:16 - 2012-09-28 03:38 - 00000000 ____D C:\Users\Pedro\Documents\Minhas digitalizações
2013-02-06 08:14 - 2013-02-06 08:14 - 00000000 ____A C:\Users\Pedro\Desktop\Novo Documento de Texto.txt
2013-02-06 08:00 - 2011-03-07 14:40 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2013-02-06 07:57 - 2011-03-07 14:40 - 00002312 ____A C:\Users\Public\Desktop\Norton 360.lnk
2013-02-05 14:54 - 2013-02-05 11:36 - 00000785 ____A C:\Users\Pedro\Desktop\Róisín Murphy - Simulation (OFFICIAL VIDEO) [HD] - YouTube.website
2013-02-05 04:16 - 2010-08-01 02:44 - 00000000 ____D C:\users\Convidado
2013-02-05 04:16 - 2010-02-09 14:35 - 00000000 ____D C:\users\Teresa
2013-02-04 07:10 - 2013-02-04 01:22 - 00000000 ____D C:\ProgramData\iolo
2013-02-04 07:08 - 2013-02-03 02:14 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\Norton Utilities 16
2013-02-04 06:25 - 2013-02-04 06:25 - 18104320 ____A C:\Users\Pedro\s-1-5-21-4203615034-718385012-1651184523-1000.rrr
2013-02-04 06:25 - 2013-02-04 06:25 - 04911104 ____A C:\Users\Teresa\s-1-5-21-4203615034-718385012-1651184523-1003.rrr
2013-02-04 06:25 - 2013-02-04 06:25 - 01716224 ____A C:\Users\Convidado\s-1-5-21-4203615034-718385012-1651184523-501.rrr
2013-02-04 06:25 - 2013-02-03 16:21 - 116989952 ____A C:\Windows\System32\config\software.rrr
2013-02-04 06:25 - 2009-12-30 15:07 - 00000000 ____D C:\users\Pedro
2013-02-04 06:17 - 2013-02-04 06:17 - 04808704 ____A C:\Windows\System32\config\default.rrr
2013-02-04 01:43 - 2013-02-04 01:43 - 00000406 ____A C:\Windows\System32\ioloBootDefrag.cfg
2013-02-04 01:43 - 2013-02-04 01:22 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\iolo
2013-02-04 01:41 - 2013-02-04 01:41 - 00002225 ____A C:\Users\Pedro\Desktop\System Mechanic.lnk
2013-02-04 01:41 - 2013-02-04 01:41 - 00000000 ____D C:\Program Files (x86)\iolo
2013-02-04 01:36 - 2013-02-04 01:36 - 00074703 ____A C:\Windows\SysWOW64\mfc45.dat
2013-02-04 01:26 - 2013-02-04 01:26 - 00000000 ____D C:\iolo
2013-02-04 01:22 - 2013-02-04 01:22 - 00074703 ____A C:\Windows\SysWOW64mfc45.dll
2013-02-03 09:23 - 2013-02-03 08:55 - 1554970624 ____A C:\Users\Pedro\Desktop\Festa Natal FAV2012.mpg
2013-02-03 08:02 - 2011-11-24 08:25 - 00000649 ____A C:\Users\Pedro\Desktop\VÍDEOS NÃO VISTOS - Atalho.lnk
2013-02-02 16:40 - 2013-02-02 16:40 - 00000000 ____D C:\Users\Pedro\Documents\Norton Utilities 16
2013-02-02 16:40 - 2010-11-12 07:35 - 04063232 ____A C:\Users\Pedro\Documents\my money.mny
2013-02-02 16:39 - 2013-02-02 16:39 - 00000064 ____A C:\Users\Pedro\Documents\my money.lrd
2013-02-02 16:28 - 2013-02-02 16:28 - 00001221 ____A C:\Users\Public\Desktop\Norton Utilities 16.lnk
2013-02-02 16:28 - 2013-02-02 16:28 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\Product_NU16
2013-02-02 16:28 - 2009-09-21 06:35 - 00000000 ____D C:\ProgramData\Symantec
2013-02-02 16:28 - 2009-09-21 06:35 - 00000000 ____D C:\Program Files (x86)\Symantec
2013-02-02 16:27 - 2013-01-30 14:58 - 00000000 ____D C:\Users\Pedro\Downloads\Norton Utilities 2013 16.0.0.126 Final + Crack
2013-02-01 15:36 - 2013-02-01 15:36 - 00000000 ____D C:\Download
2013-01-31 04:59 - 2013-01-31 04:59 - 00001211 ____A C:\Users\Pedro\Desktop\SyncBackPro.lnk
2013-01-31 04:59 - 2010-08-26 15:40 - 00000000 ____D C:\Program Files (x86)\2BrightSparks
2013-01-30 16:51 - 2010-04-23 15:10 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\Media Player Classic
2013-01-30 16:40 - 2013-01-30 16:33 - 14625436 ____A C:\Users\Pedro\Downloads\SyncBackPro_6.3.7.0 (1).rar
2013-01-30 16:28 - 2012-06-07 00:38 - 00000000 ____D C:\Users\Pedro\AppData\Local\NPE
2013-01-30 16:25 - 2013-01-30 16:24 - 00000000 ____D C:\Program Files (x86)\Norton Power Eraser
2013-01-30 16:15 - 2009-09-21 05:33 - 00000000 ____D C:\ProgramData\Norton
2013-01-30 16:10 - 2013-01-30 16:10 - 00000000 ____D C:\Windows\System32\Drivers\NBRTWizardx64
2013-01-30 16:10 - 2013-01-30 16:10 - 00000000 ____D C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2013-01-30 16:09 - 2013-01-30 16:09 - 00912712 ____A (Symantec Corporation) C:\Users\Pedro\Downloads\NBRT-Retail-Downloader(2).exe
2013-01-30 16:09 - 2013-01-30 16:09 - 00912712 ____A (Symantec Corporation) C:\Users\Pedro\Downloads\NBRT-Retail-Downloader(1).exe
2013-01-30 16:09 - 2013-01-30 16:06 - 00001266 ____A C:\Users\Pedro\Desktop\Norton Download Manager.lnk
2013-01-30 16:09 - 2011-03-07 00:49 - 00001394 ____A C:\Users\Pedro\Desktop\Norton Installation Files.lnk
2013-01-30 16:06 - 2013-01-30 16:06 - 00912712 ____A (Symantec Corporation) C:\Users\Pedro\Downloads\NBRT-Retail-Downloader.exe
2013-01-30 16:06 - 2011-03-07 00:49 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-01-30 16:01 - 2013-01-30 16:00 - 00000000 ____D C:\Users\Pedro\Desktop\TV
2013-01-30 13:33 - 2013-01-30 13:31 - 00021601 ____A C:\Users\Pedro\Desktop\MBRCheck_01.30.13_21.31.04.txt
2013-01-30 08:27 - 2010-03-03 13:56 - 00001880 ____A C:\UsbRecovery.log
2013-01-30 06:27 - 2013-01-30 06:23 - 621283886 ____A C:\Users\Pedro\Downloads\Hirens.BootCD.15.2.zip
2013-01-30 06:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-01-29 10:15 - 2013-01-29 10:15 - 00862664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2013-01-29 10:15 - 2013-01-29 10:15 - 00828872 ____A (Microsoft Corporation) C:\Windows\System32\msvcr110.dll
2013-01-29 10:15 - 2013-01-29 10:15 - 00661448 ____A (Microsoft Corporation) C:\Windows\System32\msvcp110.dll
2013-01-29 10:15 - 2013-01-29 10:15 - 00534480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2013-01-29 10:15 - 2013-01-29 10:15 - 00354264 ____A (Microsoft Corporation) C:\Windows\System32\vccorlib110.dll
2013-01-29 10:15 - 2013-01-29 10:15 - 00251864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll
2013-01-29 10:15 - 2013-01-29 10:15 - 00050800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\point64.sys


 

==================== Known DLLs (Whitelisted) =================


 


==================== Bamital & volsnap Check =================


 

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


 

==================== EXE ASSOCIATION =====================


 

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK


 

==================== Restore Points  =========================


 

Restore point made on: 2013-02-18 01:58:35
Restore point made on: 2013-02-20 11:15:32
Restore point made on: 2013-02-20 11:20:07


 

==================== Memory info ===========================


 

Percentage of memory in use: 14%
Total physical RAM: 6134.89 MB
Available physical RAM: 5224.64 MB
Total Pagefile: 6133.04 MB
Available Pagefile: 5223.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB


 

==================== Partitions =============================


 

1 Drive c: (OS) (Fixed) (Total:282.7 GB) (Free:4.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:298.09 GB) (Free:44.38 GB) NTFS
3 Drive f: (RECOVERY) (Fixed) (Total:15.1 GB) (Free:2.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (HBCD 15.2) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS
6 Drive i: (USB DISK) (Removable) (Total:7.44 GB) (Free:7.44 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]


 

  Disco N§  Estado         Tamanho  Livre    Din  Gpt
  --------  -------------  -------  -------  ---  ---
  Disco 0    Online          298 GB      0 B        
  Disco 1    Online          298 GB      0 B        
  Disco 2    Online         7640 MB      0 B        


 

Partitions of Disk 0:
===============


 

ID do Disco: 1FCE4990


 

  Parti‡ao  N§.  Tipo              Tam      Desl
  -------------  ----------------  -------  -------
  Parti‡ao 1    Principal          199 MB  1024 KB
  Parti‡ao 2    Principal          282 GB   200 MB
  Parti‡ao 3    Principal           15 GB   282 GB
  Parti‡ao 4    Principal          103 MB   297 GB


 

==================================================================================


 

Disk: 0
Parti‡ao 1
Tipo  : 07
Oculto: Nao
Activo: Sim
Deslocamento em Bytes: 1048576


 

  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 1     Y   SYSTEM       NTFS   Parti‡ao     199 MB  Bom Estad         


 

=========================================================


 

Disk: 0
Parti‡ao 2
Tipo  : 07
Oculto: Nao
Activo: Nao
Deslocamento em Bytes: 209715200


 

  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 2     C   OS           NTFS   Parti‡ao     282 GB  Bom Estad         


 

=========================================================


 

Disk: 0
Parti‡ao 3
Tipo  : 07
Oculto: Nao
Activo: Nao
Deslocamento em Bytes: 303751495680


 

  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 3     F   RECOVERY     NTFS   Parti‡ao      15 GB  Bom Estad         


 

=========================================================


 

Disk: 0
Parti‡ao 4
Tipo  : 0C
Oculto: Nao
Activo: Nao
Deslocamento em Bytes: 319963529216


 

  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 4     G   HP_TOOLS     FAT32  Parti‡ao     103 MB  Bom Estad         


 

=========================================================


 

Partitions of Disk 1:
===============


 

ID do Disco: 1C663B89


 

  Parti‡ao  N§.  Tipo              Tam      Desl
  -------------  ----------------  -------  -------
  Parti‡ao 1    Principal          298 GB  1024 KB


 

==================================================================================


 

Disk: 1
Parti‡ao 1
Tipo  : 07
Oculto: Nao
Activo: Nao
Deslocamento em Bytes: 1048576


 

  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 5     D   DATA         NTFS   Parti‡ao     298 GB  Bom Estad         


 

=========================================================


 

Partitions of Disk 2:
===============


 

ID do Disco: C3072E18


 

  Parti‡ao  N§.  Tipo              Tam      Desl
  -------------  ----------------  -------  -------
  Parti‡ao 1    Principal         7636 MB  4032 KB


 

==================================================================================


 

Disk: 2
Parti‡ao 1
Tipo  : 0B
Oculto: Nao
Activo: Sim
Deslocamento em Bytes: 4128768


 

  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 6     I   USB DISK     FAT32  Amov¡vel    7636 MB  Bom Estad         


 

=========================================================


 

Last Boot: 2013-02-24 16:06


 

==================== End Of Log =============================



#4 pespecial

pespecial
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lisbon, Portugal
  • Local time:08:30 PM

Posted 27 February 2013 - 07:34 PM

Just 2 more things I forgot earlier

 

1) I ran a WD tool in HBCD and found no bad sectors in OS drive

 

2) Since a few days before my problem, I got an Adobe Flash update that kept poping up in he left top corner, but closing so fast I could never reach it in time. And the process would repeat over and over. I ignored that a the time, and perhaps shouldn´t have...

 

Kind regards

 

Pedro



#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:30 PM

Posted 27 February 2013 - 07:58 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
start
HKLM-x32\...\Run: []  [x]
HKU\Pedro\...\Run: []  [x]
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
2013-01-30 14:58 - 2013-02-02 16:27 - 00000000 ____D C:\Users\Pedro\Downloads\Norton Utilities 2013 16.0.0.126 Final + Crack
end
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.



NEXT


Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
  • NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.



Edited by CatByte, 27 February 2013 - 07:58 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 pespecial

pespecial
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lisbon, Portugal
  • Local time:08:30 PM

Posted 27 February 2013 - 08:36 PM

Hi,

 

Here goes the fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-02-2013 01
Ran by SYSTEM at 2013-02-28 01:26:52 Run:1
Running from I:\


 

==============================================


 

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_USERS\Pedro\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.
C:\Users\Pedro\Downloads\Norton Utilities 2013 16.0.0.126 Final + Crack moved successfully.


 

==== End of Fixlog ====

 

 

NEXT, I rebooted normally as you said, and got the BSOD again........

 

So I can't do the Combofix step.

 

I'll wait for further orders.



#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:30 PM

Posted 27 February 2013 - 08:41 PM

see if you can boot into safemode with networking:


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with networking
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 pespecial

pespecial
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lisbon, Portugal
  • Local time:08:30 PM

Posted 27 February 2013 - 08:45 PM

Hi,

 

Done it.

BSOD again.



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:30 PM

Posted 27 February 2013 - 08:54 PM

see if there is a previous restore point you can revert to prior to this occurring:
  • Restart the computer > tap F8 repeatedly to boot into the Advanced Boot Options screen
  • Select Repair your computer and press Enter
  • Select your keyboard language preferences and click on Next
  • Select your user name and type in the password, and then click on OK (if there is no password set, just hit enter)
  • On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • System Image Recovery
    • Windows Memory Diagnostic
    • Command Prompt

  • Select System Restore, click on the Next button
  • Select a restore point in the list of restore points available(choose the closest restore point prior to when the issues began)
  • NOTE: Check the Show other restore points box to see any restore points (older) that may not be listed there.
  • your computer should now restore to the chosen restore point
  • this doesn't appear to be a malware problem, it appears the machine didn't shut down properly and now there is some type of corruption

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 pespecial

pespecial
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lisbon, Portugal
  • Local time:08:30 PM

Posted 27 February 2013 - 09:07 PM

I had tried system restore before, from several points, and Win7 says it can't restore... haven't got a clue why...

 

You say may be corruption, but what about all those Malware.Packer.Gen that Malwarebytes found?



#11 pespecial

pespecial
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lisbon, Portugal
  • Local time:08:30 PM

Posted 27 February 2013 - 09:09 PM

Just finished again. Unsucessfull.

Says it cannot analyse file system on E:\. Unspecified error (0x8000ffff)



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:30 PM

Posted 27 February 2013 - 09:25 PM

E:\ is likely your USB drive

the hard drive is likely represented as D:\ in the recovery environment

as the detections were in the I386 folder, I suspect false positives from MBAM

what happens when you try "start up repair"?
  • Restart the computer > tap F8 repeatedly to boot into the Advanced Boot Options screen
  • Select Repair your computer and press Enter
  • Select your keyboard language preferences and click on Next
  • Select your user name and type in the password, and then click on OK (if there is no password set, just hit enter)
  • On the System Recovery Options menu you will get the following options:
    • Startup Repair
    • System Restore
    • System Image Recovery
    • Windows Memory Diagnostic
    • Command Prompt
  • Select Startup Repair, click on the Next button
  • allow startup repair to continue
  • Hopefully it will complete and allow you to boot without issues.

    If not, do the following:

    Run a disk check for errors.
    • Use F8 at startup or your to get to Advanced Boot Options.
    • Select "Repair your computer".
    • On the system recovery options select command prompt.
    • Type the following and press Enter:

      chkdsk c: /f

      (note spaces between chkdsk and /f and c:)
    • Please wait until the check is done.
    Now see if you are able to boot properly

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 pespecial

pespecial
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lisbon, Portugal
  • Local time:08:30 PM

Posted 28 February 2013 - 08:28 AM

I have 2 Hard drives, so E:\ is the OS partition in my case.

 

Startup Repair doesn't work, also.

 

chkdsk c: /f OK

chkdsk d: /f OK

chkdsk e: /f OK

 

Isn´t there any way to log the startup process so that I'm able to check what the computer was doing the second the BSOD appears?


Edited by pespecial, 28 February 2013 - 09:08 AM.


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:30 PM

Posted 28 February 2013 - 11:20 AM

are you able to get to your desktop at all, or does the system crash prior to loading the desktop, there are various ways to log the process but without being able to logon at all, it is more difficult

ah yes, I see you have XP installed as well. Are you unable to boot into either HD?

please run the following:
  • Download ListParts64 to a USB flash drive.
  • Plug the USB drive into the infected machine.
  • Boot your computer into Recovery Environment
    • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
    • Select Repair your computer.
    • Select Language and click Next
    • Enter password (if necessary) and click OK, you should now see the screen below ...
    W7InstallDisk2.png
    • Select the Command Prompt option.
    • A command window will open.
      • Type notepad then hit Enter.
      • Notepad will open.
        • Click File > Open then select Computer.
        • Note down the drive letter for your USB Drive.
        • Close Notepad.
    • Back in the command window ....
      • Type e:\listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
      • ListParts will start to run.
        • Press the Scan button.
        • When finished scanning it will make a log Result.txt on the flash drive.
    • Close the command window.
    • Boot back into normal mode and post me the Result.txt log please.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 pespecial

pespecial
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lisbon, Portugal
  • Local time:08:30 PM

Posted 28 February 2013 - 01:18 PM

Hi!

 

Following your last post,

 

1) I must clarify the OS issue:

 

a - I have only Win7 installed in my "broken" laptop

 

b - In that laptop I have Hiren´s Boot CD, which I have used to boot to the MiniXP included, and perform Malware checks and disk integrity checks in the broken one

 

c - Side by side I have a second, older, laptor with good old XP installed. This one I'm using to commnicate with you a to download necessary files

 

 

2) In the past hours I ran also chkdsk e: /r in the broken laptop and found no bad sectors at all, though at some times chqdsk would be quite slow.

 

3) Answering your question, no, I cannot access the Desktop. Computer always reaches BSOD before that.

 

4) Don't kow if it's useful, but the first time the computer crashed when booting and the BSOD appeared, a few days ago, the error was at hiberfil.sys. That file was never reported since.

 

The next times, when I booted with Hiren's and tried to run antivirus in my OS drive (e:), the scan would start but the BSOD would appear after some time, reporting error in the ntfs.sys

 

4) here goes 2 results.txt. One the with list BCD checked and another with list BCD unchecked. Tell me if you need translation of anything.

 

CHECKED

 

ListParts by Farbar Version: 16-01-2013
Ran by SYSTEM (administrator) on 28-02-2013 at 18:03:51
Windows 7 (X64)
Running From: I:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6134.89 MB
Available physical RAM: 5412.01 MB
Total Pagefile: 6133.04 MB
Available Pagefile: 5389.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:298.09 GB) (Free:41.89 GB) NTFS
3 Drive e: (OS) (Fixed) (Total:282.7 GB) (Free:4.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (RECOVERY) (Fixed) (Total:15.1 GB) (Free:2.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
6 Drive h: (HBCD 15.2) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS
7 Drive i: (USB DISK) (Removable) (Total:7.44 GB) (Free:7.44 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disco N§  Estado         Tamanho  Livre    Din  Gpt
  --------  -------------  -------  -------  ---  ---
  Disco 0    Online          298 GB      0 B         
  Disco 1    Online          298 GB      0 B         
  Disco 2    Online         7640 MB      0 B         

Partitions of Disk 0:
===============

ID do Disco: 1FCE4990

  Parti‡ao  N§.  Tipo              Tam      Desl
  -------------  ----------------  -------  -------
  Parti‡ao 1    Principal          199 MB  1024 KB
  Parti‡ao 2    Principal          282 GB   200 MB
  Parti‡ao 3    Principal           15 GB   282 GB
  Parti‡ao 4    Principal          103 MB   297 GB

======================================================================================================

Disk: 0
Parti‡ao 1
Tipo  : 07
Oculto: Nao
Activo: Sim
Deslocamento em Bytes: 1048576

  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 1     C   SYSTEM       NTFS   Parti‡ao     199 MB  Bom Estad          

======================================================================================================

Disk: 0
Parti‡ao 2
Tipo  : 07
Oculto: Nao
Activo: Nao
Deslocamento em Bytes: 209715200

  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 2     E   OS           NTFS   Parti‡ao     282 GB  Bom Estad          

======================================================================================================

Disk: 0
Parti‡ao 3
Tipo  : 07
Oculto: Nao
Activo: Nao
Deslocamento em Bytes: 303751495680

  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 3     F   RECOVERY     NTFS   Parti‡ao      15 GB  Bom Estad          

======================================================================================================

Disk: 0
Parti‡ao 4
Tipo  : 0C
Oculto: Nao
Activo: Nao
Deslocamento em Bytes: 319963529216

  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 4     G   HP_TOOLS     FAT32  Parti‡ao     103 MB  Bom Estad          

======================================================================================================

Partitions of Disk 1:
===============

ID do Disco: 1C663B89

  Parti‡ao  N§.  Tipo              Tam      Desl
  -------------  ----------------  -------  -------
  Parti‡ao 1    Principal          298 GB  1024 KB

======================================================================================================

Disk: 1
Parti‡ao 1
Tipo  : 07
Oculto: Nao
Activo: Nao
Deslocamento em Bytes: 1048576

  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 5     D   DATA         NTFS   Parti‡ao     298 GB  Bom Estad          

======================================================================================================

Partitions of Disk 2:
===============

ID do Disco: C3072E18

  Parti‡ao  N§.  Tipo              Tam      Desl
  -------------  ----------------  -------  -------
  Parti‡ao 1    Principal         7636 MB  4032 KB

======================================================================================================

Disk: 2
Parti‡ao 1
Tipo  : 0B
Oculto: Nao
Activo: Sim
Deslocamento em Bytes: 4128768

  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 6     I   USB DISK     FAT32  Amov¡vel    7636 MB  Bom Estad          

======================================================================================================

Gestor de Arranque do Windows
-----------------------------
identificador           {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  pt-PT
inherit                 {globalsettings}
extendedinput           Yes
default                 {default}
resumeobject            {f04f848d-78e1-11de-b692-abbf25df600e}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {current}

Carregador de Arranque do Windows
---------------------------------
identificador           {572bcd60-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             Microsoft Windows PE 2.0
osdevice                ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
detecthal               Yes
winpe                   Yes
ems                     Yes

Carregador de Arranque do Windows
---------------------------------
identificador           {current}
device                  ramdisk=[F:]\Recovery\WindowsRE\Winre.wim,{d0d1c0ad-bafd-11de-91ac-de781ba74943}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[F:]\Recovery\WindowsRE\Winre.wim,{d0d1c0ad-bafd-11de-91ac-de781ba74943}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Carregador de Arranque do Windows
---------------------------------
identificador           {default}
device                  partition=E:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  pt-PT
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=E:
systemroot              \Windows
resumeobject            {f04f848d-78e1-11de-b692-abbf25df600e}
nx                      OptIn
bootlog                 No

Retomar de Hibernar
-------------------
identificador           {f04f848d-78e1-11de-b692-abbf25df600e}
device                  partition=E:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  pt-PT
inherit                 {resumeloadersettings}
filedevice              partition=E:
filepath                \hiberfil.sys
debugoptionenabled      No

Teste de Mem¢ria do Windows
---------------------------
identificador           {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  pt-PT
inherit                 {globalsettings}
badmemoryaccess         Yes

Defini‡oes de EMS
-----------------
identificador           {emssettings}
bootems                 Yes

Defini‡oes de Depurador
-----------------------
identificador           {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

Defeitos de RAM
---------------
identificador           {badmemory}

Defini‡oes Globais
------------------
identificador           {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Defini‡oes de Carregador de Arranque
------------------------------------
identificador           {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Defini‡oes de Hipervisor
-------------------
identificador           {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Defini‡oes de Carregador de Prosseguimento
------------------------------------------
identificador           {resumeloadersettings}
inherit                 {globalsettings}

Op‡oes de Configura‡ao de Ramdisk
---------------------------------
identificador           {ramdiskoptions}
description             Ramdisk Options
ramdisksdidevice        boot
ramdisksdipath          \boot\boot.sdi

Op‡oes de dispositivo
---------------------
identificador           {d0d1c0ad-bafd-11de-91ac-de781ba74943}
description             Ramdisk Options
ramdisksdidevice        partition=F:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi


****** End Of Log ******

 

UNCHECKED

 

ListParts by Farbar Version: 16-01-2013
Ran by SYSTEM (administrator) on 28-02-2013 at 18:13:19
Windows 7 (X64)
Running From: I:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6134.89 MB
Available physical RAM: 5426.53 MB
Total Pagefile: 6133.04 MB
Available Pagefile: 5413.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:298.09 GB) (Free:41.89 GB) NTFS
3 Drive e: (OS) (Fixed) (Total:282.7 GB) (Free:4.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (RECOVERY) (Fixed) (Total:15.1 GB) (Free:2.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
6 Drive h: (HBCD 15.2) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS
7 Drive i: (USB DISK) (Removable) (Total:7.44 GB) (Free:7.44 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disco N§  Estado         Tamanho  Livre    Din  Gpt
  --------  -------------  -------  -------  ---  ---
  Disco 0    Online          298 GB      0 B         
  Disco 1    Online          298 GB      0 B         
  Disco 2    Online         7640 MB      0 B         

Partitions of Disk 0:
===============

ID do Disco: 1FCE4990

  Parti‡ao  N§.  Tipo              Tam      Desl
  -------------  ----------------  -------  -------
  Parti‡ao 1    Principal          199 MB  1024 KB
  Parti‡ao 2    Principal          282 GB   200 MB
  Parti‡ao 3    Principal           15 GB   282 GB
  Parti‡ao 4    Principal          103 MB   297 GB

======================================================================================================

Disk: 0
Parti‡ao 1
Tipo  : 07
Oculto: Nao
Activo: Sim
Deslocamento em Bytes: 1048576

  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 1     C   SYSTEM       NTFS   Parti‡ao     199 MB  Bom Estad          

======================================================================================================

Disk: 0
Parti‡ao 2
Tipo  : 07
Oculto: Nao
Activo: Nao
Deslocamento em Bytes: 209715200

  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 2     E   OS           NTFS   Parti‡ao     282 GB  Bom Estad          

======================================================================================================

Disk: 0
Parti‡ao 3
Tipo  : 07
Oculto: Nao
Activo: Nao
Deslocamento em Bytes: 303751495680

  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 3     F   RECOVERY     NTFS   Parti‡ao      15 GB  Bom Estad          

======================================================================================================

Disk: 0
Parti‡ao 4
Tipo  : 0C
Oculto: Nao
Activo: Nao
Deslocamento em Bytes: 319963529216

  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 4     G   HP_TOOLS     FAT32  Parti‡ao     103 MB  Bom Estad          

======================================================================================================

Partitions of Disk 1:
===============

ID do Disco: 1C663B89

  Parti‡ao  N§.  Tipo              Tam      Desl
  -------------  ----------------  -------  -------
  Parti‡ao 1    Principal          298 GB  1024 KB

======================================================================================================

Disk: 1
Parti‡ao 1
Tipo  : 07
Oculto: Nao
Activo: Nao
Deslocamento em Bytes: 1048576

  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 5     D   DATA         NTFS   Parti‡ao     298 GB  Bom Estad          

======================================================================================================

Partitions of Disk 2:
===============

ID do Disco: C3072E18

  Parti‡ao  N§.  Tipo              Tam      Desl
  -------------  ----------------  -------  -------
  Parti‡ao 1    Principal         7636 MB  4032 KB

======================================================================================================

Disk: 2
Parti‡ao 1
Tipo  : 0B
Oculto: Nao
Activo: Sim
Deslocamento em Bytes: 4128768

  Volume N§.  Ltr  Etiq         Sf     Tipo        Tam      Est        Info
  ----------  ---  -----------  -----  ----------  -------  ---------  -------
* Volume 6     I   USB DISK     FAT32  Amov¡vel    7636 MB  Bom Estad          

======================================================================================================

****** End Of Log ******


Edited by pespecial, 28 February 2013 - 01:59 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users