Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer won't start, black screen and cursor, no response to CTRL-ALT-DEL


  • This topic is locked This topic is locked
31 replies to this topic

#1 Unetwork

Unetwork

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Skopje Amsterdam
  • Local time:07:45 PM

Posted 14 November 2013 - 09:04 PM

Hello my name is Peter from Holland hope to learn a lot here

 

OK I tried everything whats in the other persons topic, still having the black screen with only the cursor

 

 

Moderator edit: Moved from Introductions and edited title.

Problem appears to be what is in the title.

Reference here.

Roger


Edited by Queen-Evie, 17 November 2013 - 12:15 PM.
moved from Windows 7 as requested by bloopie


BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:45 PM

Posted 17 November 2013 - 12:01 PM

Hello Peter, and welcome to Bleeping Computer! :)

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:
  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • Please do not run any other tools without my instruction to do so!
==========

On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html




To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========


Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens, be sure to put a checkmark in the box next to List BCD in the "Optional Scan" section, and click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
bloopie

#3 Unetwork

Unetwork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Skopje Amsterdam
  • Local time:07:45 PM

Posted 17 November 2013 - 07:01 PM

Hi and thanks for the reply, I tried each and every step and did a deep virus scan with lots of software in CMD with a boot CD and DVD Windows install 7 64

Nothing helped, still the black screen is here.
Checked if the bios is wrong or infected and put another HDD with Windows 7 inside and my laptop (DEL Inspiron 1525) boots normal.

This is a old instalation as for a year ago I got another HDD with the same OS inside and until 2 weeks ago all was fine.
Have a great Avast and Zonelarm firewall installed.

Here is the log:

 

can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2013

Ran by SYSTEM on MININT-HDVHFF5 on 15-11-2013 03:21:57
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe [425984 2008-02-15] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-01-27] (Power Software Ltd)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-08-12] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKU\Peter\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKU\Peter\...\Run: [VoipBuster] - C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe [19569472 2013-10-23] (VoipBuster)
 
==================== Services (Whitelisted) =================
 
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [86016 2007-09-20] (Andrea Electronics Corporation)
S2 CertifiedBrowserService; C:\Users\Peter\AppData\Roaming\GVU Technologies\YouTube Downloader\CertifiedBrowserService.exe [103936 2013-04-11] ()
S2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
S2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S2 Serviio; C:\Serviio\bin\ServiioService.exe [354816 2013-03-22] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe [122880 2008-02-15] (IDT, Inc.)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-08-12] (Check Point Software Technologies LTD)
S2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-17] (Check Point Software Technologies, Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
S2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
S3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [266624 2007-10-10] (Creative Technology Ltd.)
S3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
S1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)
S0 KL1; 
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-15 02:44 - 2013-11-15 02:44 - 00000000 ____D C:\FRST
2013-11-14 00:44 - 2013-11-14 00:44 - 00000000 ____D C:\MSIcdff3.tmp
2013-11-14 00:44 - 2013-11-14 00:44 - 00000000 ____D C:\MSIcdfeb.tmp
2013-11-14 00:43 - 2013-11-14 00:43 - 00000000 ____D C:\_386658_
2013-11-14 00:40 - 2013-11-14 00:40 - 00000000 ____D C:\MSIcdfe4.tmp
2013-11-14 00:40 - 2013-11-14 00:40 - 00000000 ____D C:\_173124_
2013-11-14 00:34 - 2013-11-14 00:34 - 00000000 ____D C:\MSIcdfdd.tmp
2013-11-13 08:56 - 2013-11-13 08:56 - 00000000 _____ C:\Windows\System32\config\SOFTWARE11e7f2d3
2013-11-13 07:23 - 2013-11-13 07:23 - 00000000 _____ C:\Windows\System32\config\SOFTWARE65198c0
2013-11-12 16:28 - 2013-11-12 16:28 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-11-05 14:16 - 2013-11-03 16:38 - 00000000 ____R C:\Users\Peter\Downloads\Sonar X2.iso
2013-10-31 06:10 - 2013-10-31 06:11 - 40797644 _____ C:\Users\Peter\Downloads\S-CCPRO_-021500MU-___EN-32BIT_.dmg
2013-10-31 06:10 - 2013-10-31 06:11 - 00000000 _____ C:\Users\Peter\Downloads\S-CCPRO_-021500WU-___EN-32BIT_.exe
2013-10-29 16:32 - 2013-10-29 16:36 - 00000000 ____D C:\Users\Peter\Downloads\Dell 15R
2013-10-29 15:48 - 2013-10-29 15:48 - 00000000 ___HD C:\Windows\AxInstSV
2013-10-29 15:48 - 2013-10-29 15:48 - 00000000 ____D C:\Windows\SysWOW64\Dell
2013-10-29 15:48 - 2013-10-29 15:48 - 00000000 ____D C:\Program Files (x86)\Dell
2013-10-29 14:38 - 2013-10-29 14:38 - 00002522 _____ C:\Users\Peter\Desktop\Windows 7 USB DVD Download Tool.lnk
2013-10-29 14:37 - 2013-10-29 14:53 - 00000000 ____D C:\Users\Peter\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2013-10-29 12:14 - 2013-10-29 12:17 - 00000000 ____D C:\Users\Peter\Downloads\Windows 7 Ultimate with SP1 X64 Genuine ISO Untouched + Windows7 USB DVD Tool [h33t][iahq76]
2013-10-29 12:13 - 2013-10-29 12:13 - 00969504 _____ (Microsoft Corporation) C:\Users\Peter\Downloads\Windows7-USB-DVD-tool.exe
2013-10-24 12:14 - 2013-10-24 12:14 - 00946195 _____ C:\Users\Peter\Downloads\Dilerski Cenovnik.xlsx
2013-10-24 07:23 - 2013-10-24 07:23 - 00000000 ____D C:\Users\Peter\Downloads\motionVFX - mFlare 1.3.8 .3
2013-10-24 07:22 - 2013-10-24 07:22 - 02600664 _____ (Visicom Media Inc.) C:\Users\Peter\Downloads\z_downloader.exe
2013-10-24 07:22 - 2013-10-24 07:22 - 00006705 _____ C:\Users\Peter\Downloads\motionVFX - mFlare - 1.3.8 [Intel-K].torrent
2013-10-21 00:08 - 2013-10-21 00:08 - 00152704 _____ (Amonétié Ltd) C:\Users\Peter\Downloads\mLowers Full Bundle- 50 Profressional Lower Thirds for FCPX and Motion 5 motionVFX.rar__3515_i104311249_il5101364.exe
2013-10-21 00:08 - 2013-10-21 00:08 - 00152704 _____ (Amonétié Ltd) C:\Users\Peter\Downloads\mLowers Full Bundle- 50 Profressional Lower Thirds for FCPX and Motion 5 motionVFX.rar__3038_i104311337_il5101364.exe
2013-10-21 00:03 - 2013-10-21 00:03 - 00229376 _____ (SummerSoft) C:\Users\Peter\Downloads\motionvfx_torrent.torrent.exe
2013-10-21 00:01 - 2013-10-21 00:02 - 06097800 _____ (http://yourfiledownloader.com) C:\Users\Peter\Downloads\motionVFX_-_mLeaks-_50_Organic_2K_Light_Leak_Effects_downloader.exe
2013-10-20 14:26 - 2013-10-20 14:27 - 00013540 _____ C:\Users\Peter\Downloads\[kickass.to]prostatic.for.fcpx.pixel.film.studios.torrent
2013-10-20 14:19 - 2013-10-20 15:56 - 84518026 _____ C:\Users\Peter\Downloads\H___mFlare1.3.8_.dmg
2013-10-19 06:00 - 2013-10-19 06:00 - 00000000 ____D C:\Users\Peter\Downloads\Selectie
2013-10-17 13:53 - 2013-10-17 17:14 - 629612448 _____ C:\Users\Peter\Downloads\[ www.UsaBit.com ] -  Battle Earth (2012) 720p WEB-DL 600MB Ganool.mkv
2013-10-16 23:01 - 2013-10-16 23:03 - 00050061 _____ C:\Users\Peter\Downloads\cloud-atlas_dutch-666995.zip
2013-10-16 14:00 - 2013-10-16 14:49 - 00017514 _____ C:\Users\Peter\Downloads\after-earth_dutch-789924.zip
2013-10-16 13:59 - 2013-10-16 17:51 - 00050095 _____ C:\Users\Peter\Downloads\cloud-atlas_dutch-733673.zip
2013-10-16 13:28 - 2013-10-16 13:28 - 00318904 _____ (Microsoft Corporation) C:\Users\Peter\Downloads\wmpfirefoxplugin.exe
 
==================== One Month Modified Files and Folders =======
 
2013-11-15 02:44 - 2013-11-15 02:44 - 00000000 ____D C:\FRST
2013-11-14 16:57 - 2013-06-12 08:27 - 00000779 _____ C:\.dir
2013-11-14 00:44 - 2013-11-14 00:44 - 00000000 ____D C:\MSIcdff3.tmp
2013-11-14 00:44 - 2013-11-14 00:44 - 00000000 ____D C:\MSIcdfeb.tmp
2013-11-14 00:43 - 2013-11-14 00:43 - 00000000 ____D C:\_386658_
2013-11-14 00:40 - 2013-11-14 00:40 - 00000000 ____D C:\MSIcdfe4.tmp
2013-11-14 00:40 - 2013-11-14 00:40 - 00000000 ____D C:\_173124_
2013-11-14 00:34 - 2013-11-14 00:34 - 00000000 ____D C:\MSIcdfdd.tmp
2013-11-13 08:56 - 2013-11-13 08:56 - 00000000 _____ C:\Windows\System32\config\SOFTWARE11e7f2d3
2013-11-13 07:40 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2013-11-13 07:23 - 2013-11-13 07:23 - 00000000 _____ C:\Windows\System32\config\SOFTWARE65198c0
2013-11-13 06:39 - 2013-03-17 11:22 - 00000000 ____D C:\Windows.old.000
2013-11-12 16:28 - 2013-11-12 16:28 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-11-11 09:16 - 2013-03-17 02:50 - 00000000 _____ C:\Windows\WindowsUpdate.log
2013-11-11 09:15 - 2013-08-23 07:06 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4293437716-1995269053-1874207689-1001Core.job
2013-11-11 09:15 - 2013-03-17 06:34 - 00000000 ____D C:\Users\Peter\Documents\Outlook Files
2013-11-11 09:15 - 2013-03-17 03:57 - 00001050 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-11 09:09 - 2013-03-17 04:02 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Skype
2013-11-11 09:09 - 2009-07-13 20:45 - 00018992 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-11 09:09 - 2009-07-13 20:45 - 00018992 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-11 09:05 - 2013-08-25 11:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-11 09:05 - 2013-04-24 17:24 - 00000000 ____D C:\Outlook2
2013-11-11 09:05 - 2013-03-17 03:57 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-11 09:04 - 2013-08-23 07:06 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4293437716-1995269053-1874207689-1001UA.job
2013-11-07 10:10 - 2012-11-22 16:21 - 00000000 ____D C:\1Peter songs
2013-11-04 05:24 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-04 05:20 - 2013-10-05 01:41 - 00002162 _____ C:\Windows\setupact.log
2013-11-04 05:17 - 2013-03-29 01:12 - 00000000 ____D C:\Users\Peter\AppData\Local\HTC MediaHub
2013-11-04 05:16 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-03 16:38 - 2013-11-05 14:16 - 00000000 ____R C:\Users\Peter\Downloads\Sonar X2.iso
2013-10-31 06:11 - 2013-10-31 06:10 - 40797644 _____ C:\Users\Peter\Downloads\S-CCPRO_-021500MU-___EN-32BIT_.dmg
2013-10-31 06:11 - 2013-10-31 06:10 - 00000000 _____ C:\Users\Peter\Downloads\S-CCPRO_-021500WU-___EN-32BIT_.exe
2013-10-31 06:02 - 2013-03-18 09:46 - 00056569 ____H C:\Windows\SysWOW64\BTImages.dat
2013-10-31 04:48 - 2013-03-18 14:53 - 00000000 ____D C:\ProgramData\Adobe
2013-10-29 16:36 - 2013-10-29 16:32 - 00000000 ____D C:\Users\Peter\Downloads\Dell 15R
2013-10-29 15:48 - 2013-10-29 15:48 - 00000000 ___HD C:\Windows\AxInstSV
2013-10-29 15:48 - 2013-10-29 15:48 - 00000000 ____D C:\Windows\SysWOW64\Dell
2013-10-29 15:48 - 2013-10-29 15:48 - 00000000 ____D C:\Program Files (x86)\Dell
2013-10-29 14:53 - 2013-10-29 14:37 - 00000000 ____D C:\Users\Peter\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2013-10-29 14:38 - 2013-10-29 14:38 - 00002522 _____ C:\Users\Peter\Desktop\Windows 7 USB DVD Download Tool.lnk
2013-10-29 14:35 - 2013-03-17 04:29 - 00000000 ____D C:\Users\Peter\AppData\Roaming\uTorrent
2013-10-29 12:17 - 2013-10-29 12:14 - 00000000 ____D C:\Users\Peter\Downloads\Windows 7 Ultimate with SP1 X64 Genuine ISO Untouched + Windows7 USB DVD Tool [h33t][iahq76]
2013-10-29 12:13 - 2013-10-29 12:13 - 00969504 _____ (Microsoft Corporation) C:\Users\Peter\Downloads\Windows7-USB-DVD-tool.exe
2013-10-29 05:55 - 2013-03-17 04:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-29 05:55 - 2013-03-17 04:02 - 00000000 ____D C:\ProgramData\Skype
2013-10-28 09:53 - 2013-08-25 11:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-28 09:53 - 2013-03-29 02:49 - 00000000 ____D C:\Users\Peter\AppData\Local\Adobe
2013-10-28 09:53 - 2013-03-18 14:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-28 09:53 - 2013-03-18 14:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-26 00:19 - 2013-06-04 12:42 - 00000000 ____D C:\Web Easy Professional 10
2013-10-24 12:14 - 2013-10-24 12:14 - 00946195 _____ C:\Users\Peter\Downloads\Dilerski Cenovnik.xlsx
2013-10-24 07:23 - 2013-10-24 07:23 - 00000000 ____D C:\Users\Peter\Downloads\motionVFX - mFlare 1.3.8 .3
2013-10-24 07:22 - 2013-10-24 07:22 - 02600664 _____ (Visicom Media Inc.) C:\Users\Peter\Downloads\z_downloader.exe
2013-10-24 07:22 - 2013-10-24 07:22 - 00006705 _____ C:\Users\Peter\Downloads\motionVFX - mFlare - 1.3.8 [Intel-K].torrent
2013-10-23 22:38 - 2013-06-16 02:11 - 00000000 ____D C:\Program Files (x86)\Nero
2013-10-23 13:11 - 2013-03-17 04:28 - 00000000 ____D C:\Users\Peter\AppData\Local\Windows Live
2013-10-23 04:50 - 2012-11-19 01:14 - 00000000 ____D C:\1Photo
2013-10-21 00:08 - 2013-10-21 00:08 - 00152704 _____ (Amonétié Ltd) C:\Users\Peter\Downloads\mLowers Full Bundle- 50 Profressional Lower Thirds for FCPX and Motion 5 motionVFX.rar__3515_i104311249_il5101364.exe
2013-10-21 00:08 - 2013-10-21 00:08 - 00152704 _____ (Amonétié Ltd) C:\Users\Peter\Downloads\mLowers Full Bundle- 50 Profressional Lower Thirds for FCPX and Motion 5 motionVFX.rar__3038_i104311337_il5101364.exe
2013-10-21 00:03 - 2013-10-21 00:03 - 00229376 _____ (SummerSoft) C:\Users\Peter\Downloads\motionvfx_torrent.torrent.exe
2013-10-21 00:02 - 2013-10-21 00:01 - 06097800 _____ (http://yourfiledownloader.com) C:\Users\Peter\Downloads\motionVFX_-_mLeaks-_50_Organic_2K_Light_Leak_Effects_downloader.exe
2013-10-20 15:56 - 2013-10-20 14:19 - 84518026 _____ C:\Users\Peter\Downloads\H___mFlare1.3.8_.dmg
2013-10-20 14:27 - 2013-10-20 14:26 - 00013540 _____ C:\Users\Peter\Downloads\[kickass.to]prostatic.for.fcpx.pixel.film.studios.torrent
2013-10-19 06:00 - 2013-10-19 06:00 - 00000000 ____D C:\Users\Peter\Downloads\Selectie
2013-10-17 17:14 - 2013-10-17 13:53 - 629612448 _____ C:\Users\Peter\Downloads\[ www.UsaBit.com ] -  Battle Earth (2012) 720p WEB-DL 600MB Ganool.mkv
2013-10-16 23:03 - 2013-10-16 23:01 - 00050061 _____ C:\Users\Peter\Downloads\cloud-atlas_dutch-666995.zip
2013-10-16 17:51 - 2013-10-16 13:59 - 00050095 _____ C:\Users\Peter\Downloads\cloud-atlas_dutch-733673.zip
2013-10-16 14:49 - 2013-10-16 14:00 - 00017514 _____ C:\Users\Peter\Downloads\after-earth_dutch-789924.zip
2013-10-16 13:32 - 2013-09-30 23:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-16 13:28 - 2013-10-16 13:28 - 00318904 _____ (Microsoft Corporation) C:\Users\Peter\Downloads\wmpfirefoxplugin.exe
 
Some content of TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\Uninstall.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 20%
Total physical RAM: 3062.04 MB
Available physical RAM: 2448.43 MB
Total Pagefile: 3060.24 MB
Available Pagefile: 2473.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: (Dell) (Fixed) (Total:465.66 GB) (Free:38.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (GSP1RMCULXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:7.47 GB) (Free:7.36 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (New Volume) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E8174890)
Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 6E697373)
No partition Table on disk 1.
 
 
LastRegBack: 2013-10-24 07:43
 
==================== End Of Log ============================


#4 Unetwork

Unetwork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Skopje Amsterdam
  • Local time:07:45 PM

Posted 17 November 2013 - 07:07 PM

EDIT
As you see I tried the software you suggested some day ago
When I put the 2,5 inch HDD on my external HDD USB reader I wont get access to the drive with my computer but with Total commander I get access when I click on admin all
Thats again very strange...


Edited by Unetwork, 17 November 2013 - 07:08 PM.


#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:45 PM

Posted 17 November 2013 - 07:54 PM

Hello again,

The help is my pleasure!

But I need a fresh scan with an updated FRST, and also the List BCD parameter I asked for please. Your version of FRST is outdated. :wink:

Also, please verify that you do have an Installation disc handy, correct?

bloopie

#6 Unetwork

Unetwork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Skopje Amsterdam
  • Local time:07:45 PM

Posted 19 November 2013 - 03:10 AM

sorry its the FRST which I downloaded from their website



#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:45 PM

Posted 19 November 2013 - 11:33 AM

Hi again,

 

You can download it again from our site (right-click and delete your existing copy, and download a fresh copy from my link above), then run it again with the parameters I specified above.

 

==========

 

In addition to the fresh FRST scan, please post another log:

 

  • Download ListParts64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment



  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

W7InstallDisk2.png



  • Select the Command Prompt option.
  • A command window will open.
  • Type notepad then hit Enter.
  • Notepad will open.
  • Click File > Open then select Computer.
  • Note down the drive letter for your USB Drive.
  • Close Notepad.

Back in the command window ....

  • Type e:\listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  • ListParts will start to run.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on the flash drive.

Close the command window.
Post me the Result.txt log please.

 

bloopie


Edited by bloopie, 19 November 2013 - 11:37 AM.


#8 Unetwork

Unetwork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Skopje Amsterdam
  • Local time:07:45 PM

Posted 21 November 2013 - 07:24 AM

Thank you very much for all your help

Here is the new list:

 

ListParts by Farbar Version: 20-10-2013

Ran by SYSTEM (administrator) on 21-11-2013 at 13:21:22
Windows 7 (X64)
Running From: F:\
Language: 0409
************************************************************
 
========================= Memory info ====================== 
 
Percentage of memory in use: 15%
Total physical RAM: 3062.04 MB
Available physical RAM: 2601.23 MB
Total Pagefile: 3060.24 MB
Available Pagefile: 2587.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
 
======================= Partitions =========================
 
1 Drive c: (New Volume) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Dell) (Fixed) (Total:465.66 GB) (Free:38.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (GSP1RMCULXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
4 Drive f: () (Removable) (Total:7.47 GB) (Free:1.21 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB  1024 KB         
  Disk 1    Online         7648 MB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: E8174890
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             99 MB  1024 KB
  Partition 2    Primary            465 GB   101 MB
 
======================================================================================================
 
Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   New Volume   NTFS   Partition     99 MB  Healthy            
 
======================================================================================================
 
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     D   Dell         NTFS   Partition    465 GB  Healthy            
 
======================================================================================================
 
Partitions of Disk 1:
===============
 
Disk ID: 00000001
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
* Partition 1    Primary           7648 MB      0 B
 
======================================================================================================
 
Disk: 1
There is no partition selected.
 
There is no partition selected.
Please select a partition and try again.
 
======================================================================================================
============================== MBR Partition Table ==================
 
==============================
Partitions of Disk 0:
===============
Disk ID: E8174890
Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
==============================
Partitions of Disk 1:
===============
Disk ID: 6E697373
Partition 1: (Not Active) - (Size=875 GB) - (Type=4F)
Partition 2: (Not Active) - (Size=260 GB) - (Type=73)
Partition 3: (Not Active) - (Size=259 GB) - (Type=2B)
Partition 4: (Not Active) - (Size=27 MB) - (Type=61)
 
 
****** End Of Log ****** 


#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:45 PM

Posted 21 November 2013 - 06:33 PM

Hello again,

Thanks for the log, but I still do need an updated FRST scan with "List BCD" option checked as described in Post #2 above. Please post me the updated FRST log so that I have more of the information that I need.

 

Thanks!

 

bloopie



#10 Unetwork

Unetwork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Skopje Amsterdam
  • Local time:07:45 PM

Posted 22 November 2013 - 02:45 AM

Hi Bloopie sorry for the delay did not see that, well I thought it might be a issue of the rights as when I unplug the HDD in my external reader on my other PC, in explorer I can't get a permission to read, only with Total commander after giving permission as admin..I can see the files
Now when trying to fix it I am getting a little further as when I boot I am getting the welcome screen but not the login and it flashes, also after some time the HDD does not react...just the mouse can be moved but no response..

Here the log from FRST64

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013

Ran by SYSTEM on MININT-O9EADV3 on 22-11-2013 08:31:21
Running from E:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe [425984 2008-02-15] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-01-27] (Power Software Ltd)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-08-12] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKU\Peter\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKU\Peter\...\Run: [VoipBuster] - C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe [19569472 2013-10-23] (VoipBuster)
 
==================== Services (Whitelisted) =================
 
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [86016 2007-09-20] (Andrea Electronics Corporation)
S2 CertifiedBrowserService; C:\Users\Peter\AppData\Roaming\GVU Technologies\YouTube Downloader\CertifiedBrowserService.exe [103936 2013-04-11] ()
S2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
S2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S2 Serviio; C:\Serviio\bin\ServiioService.exe [354816 2013-03-22] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe [122880 2008-02-15] (IDT, Inc.)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-08-12] (Check Point Software Technologies LTD)
S2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-17] (Check Point Software Technologies, Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
S2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
S3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [266624 2007-10-10] (Creative Technology Ltd.)
S3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
S1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)
S0 KL1; 
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-16 09:42 - 2013-11-16 09:42 - 00457488 _____ C:\Windows\Minidump\111613-37767-01.dmp
2013-11-15 02:44 - 2013-11-15 02:44 - 00000000 ____D C:\FRST
2013-11-15 02:40 - 2013-11-21 05:12 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-11-14 18:34 - 2013-11-14 18:34 - 00000000 ____D C:\mbar
2013-11-14 00:44 - 2013-11-14 00:44 - 00000000 ____D C:\MSIcdff3.tmp
2013-11-14 00:44 - 2013-11-14 00:44 - 00000000 ____D C:\MSIcdfeb.tmp
2013-11-14 00:43 - 2013-11-14 00:43 - 00000000 ____D C:\_386658_
2013-11-14 00:40 - 2013-11-14 00:40 - 00000000 ____D C:\MSIcdfe4.tmp
2013-11-14 00:40 - 2013-11-14 00:40 - 00000000 ____D C:\_173124_
2013-11-14 00:34 - 2013-11-14 00:34 - 00000000 ____D C:\MSIcdfdd.tmp
2013-11-13 08:56 - 2013-11-13 08:56 - 00000000 _____ C:\Windows\System32\config\SOFTWARE11e7f2d3
2013-11-13 07:23 - 2013-11-13 07:23 - 00000000 _____ C:\Windows\System32\config\SOFTWARE65198c0
2013-11-12 16:28 - 2013-11-12 16:28 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-11-05 14:16 - 2013-11-03 16:38 - 00000000 ____R C:\Users\Peter\Downloads\Sonar X2.iso
2013-10-31 06:10 - 2013-10-31 06:11 - 40797644 _____ C:\Users\Peter\Downloads\S-CCPRO_-021500MU-___EN-32BIT_.dmg
2013-10-31 06:10 - 2013-10-31 06:11 - 00000000 _____ C:\Users\Peter\Downloads\S-CCPRO_-021500WU-___EN-32BIT_.exe
2013-10-29 16:32 - 2013-10-29 16:36 - 00000000 ____D C:\Users\Peter\Downloads\Dell 15R
2013-10-29 15:48 - 2013-10-29 15:48 - 00000000 ___HD C:\Windows\AxInstSV
2013-10-29 15:48 - 2013-10-29 15:48 - 00000000 ____D C:\Windows\SysWOW64\Dell
2013-10-29 15:48 - 2013-10-29 15:48 - 00000000 ____D C:\Program Files (x86)\Dell
2013-10-29 14:38 - 2013-10-29 14:38 - 00002522 _____ C:\Users\Peter\Desktop\Windows 7 USB DVD Download Tool.lnk
2013-10-29 14:37 - 2013-10-29 14:53 - 00000000 ____D C:\Users\Peter\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2013-10-29 12:14 - 2013-10-29 12:17 - 00000000 ____D C:\Users\Peter\Downloads\Windows 7 Ultimate with SP1 X64 Genuine ISO Untouched + Windows7 USB DVD Tool [h33t][iahq76]
2013-10-29 12:13 - 2013-10-29 12:13 - 00969504 _____ (Microsoft Corporation) C:\Users\Peter\Downloads\Windows7-USB-DVD-tool.exe
2013-10-24 12:14 - 2013-10-24 12:14 - 00946195 _____ C:\Users\Peter\Downloads\Dilerski Cenovnik.xlsx
2013-10-24 07:23 - 2013-10-24 07:23 - 00000000 ____D C:\Users\Peter\Downloads\motionVFX - mFlare 1.3.8 .3
2013-10-24 07:22 - 2013-10-24 07:22 - 02600664 _____ (Visicom Media Inc.) C:\Users\Peter\Downloads\z_downloader.exe
2013-10-24 07:22 - 2013-10-24 07:22 - 00006705 _____ C:\Users\Peter\Downloads\motionVFX - mFlare - 1.3.8 [Intel-K].torrent
 
==================== One Month Modified Files and Folders =======
 
2013-11-21 14:11 - 2013-08-23 07:06 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4293437716-1995269053-1874207689-1001UA.job
2013-11-21 14:05 - 2013-03-17 02:50 - 00004161 _____ C:\Windows\WindowsUpdate.log
2013-11-21 14:04 - 2013-06-12 08:27 - 00000779 _____ C:\.dir
2013-11-21 14:03 - 2013-10-05 01:41 - 00002432 _____ C:\Windows\setupact.log
2013-11-21 14:02 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-21 05:12 - 2013-11-15 02:40 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-11-16 09:42 - 2013-11-16 09:42 - 00457488 _____ C:\Windows\Minidump\111613-37767-01.dmp
2013-11-16 09:42 - 2013-04-07 05:20 - 00000000 ____D C:\Windows\Minidump
2013-11-16 09:41 - 2013-10-15 02:29 - 267218046 _____ C:\Windows\MEMORY.DMP
2013-11-15 02:44 - 2013-11-15 02:44 - 00000000 ____D C:\FRST
2013-11-14 18:34 - 2013-11-14 18:34 - 00000000 ____D C:\mbar
2013-11-14 00:44 - 2013-11-14 00:44 - 00000000 ____D C:\MSIcdff3.tmp
2013-11-14 00:44 - 2013-11-14 00:44 - 00000000 ____D C:\MSIcdfeb.tmp
2013-11-14 00:43 - 2013-11-14 00:43 - 00000000 ____D C:\_386658_
2013-11-14 00:40 - 2013-11-14 00:40 - 00000000 ____D C:\MSIcdfe4.tmp
2013-11-14 00:40 - 2013-11-14 00:40 - 00000000 ____D C:\_173124_
2013-11-14 00:34 - 2013-11-14 00:34 - 00000000 ____D C:\MSIcdfdd.tmp
2013-11-13 08:56 - 2013-11-13 08:56 - 00000000 _____ C:\Windows\System32\config\SOFTWARE11e7f2d3
2013-11-13 07:40 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2013-11-13 07:23 - 2013-11-13 07:23 - 00000000 _____ C:\Windows\System32\config\SOFTWARE65198c0
2013-11-13 06:39 - 2013-03-17 11:22 - 00000000 ____D C:\Windows.old.000
2013-11-12 16:28 - 2013-11-12 16:28 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-11-11 09:15 - 2013-08-23 07:06 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4293437716-1995269053-1874207689-1001Core.job
2013-11-11 09:15 - 2013-03-17 06:34 - 00000000 ____D C:\Users\Peter\Documents\Outlook Files
2013-11-11 09:15 - 2013-03-17 03:57 - 00001050 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-11 09:09 - 2013-03-17 04:02 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Skype
2013-11-11 09:09 - 2009-07-13 20:45 - 00018992 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-11 09:09 - 2009-07-13 20:45 - 00018992 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-11 09:05 - 2013-08-25 11:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-11 09:05 - 2013-04-24 17:24 - 00000000 ____D C:\Outlook2
2013-11-11 09:05 - 2013-03-17 03:57 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-07 10:10 - 2012-11-22 16:21 - 00000000 ____D C:\1Peter songs
2013-11-04 05:24 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-04 05:17 - 2013-03-29 01:12 - 00000000 ____D C:\Users\Peter\AppData\Local\HTC MediaHub
2013-11-03 16:38 - 2013-11-05 14:16 - 00000000 ____R C:\Users\Peter\Downloads\Sonar X2.iso
2013-10-31 06:11 - 2013-10-31 06:10 - 40797644 _____ C:\Users\Peter\Downloads\S-CCPRO_-021500MU-___EN-32BIT_.dmg
2013-10-31 06:11 - 2013-10-31 06:10 - 00000000 _____ C:\Users\Peter\Downloads\S-CCPRO_-021500WU-___EN-32BIT_.exe
2013-10-31 06:02 - 2013-03-18 09:46 - 00056569 ____H C:\Windows\SysWOW64\BTImages.dat
2013-10-31 04:48 - 2013-03-18 14:53 - 00000000 ____D C:\ProgramData\Adobe
2013-10-29 16:36 - 2013-10-29 16:32 - 00000000 ____D C:\Users\Peter\Downloads\Dell 15R
2013-10-29 15:48 - 2013-10-29 15:48 - 00000000 ___HD C:\Windows\AxInstSV
2013-10-29 15:48 - 2013-10-29 15:48 - 00000000 ____D C:\Windows\SysWOW64\Dell
2013-10-29 15:48 - 2013-10-29 15:48 - 00000000 ____D C:\Program Files (x86)\Dell
2013-10-29 14:53 - 2013-10-29 14:37 - 00000000 ____D C:\Users\Peter\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2013-10-29 14:38 - 2013-10-29 14:38 - 00002522 _____ C:\Users\Peter\Desktop\Windows 7 USB DVD Download Tool.lnk
2013-10-29 14:35 - 2013-03-17 04:29 - 00000000 ____D C:\Users\Peter\AppData\Roaming\uTorrent
2013-10-29 12:17 - 2013-10-29 12:14 - 00000000 ____D C:\Users\Peter\Downloads\Windows 7 Ultimate with SP1 X64 Genuine ISO Untouched + Windows7 USB DVD Tool [h33t][iahq76]
2013-10-29 12:13 - 2013-10-29 12:13 - 00969504 _____ (Microsoft Corporation) C:\Users\Peter\Downloads\Windows7-USB-DVD-tool.exe
2013-10-29 05:55 - 2013-03-17 04:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-29 05:55 - 2013-03-17 04:02 - 00000000 ____D C:\ProgramData\Skype
2013-10-28 09:53 - 2013-08-25 11:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-28 09:53 - 2013-03-29 02:49 - 00000000 ____D C:\Users\Peter\AppData\Local\Adobe
2013-10-28 09:53 - 2013-03-18 14:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-28 09:53 - 2013-03-18 14:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-26 00:19 - 2013-06-04 12:42 - 00000000 ____D C:\Web Easy Professional 10
2013-10-24 12:14 - 2013-10-24 12:14 - 00946195 _____ C:\Users\Peter\Downloads\Dilerski Cenovnik.xlsx
2013-10-24 07:23 - 2013-10-24 07:23 - 00000000 ____D C:\Users\Peter\Downloads\motionVFX - mFlare 1.3.8 .3
2013-10-24 07:22 - 2013-10-24 07:22 - 02600664 _____ (Visicom Media Inc.) C:\Users\Peter\Downloads\z_downloader.exe
2013-10-24 07:22 - 2013-10-24 07:22 - 00006705 _____ C:\Users\Peter\Downloads\motionVFX - mFlare - 1.3.8 [Intel-K].torrent
2013-10-23 22:38 - 2013-06-16 02:11 - 00000000 ____D C:\Program Files (x86)\Nero
2013-10-23 13:11 - 2013-03-17 04:28 - 00000000 ____D C:\Users\Peter\AppData\Local\Windows Live
2013-10-23 04:50 - 2012-11-19 01:14 - 00000000 ____D C:\1Photo
 
Some content of TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\Uninstall.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
path                    \bootmgr
description             Windows Boot Manager
locale                  en-US
default                 {default}
resumeobject            {aaddd1a2-4d90-11e3-80fb-806e6f6e6963}
displayorder            {default}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Ultimate (recovered) 
locale                  en-US
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {aaddd1a2-4d90-11e3-80fb-806e6f6e6963}
 
Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\3a9287dd-8f3b-11e2-8d0e-8f09e0e2ef32\Winre.wim,{1b158908-4dd8-11e3-8728-c8a12226b432}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (recovered) 
locale                  
osdevice                ramdisk=[C:]\Recovery\3a9287dd-8f3b-11e2-8d0e-8f09e0e2ef32\Winre.wim,{1b158908-4dd8-11e3-8728-c8a12226b432}
systemroot              \windows
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {aaddd1a2-4d90-11e3-80fb-806e6f6e6963}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows 7 Ultimate (recovered) 
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
 
Device options
--------------
identifier              {1b158908-4dd8-11e3-8728-c8a12226b432}
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\3a9287dd-8f3b-11e2-8d0e-8f09e0e2ef32\boot.sdi
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 19%
Total physical RAM: 3062.04 MB
Available physical RAM: 2459.9 MB
Total Pagefile: 3060.19 MB
Available Pagefile: 2479.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: (Dell) (Fixed) (Total:465.66 GB) (Free:38.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:7.47 GB) (Free:1.21 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (New Volume) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E8174890)
Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 6E697373)
No partition Table on disk 1.
 
 
LastRegBack: 2013-10-24 07:43
 
==================== End Of Log ============================

Edited by Unetwork, 22 November 2013 - 02:47 AM.


#11 Unetwork

Unetwork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Skopje Amsterdam
  • Local time:07:45 PM

Posted 22 November 2013 - 09:22 AM

I did the cacls command



#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:45 PM

Posted 22 November 2013 - 05:38 PM

Hello again,

Let's try this:

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt
 

LastRegBack: 2013-10-24 07:43


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


On Vista or Windows 7: Now please enter System Recovery Options as you did before.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.

bloopie

#13 Unetwork

Unetwork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Skopje Amsterdam
  • Local time:07:45 PM

Posted 22 November 2013 - 05:50 PM

going to try it now thanks!



#14 Unetwork

Unetwork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Skopje Amsterdam
  • Local time:07:45 PM

Posted 22 November 2013 - 05:54 PM

here it is

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2013

Ran by SYSTEM at 2013-11-22 23:52:21 Run:1
Running from E:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
LastRegBack: 2013-10-24 07:43
*****************
 
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
 
==== End of Fixlog ====


#15 Unetwork

Unetwork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Skopje Amsterdam
  • Local time:07:45 PM

Posted 22 November 2013 - 05:56 PM

But the problem remains flashing just tried in safe mode






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users