Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Black screen, only cursor !


  • This topic is locked This topic is locked
1 reply to this topic

#1 n1Cola

n1Cola

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 01 December 2013 - 01:51 PM

Hello good people !

 

My girlfriend downloaded some smiley faces for gmail ( i think it is "smileys we love" ) i guess it was bundled with tuneup and other crap ware.

She has Toshiba laptop with windows 7 x64 ultimate.

When she resumed with windows it happened, only cursor and black screen, with no option for ctrl-alt-del.

I have try ed rouge killer in command prompt and it found some desktop icons hiding startups, after deleting it same thing happened.

 

I tried safemode, safemode with command prompt, all the same... 

Tryed boot fixing in windows repair and she didn't have restore points enabled.

 

So i did this in repair windows command prompt :

 

Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens, be sure to put a checkmark in the box next to List BCD in the "Optional Scan" section, and click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013

Ran by SYSTEM on MININT-23OQEN7 on 01-12-2013 18:46:23

Running from H:\

Windows 7 Ultimate (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

 

The current controlset is ControlSet002

ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [571304 2010-12-09] (TOSHIBA Corporation)

HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)

HKLM\...\Run: [C:\Windows\system32\V0610Ext.ax] - C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0610Ext.ax

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1289704 2012-09-12] (Microsoft Corporation)

HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)

HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKLM-x32\...\Run: [ThreatFire] - C:\Program Files (x86)\ThreatFire\TFTray.exe [378128 2010-01-14] (PC Tools)

HKLM-x32\...\Run: [TaskTray] - [x]

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [C:\Windows\SysWOW64\V0610Ext.ax] - C:\Windows\System32\regsvr32.exe [19456 2009-07-13] (Microsoft Corporation)

HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()

HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

HKU\Tanja\...\Run: [] - [x]

HKU\Tanja\...\Run: [Google Update] - C:\Users\Tanja\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-03-26] (Google Inc.)

HKU\Tanja\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1084840 2012-05-16] (Nokia)

Startup: C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled ()

 

==================== Services (Whitelisted) =================

 

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-07] (Advanced Micro Devices, Inc.)

S4 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [246520 2010-03-28] ()

S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-11-04] (LogMeIn, Inc.)

S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-11-04] (LogMeIn, Inc.)

S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)

S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)

S4 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [259368 2009-06-23] (Nero AG)

S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)

S3 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2011-11-15] ()

S4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

S2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

S2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe [70928 2010-01-14] (PC Tools)

S2 Tweak7SystemService; C:\Windows\SysWow64\Tweak7SystemService.exe [90792 2010-03-26] (Totalidea Software)

 

==================== Drivers (Whitelisted) ====================

 

S3 flash; C:\Windows\SysWow64\drivers\flash.sys [8064 2005-11-17] ()

S1 HWiNFO32; C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [28032 2011-05-22] (REALiX™)

S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-30] (LogMeIn, Inc.)

S4 LMIRfsClientNP; No ImagePath

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)

S3 mv2; C:\Windows\System32\DRIVERS\mv2.sys [12096 2009-04-11] (UVNC BVBA)

S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)

S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation                           )

S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-02-10] (Realtek Semiconductor Corporation                           )

S0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2010-10-29] (Duplex Secure Ltd.)

S3 StarOpen; No ImagePath

S0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [65072 2010-01-14] (PC Tools)

S3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2010-01-14] (PC Tools)

S0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [59880 2010-01-14] (PC Tools)

S3 V0610Vid; C:\Windows\System32\DRIVERS\V0610Vid.sys [323136 2011-09-01] (Creative Technology Ltd.)

S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [x]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]

S3 Tcpz-x64; \??\C:\Users\Tanja\AppData\Local\Temp\Tcpz-x64.sys [x]

S3 tsusbhub; system32\drivers\tsusbhub.sys [x]

S3 VGPU; System32\drivers\rdvgkmd.sys [x]

S3 WinPhlash; \??\C:\Users\Tanja\AppData\Local\Temp\WZSE0.TMP\PHLASHNT.SYS [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-12-01 10:17 - 2013-12-01 10:17 - 00360881 _____ (Farbar) C:\FSS.exe

2013-12-01 10:15 - 2013-12-01 10:21 - 00028035 _____ C:\FRST.txt

2013-12-01 10:15 - 2013-12-01 10:15 - 01092187 _____ (Farbar) C:\FRST.exe

2013-12-01 10:15 - 2013-12-01 10:15 - 00000000 ____D C:\FRST

2013-12-01 03:54 - 2013-12-01 03:54 - 00002770 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013

2013-12-01 02:17 - 2013-12-01 02:17 - 00000000 ____D C:\Users\Tanja\AppData\Local\Avg2014

2013-12-01 00:47 - 2013-12-01 00:47 - 00000000 ____D C:\Users\Tanja\AppData\Roaming\TuneUp Software

2013-12-01 00:46 - 2013-12-01 00:51 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014

2013-12-01 00:45 - 2013-12-01 04:06 - 00000000 ____D C:\ProgramData\TuneUp Software

2013-12-01 00:45 - 2013-12-01 00:45 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

2013-12-01 00:41 - 2013-12-01 00:41 - 00000000 ____D C:\Program Files (x86)\SimilarSites

2013-12-01 00:40 - 2013-12-01 00:41 - 00000000 ____D C:\Users\Tanja\AppData\Local\Mobogenie

2013-12-01 00:40 - 2013-12-01 00:40 - 00000000 ____D C:\Users\Tanja\Documents\Mobogenie

2013-12-01 00:40 - 2013-12-01 00:40 - 00000000 ____D C:\Users\Tanja\AppData\Roaming\SimilarSites

2013-12-01 00:40 - 2013-12-01 00:40 - 00000000 ____D C:\Users\Tanja\AppData\Local\cache

2013-12-01 00:40 - 2013-12-01 00:40 - 00000000 _____ C:\Users\Tanja\daemonprocess.txt

2013-12-01 00:39 - 2013-12-01 00:44 - 00000000 ____D C:\Program Files (x86)\Mobogenie

2013-12-01 00:39 - 2013-12-01 00:39 - 00000000 ____D C:\Users\Tanja\Documents\SmileysWeLove

2013-12-01 00:37 - 2013-12-01 00:41 - 00000000 _____ C:\END

2013-11-29 00:09 - 2013-11-29 00:09 - 00068096 _____ C:\Users\Tanja\Downloads\ARBITRAZA.ppt

2013-11-24 14:44 - 2013-11-24 14:44 - 00035328 _____ C:\Users\Tanja\Downloads\Dijeta (1).xls

2013-11-23 05:54 - 2013-11-23 05:54 - 00001122 _____ C:\Users\Public\Desktop\BS.Player FREE.lnk

2013-11-23 05:53 - 2013-11-23 05:57 - 00000000 ____D C:\Users\Tanja\AppData\Roaming\BSplayer

2013-11-23 05:53 - 2013-11-23 05:53 - 00000000 ____D C:\Users\Tanja\AppData\Roaming\BSplayer Pro

2013-11-23 05:53 - 2013-11-23 05:53 - 00000000 ____D C:\Program Files (x86)\Webteh

2013-11-23 05:51 - 2013-11-23 05:51 - 10511384 _____ C:\Users\Tanja\Downloads\bsplayer_installer.exe

2013-11-23 05:49 - 2013-11-23 05:50 - 01104216 _____ (Conduit) C:\Users\Tanja\Downloads\bsplayer266.1075.exe

2013-11-23 05:47 - 2013-11-23 05:47 - 00027585 _____ C:\Users\Tanja\Downloads\73eb7b495d1a398300a2670b56a678c8f039a7a1.zip

2013-11-22 10:01 - 2013-11-22 10:01 - 00015044 _____ C:\Users\Tanja\Downloads\aa98c255bfcd1bcdf935fe613cbb779236548263.zip

2013-11-22 09:58 - 2013-11-22 09:58 - 00012345 _____ C:\Users\Tanja\Downloads\75dc728f939d342b3f803554154a51f5b94c1309.zip

2013-11-22 09:55 - 2013-11-22 09:55 - 00016687 _____ C:\Users\Tanja\Downloads\e58463b164dc1e4430d9ca29b8e7971817716d6a.zip

2013-11-18 23:43 - 2013-11-18 23:43 - 00865246 _____ C:\Users\Tanja\Downloads\Nikita - season 1.en.zip

2013-11-18 13:00 - 2013-11-18 13:00 - 00025890 _____ C:\Users\Tanja\Downloads\the.good.wife.the.next.month.(2013).eng.1cd.(5277374).zip

2013-11-18 04:48 - 2013-11-18 06:53 - 00036864 ____H C:\Users\Tanja\Desktop\~WRL0973.tmp

2013-11-18 04:40 - 2013-11-18 04:40 - 00027697 _____ C:\Users\Tanja\Downloads\ffc69ce723a4a70fe770e735cdbdc2a63215a5a4.zip

2013-11-18 03:13 - 2013-11-18 03:13 - 00027127 _____ C:\Users\Tanja\Downloads\03a2556c88a9026b938faf67e4b9bd6a2bd302a3 (2).zip

2013-11-18 03:12 - 2013-11-18 03:13 - 00027127 _____ C:\Users\Tanja\Downloads\03a2556c88a9026b938faf67e4b9bd6a2bd302a3.zip

2013-11-18 03:12 - 2013-11-18 03:13 - 00027127 _____ C:\Users\Tanja\Downloads\03a2556c88a9026b938faf67e4b9bd6a2bd302a3 (1).zip

2013-11-18 01:58 - 2013-11-18 01:58 - 00030537 _____ C:\Users\Tanja\Downloads\878c991c6d50b86f155989684cc8fd39c50ff4a1.zip

2013-11-18 01:03 - 2013-11-18 01:03 - 00000089 _____ C:\Users\Tanja\Downloads\POZIV (1)

2013-11-18 01:02 - 2013-11-18 01:02 - 00000089 _____ C:\Users\Tanja\Downloads\zvati jurcica za kljuc

2013-11-18 01:02 - 2013-11-18 01:02 - 00000089 _____ C:\Users\Tanja\Downloads\POZIV

2013-11-17 14:47 - 2013-11-17 14:47 - 00028496 _____ C:\Users\Tanja\Downloads\a0523ed07d8cfcb41f8a1050bb437020009f3601.zip

2013-11-17 09:07 - 2013-11-17 09:07 - 00031897 _____ C:\Users\Tanja\Downloads\downton-abbey-fourth-season_english-816550.zip

2013-11-16 12:31 - 2013-11-16 12:31 - 00001185 _____ C:\Users\Public\Desktop\GOM Player.lnk

2013-11-16 11:55 - 2013-11-16 11:55 - 00012708 _____ C:\Users\Tanja\Downloads\The Big Bang Theory_7x08_HDTV.en.zip

2013-11-16 11:49 - 2013-11-16 11:49 - 00015180 _____ C:\Users\Tanja\Downloads\cd25108e6b768a35fb2566a127fed1137f51eb23.zip

2013-11-16 11:47 - 2013-11-16 11:47 - 00016059 _____ C:\Users\Tanja\Downloads\85ed69fc27988f30b66f5c931219f84c84a8b01c.zip

2013-11-15 08:35 - 2013-11-15 08:35 - 00900691 _____ C:\Users\Tanja\Downloads\prilozi.zip

2013-11-14 12:36 - 2013-11-14 12:36 - 00024679 _____ C:\Users\Tanja\Downloads\51c1220d78193868b7f426529714a47c00fd60b2.zip

2013-11-13 12:22 - 2013-11-13 12:22 - 00021344 _____ C:\Users\Tanja\Downloads\493809-Downton-Abbey-2010-Dizi-23.976fps-EN-21kB-TurkceAltyazi.org.rar

2013-11-11 12:46 - 2013-11-11 12:46 - 00025611 _____ C:\Users\Tanja\Downloads\044613405819462.zip

2013-11-11 12:39 - 2013-11-11 12:39 - 00024407 _____ C:\Users\Tanja\Downloads\8b2fa9fe6878443fcf6cb7407150e2ccce72a113.zip

2013-11-09 03:17 - 2013-11-09 03:17 - 00030588 _____ C:\Users\Tanja\Downloads\de0ad047dd63eec3f899f2f1fd4406a4f12b14ae.zip

2013-11-06 13:04 - 2013-11-06 13:04 - 00027499 _____ C:\Users\Tanja\Downloads\68b058a7252ce93ca75441534e7ab05ec3e9fd01 (1).zip

2013-11-06 13:03 - 2013-11-06 13:03 - 00312424 _____ (WinterSoft) C:\Users\Tanja\Downloads\hart-of-dixie-how-do-you-like-me-now-eng-5256663.exe

2013-11-06 13:03 - 2013-11-06 13:03 - 00027499 _____ C:\Users\Tanja\Downloads\68b058a7252ce93ca75441534e7ab05ec3e9fd01.zip

2013-11-06 13:01 - 2013-11-06 13:01 - 00026079 _____ C:\Users\Tanja\Downloads\2c72dd7122262c703e26d1ebb57c705eb21662e5.zip

2013-11-06 02:39 - 2013-11-06 02:39 - 00115648 _____ C:\Users\Tanja\Downloads\TechDays_Registration_Slide.pptx

2013-11-06 01:51 - 2013-11-06 01:51 - 13079688 _____ (Microsoft Corporation) C:\Users\Tanja\Downloads\Silverlight_x64.exe

2013-11-04 13:15 - 2013-11-04 13:16 - 00027848 _____ C:\Users\Tanja\Downloads\8fe7f18bd82b9a4cde6f158f2d9fd5025980c71a (1).zip

2013-11-04 13:15 - 2013-11-04 13:15 - 00027848 _____ C:\Users\Tanja\Downloads\8fe7f18bd82b9a4cde6f158f2d9fd5025980c71a.zip

2013-11-03 05:08 - 2013-11-03 05:08 - 00031247 _____ C:\Users\Tanja\Downloads\greys-anatomy-tenth-season_english-811553.zip

2013-11-03 05:06 - 2013-11-03 05:06 - 00025007 _____ C:\Users\Tanja\Downloads\downton-abbey-fourth-season_english-809423.zip

 

==================== One Month Modified Files and Folders =======

 

2013-12-01 10:21 - 2013-12-01 10:15 - 00028035 _____ C:\FRST.txt

2013-12-01 10:17 - 2013-12-01 10:17 - 00360881 _____ (Farbar) C:\FSS.exe

2013-12-01 10:15 - 2013-12-01 10:15 - 01092187 _____ (Farbar) C:\FRST.exe

2013-12-01 10:15 - 2013-12-01 10:15 - 00000000 ____D C:\FRST

2013-12-01 10:15 - 2011-01-27 03:59 - 00000000 ____D C:\users\NeroMediaHomeUser.4

2013-12-01 10:15 - 2010-03-26 08:22 - 00000000 ____D C:\users\Tanja

2013-12-01 09:33 - 2010-03-26 08:15 - 01152851 _____ C:\Windows\WindowsUpdate.log

2013-12-01 09:32 - 2012-12-01 07:21 - 00006096 _____ C:\Windows\setupact.log

2013-12-01 09:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-01 07:31 - 2009-07-13 20:45 - 00023632 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-01 07:31 - 2009-07-13 20:45 - 00023632 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-01 07:30 - 2009-07-13 21:13 - 00005168 _____ C:\Windows\System32\PerfStringBackup.INI

2013-12-01 07:00 - 2012-12-01 07:20 - 00010032 _____ C:\Windows\PFRO.log

2013-12-01 06:52 - 2011-06-18 08:12 - 00000946 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-01 06:52 - 2010-03-26 08:43 - 00000958 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1965373907-516375047-4278981970-1000UA.job

2013-12-01 06:25 - 2012-04-06 11:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-12-01 04:06 - 2013-12-01 00:45 - 00000000 ____D C:\ProgramData\TuneUp Software

2013-12-01 03:54 - 2013-12-01 03:54 - 00002770 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013

2013-12-01 02:17 - 2013-12-01 02:17 - 00000000 ____D C:\Users\Tanja\AppData\Local\Avg2014

2013-12-01 01:02 - 2010-03-27 01:47 - 00000000 ____D C:\Program Files (x86)\ThreatFire

2013-12-01 00:51 - 2013-12-01 00:46 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014

2013-12-01 00:47 - 2013-12-01 00:47 - 00000000 ____D C:\Users\Tanja\AppData\Roaming\TuneUp Software

2013-12-01 00:45 - 2013-12-01 00:45 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

2013-12-01 00:44 - 2013-12-01 00:39 - 00000000 ____D C:\Program Files (x86)\Mobogenie

2013-12-01 00:43 - 2013-04-07 11:11 - 00000000 ____D C:\Users\Tanja\AppData\Roaming\OpenCandy

2013-12-01 00:41 - 2013-12-01 00:41 - 00000000 ____D C:\Program Files (x86)\SimilarSites

2013-12-01 00:41 - 2013-12-01 00:40 - 00000000 ____D C:\Users\Tanja\AppData\Local\Mobogenie

2013-12-01 00:41 - 2013-12-01 00:37 - 00000000 _____ C:\END

2013-12-01 00:40 - 2013-12-01 00:40 - 00000000 ____D C:\Users\Tanja\Documents\Mobogenie

2013-12-01 00:40 - 2013-12-01 00:40 - 00000000 ____D C:\Users\Tanja\AppData\Roaming\SimilarSites

2013-12-01 00:40 - 2013-12-01 00:40 - 00000000 ____D C:\Users\Tanja\AppData\Local\cache

2013-12-01 00:40 - 2013-12-01 00:40 - 00000000 _____ C:\Users\Tanja\daemonprocess.txt

2013-12-01 00:39 - 2013-12-01 00:39 - 00000000 ____D C:\Users\Tanja\Documents\SmileysWeLove

2013-11-30 15:04 - 2012-04-15 16:26 - 00000000 ____D C:\ProgramData\LogMeIn

2013-11-30 14:52 - 2011-06-18 08:12 - 00000942 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-11-30 14:52 - 2010-03-26 08:43 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1965373907-516375047-4278981970-1000Core.job

2013-11-30 14:40 - 2013-09-08 13:00 - 00030273 _____ C:\Users\Tanja\Desktop\DIJETA.xlsx

2013-11-29 00:09 - 2013-11-29 00:09 - 00068096 _____ C:\Users\Tanja\Downloads\ARBITRAZA.ppt

2013-11-27 13:26 - 2010-07-21 13:24 - 00000000 ____D C:\Users\Tanja\AppData\Roaming\uTorrent

2013-11-24 14:44 - 2013-11-24 14:44 - 00035328 _____ C:\Users\Tanja\Downloads\Dijeta (1).xls

2013-11-23 05:57 - 2013-11-23 05:53 - 00000000 ____D C:\Users\Tanja\AppData\Roaming\BSplayer

2013-11-23 05:54 - 2013-11-23 05:54 - 00001122 _____ C:\Users\Public\Desktop\BS.Player FREE.lnk

2013-11-23 05:53 - 2013-11-23 05:53 - 00000000 ____D C:\Users\Tanja\AppData\Roaming\BSplayer Pro

2013-11-23 05:53 - 2013-11-23 05:53 - 00000000 ____D C:\Program Files (x86)\Webteh

2013-11-23 05:51 - 2013-11-23 05:51 - 10511384 _____ C:\Users\Tanja\Downloads\bsplayer_installer.exe

2013-11-23 05:50 - 2013-11-23 05:49 - 01104216 _____ (Conduit) C:\Users\Tanja\Downloads\bsplayer266.1075.exe

2013-11-23 05:47 - 2013-11-23 05:47 - 00027585 _____ C:\Users\Tanja\Downloads\73eb7b495d1a398300a2670b56a678c8f039a7a1.zip

2013-11-22 10:01 - 2013-11-22 10:01 - 00015044 _____ C:\Users\Tanja\Downloads\aa98c255bfcd1bcdf935fe613cbb779236548263.zip

2013-11-22 09:58 - 2013-11-22 09:58 - 00012345 _____ C:\Users\Tanja\Downloads\75dc728f939d342b3f803554154a51f5b94c1309.zip

2013-11-22 09:55 - 2013-11-22 09:55 - 00016687 _____ C:\Users\Tanja\Downloads\e58463b164dc1e4430d9ca29b8e7971817716d6a.zip

2013-11-19 02:21 - 2010-02-09 22:18 - 00267936 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2013-11-18 23:43 - 2013-11-18 23:43 - 00865246 _____ C:\Users\Tanja\Downloads\Nikita - season 1.en.zip

2013-11-18 13:00 - 2013-11-18 13:00 - 00025890 _____ C:\Users\Tanja\Downloads\the.good.wife.the.next.month.(2013).eng.1cd.(5277374).zip

2013-11-18 06:53 - 2013-11-18 04:48 - 00036864 ____H C:\Users\Tanja\Desktop\~WRL0973.tmp

2013-11-18 04:40 - 2013-11-18 04:40 - 00027697 _____ C:\Users\Tanja\Downloads\ffc69ce723a4a70fe770e735cdbdc2a63215a5a4.zip

2013-11-18 03:13 - 2013-11-18 03:13 - 00027127 _____ C:\Users\Tanja\Downloads\03a2556c88a9026b938faf67e4b9bd6a2bd302a3 (2).zip

2013-11-18 03:13 - 2013-11-18 03:12 - 00027127 _____ C:\Users\Tanja\Downloads\03a2556c88a9026b938faf67e4b9bd6a2bd302a3.zip

2013-11-18 03:13 - 2013-11-18 03:12 - 00027127 _____ C:\Users\Tanja\Downloads\03a2556c88a9026b938faf67e4b9bd6a2bd302a3 (1).zip

2013-11-18 01:58 - 2013-11-18 01:58 - 00030537 _____ C:\Users\Tanja\Downloads\878c991c6d50b86f155989684cc8fd39c50ff4a1.zip

2013-11-18 01:03 - 2013-11-18 01:03 - 00000089 _____ C:\Users\Tanja\Downloads\POZIV (1)

2013-11-18 01:02 - 2013-11-18 01:02 - 00000089 _____ C:\Users\Tanja\Downloads\zvati jurcica za kljuc

2013-11-18 01:02 - 2013-11-18 01:02 - 00000089 _____ C:\Users\Tanja\Downloads\POZIV

2013-11-17 14:47 - 2013-11-17 14:47 - 00028496 _____ C:\Users\Tanja\Downloads\a0523ed07d8cfcb41f8a1050bb437020009f3601.zip

2013-11-17 09:07 - 2013-11-17 09:07 - 00031897 _____ C:\Users\Tanja\Downloads\downton-abbey-fourth-season_english-816550.zip

2013-11-16 12:31 - 2013-11-16 12:31 - 00001185 _____ C:\Users\Public\Desktop\GOM Player.lnk

2013-11-16 11:55 - 2013-11-16 11:55 - 00012708 _____ C:\Users\Tanja\Downloads\The Big Bang Theory_7x08_HDTV.en.zip

2013-11-16 11:49 - 2013-11-16 11:49 - 00015180 _____ C:\Users\Tanja\Downloads\cd25108e6b768a35fb2566a127fed1137f51eb23.zip

2013-11-16 11:47 - 2013-11-16 11:47 - 00016059 _____ C:\Users\Tanja\Downloads\85ed69fc27988f30b66f5c931219f84c84a8b01c.zip

2013-11-15 08:35 - 2013-11-15 08:35 - 00900691 _____ C:\Users\Tanja\Downloads\prilozi.zip

2013-11-14 12:36 - 2013-11-14 12:36 - 00024679 _____ C:\Users\Tanja\Downloads\51c1220d78193868b7f426529714a47c00fd60b2.zip

2013-11-13 12:22 - 2013-11-13 12:22 - 00021344 _____ C:\Users\Tanja\Downloads\493809-Downton-Abbey-2010-Dizi-23.976fps-EN-21kB-TurkceAltyazi.org.rar

2013-11-11 12:59 - 2010-03-30 08:38 - 00000000 ____D C:\Users\Tanja\AppData\Roaming\Mozilla

2013-11-11 12:46 - 2013-11-11 12:46 - 00025611 _____ C:\Users\Tanja\Downloads\044613405819462.zip

2013-11-11 12:39 - 2013-11-11 12:39 - 00024407 _____ C:\Users\Tanja\Downloads\8b2fa9fe6878443fcf6cb7407150e2ccce72a113.zip

2013-11-11 12:26 - 2012-05-15 09:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-11-11 12:26 - 2012-05-15 09:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-11-09 03:17 - 2013-11-09 03:17 - 00030588 _____ C:\Users\Tanja\Downloads\de0ad047dd63eec3f899f2f1fd4406a4f12b14ae.zip

2013-11-06 13:04 - 2013-11-06 13:04 - 00027499 _____ C:\Users\Tanja\Downloads\68b058a7252ce93ca75441534e7ab05ec3e9fd01 (1).zip

2013-11-06 13:03 - 2013-11-06 13:03 - 00312424 _____ (WinterSoft) C:\Users\Tanja\Downloads\hart-of-dixie-how-do-you-like-me-now-eng-5256663.exe

2013-11-06 13:03 - 2013-11-06 13:03 - 00027499 _____ C:\Users\Tanja\Downloads\68b058a7252ce93ca75441534e7ab05ec3e9fd01.zip

2013-11-06 13:01 - 2013-11-06 13:01 - 00026079 _____ C:\Users\Tanja\Downloads\2c72dd7122262c703e26d1ebb57c705eb21662e5.zip

2013-11-06 02:39 - 2013-11-06 02:39 - 00115648 _____ C:\Users\Tanja\Downloads\TechDays_Registration_Slide.pptx

2013-11-06 01:51 - 2013-11-06 01:51 - 13079688 _____ (Microsoft Corporation) C:\Users\Tanja\Downloads\Silverlight_x64.exe

2013-11-04 13:16 - 2013-11-04 13:15 - 00027848 _____ C:\Users\Tanja\Downloads\8fe7f18bd82b9a4cde6f158f2d9fd5025980c71a (1).zip

2013-11-04 13:15 - 2013-11-04 13:15 - 00027848 _____ C:\Users\Tanja\Downloads\8fe7f18bd82b9a4cde6f158f2d9fd5025980c71a.zip

2013-11-04 13:11 - 2012-04-15 16:26 - 00000000 ____D C:\Program Files (x86)\LogMeIn

2013-11-04 13:09 - 2012-04-15 16:26 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll

2013-11-04 13:09 - 2012-04-15 16:26 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll

2013-11-04 13:09 - 2012-04-15 16:26 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll

2013-11-03 05:08 - 2013-11-03 05:08 - 00031247 _____ C:\Users\Tanja\Downloads\greys-anatomy-tenth-season_english-811553.zip

2013-11-03 05:06 - 2013-11-03 05:06 - 00025007 _____ C:\Users\Tanja\Downloads\downton-abbey-fourth-season_english-809423.zip

 

Files to move or delete:

====================

C:\Users\Tanja\dnvyrt.exe

C:\Users\Tanja\UnCleaner v1.4 Setup.exe

 

 

==================== Known DLLs (Whitelisted) ================

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

 

==================== EXE ASSOCIATION =====================

 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

 

==================== Restore Points  =========================

 

 

==================== BCD ================================

 

Windows Boot Manager

--------------------

identifier              {bootmgr}

device                  partition=C:

description             Windows Boot Manager

locale                  en-US

inherit                 {globalsettings}

default                 {default}

resumeobject            {a6ad8d70-393d-11df-98ce-eaca52277887}

displayorder            {default}

toolsdisplayorder       {memdiag}

timeout                 30

 

Windows Boot Loader

-------------------

identifier              {default}

device                  partition=C:

path                    \Windows\system32\winload.exe

description             Windows 7

locale                  en-US

inherit                 {bootloadersettings}

recoverysequence        {current}

recoveryenabled         Yes

testsigning             Yes

osdevice                partition=C:

systemroot              \Windows

resumeobject            {a6ad8d70-393d-11df-98ce-eaca52277887}

nx                      OptIn

 

Windows Boot Loader

-------------------

identifier              {current}

device                  ramdisk=[C:]\Recovery\a6ad8d72-393d-11df-98ce-eaca52277887\Winre.wim,{a6ad8d73-393d-11df-98ce-eaca52277887}

path                    \windows\system32\winload.exe

description             Windows Recovery Environment

inherit                 {bootloadersettings}

osdevice                ramdisk=[C:]\Recovery\a6ad8d72-393d-11df-98ce-eaca52277887\Winre.wim,{a6ad8d73-393d-11df-98ce-eaca52277887}

systemroot              \windows

nx                      OptIn

winpe                   Yes

 

Resume from Hibernate

---------------------

identifier              {a6ad8d70-393d-11df-98ce-eaca52277887}

device                  partition=C:

path                    \Windows\system32\winresume.exe

description             Windows Resume Application

locale                  en-US

inherit                 {resumeloadersettings}

filedevice              partition=C:

filepath                \hiberfil.sys

debugoptionenabled      No

 

Windows Memory Tester

---------------------

identifier              {memdiag}

device                  partition=C:

path                    \boot\memtest.exe

description             Windows Memory Diagnostic

locale                  en-US

inherit                 {globalsettings}

badmemoryaccess         Yes

 

EMS Settings

------------

identifier              {emssettings}

bootems                 Yes

 

Debugger Settings

-----------------

identifier              {dbgsettings}

debugtype               Serial

debugport               1

baudrate                115200

 

RAM Defects

-----------

identifier              {badmemory}

 

Global Settings

---------------

identifier              {globalsettings}

inherit                 {dbgsettings}

                        {emssettings}

                        {badmemory}

 

Boot Loader Settings

--------------------

identifier              {bootloadersettings}

inherit                 {globalsettings}

                        {hypervisorsettings}

 

Hypervisor Settings

-------------------

identifier              {hypervisorsettings}

hypervisordebugtype     Serial

hypervisordebugport     1

hypervisorbaudrate      115200

 

Resume Loader Settings

----------------------

identifier              {resumeloadersettings}

inherit                 {globalsettings}

 

Device options

--------------

identifier              {a6ad8d73-393d-11df-98ce-eaca52277887}

description             Ramdisk Options

ramdisksdidevice        partition=C:

ramdisksdipath          \Recovery\a6ad8d72-393d-11df-98ce-eaca52277887\boot.sdi

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 15%

Total physical RAM: 3838.36 MB

Available physical RAM: 3250.38 MB

Total Pagefile: 3836.51 MB

Available Pagefile: 3242.99 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:148.89 GB) (Free:4.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (Data) (Fixed) (Total:147.73 GB) (Free:5.07 GB) NTFS

Drive e: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.13 GB) NTFS

Drive f: (U_ZEMLJI_CUDESA) (CDROM) (Total:5.72 GB) (Free:0 GB) UDF

Drive h: () (Removable) (Total:7.32 GB) (Free:0.54 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 847FBF92)

Partition 1: (Not Active) - (Size=1 GB) - (Type=27)

Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=148 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 7 GB) (Disk ID: 6F20736B)

No partition Table on disk 1.

Disk 1 is a removable device.

 

 

LastRegBack: 2013-12-01 04:35

 

==================== End Of Log ============================


Edited by n1Cola, 01 December 2013 - 01:54 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:12 AM

Posted 03 December 2013 - 10:33 AM

Topic closed at member's request.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users