Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Does not boot after usin defender offline


  • This topic is locked This topic is locked
35 replies to this topic

#1 monchoponcho

monchoponcho

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 23 January 2014 - 01:14 PM

I download FARBAR RECOVERY SCAN  TOOL and I am running it but it looks that is taken to much time is this normal? The computer was working well but had the alueron virus. after running the defender offline it does not boot from the hard drive only from the CD



BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:26 PM

Posted 27 January 2014 - 05:40 PM

monchoponcho,
 
:welcome: back to Bleeping Computer.
 
My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.
 
Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

In the upper right hand corner of the topic you will see the Follow This Topic button. Click on this then choose Receive Notification Immediately and then click Follow This Topic and you will be sent an email once I have posted a response and make the cleaning process faster.
 
Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.
 
 
FRST
Please download a NEW version of Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator"
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 monchoponcho

monchoponcho
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 27 January 2014 - 11:49 PM

monchoponcho,
 
:welcome: back to Bleeping Computer.
 
My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.
 
Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

In the upper right hand corner of the topic you will see the Follow This Topic button. Click on this then choose Receive Notification Immediately and then click Follow This Topic and you will be sent an email once I have posted a response and make the cleaning process faster.
 
Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.
 
 
FRST
Please download a NEW version of Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator"
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



#4 monchoponcho

monchoponcho
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 27 January 2014 - 11:54 PM

Thank you Jason. I downloaded a new version of Farbar Recovery Scan Tool I
ran it from a flash drive because my computer is not booting at all. It
beeps twice and keep doing this as a loop. Attached you will find the TXT
file, the scan generated. it did not generate an addition.txt. file.
Thank you for your help.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2014

Ran by SYSTEM on MININT-472IEM8 on 27-01-2014 23:19:21
Running from J:\
Windows 7 Ultimate (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [262656 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxsrvc.dll (Intel Corporation)
HKU\USER\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2010-12-13] (Google Inc.)
HKU\USER\...\Run: [Upromise Update] - C:\Program Files\Upromise\dca-ua.exe [ 2010-12-02] (Compete, Inc.)
HKU\USER\...\Run: [Upromise Tray] - C:\Program Files\Upromise\UpromiseTray.exe [ 2010-12-14] (Upromise, Inc.)
HKU\USER\...\Run: [Shop To Win] - C:\Program Files\Shop To Win\ShopToWin.exe [ 2012-05-02] (Jackpot Rewards)
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
========================== Services (Whitelisted) =================
 
S2 .AVQWindowsMonitorService; C:\Program Files\Avanquest\Fix-It\AVQWinMonEngine.exe [311032 2012-09-27] (Avanquest Software)
S2 AQFileRestoreSrv; C:\Program Files\Avanquest\Fix-It\AQFileRestoreSrv.exe [81328 2012-09-27] (Avanquest Software)
S2 Fix-It Task Manager; C:\Program Files\Avanquest\Fix-It\MXTask.exe [537608 2012-09-27] (Avanquest Software)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S2 BringMeSports_1cService; C:\PROGRA~1\BRINGM~2\bar\1.bin\1cbarsvc.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 AQFileRestore; C:\Windows\System32\DRIVERS\AQFileRestore.sys [17272 2012-09-27] ()
S3 HCWBT8xx; C:\Windows\System32\drivers\HCWBT8XX.sys [280644 2002-02-28] (Hauppauge Computer Works)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S1 MpKsl9135b9f1; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E705140C-570B-41B0-8222-E8B9E3163DB1}\MpKsl9135b9f1.sys [40392 2014-01-21] (Microsoft Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-25 19:15 - 2014-01-25 19:15 - 268435456 ___SH C:\WinPEpge.sys
2014-01-25 19:15 - 2014-01-25 19:15 - 00000000 ____D C:\$WINDOWS.~BT
2014-01-25 19:15 - 2010-12-13 22:34 - 00250048 __RSH C:\ntldr
2014-01-22 13:45 - 2014-01-22 13:45 - 00000000 ____D C:\FRST
2014-01-21 15:15 - 2002-01-01 09:23 - 00000000 ____D C:\Windows\Microsoft Antimalware
2014-01-20 21:08 - 2014-01-23 22:37 - 00000000 ____D C:\993a91be3d7a2279a496
2014-01-20 20:56 - 2014-01-20 21:09 - 00000000 ____D C:\Windows\System32\MpEngineStore
2014-01-20 20:46 - 2014-01-20 20:46 - 00005126 _____ C:\Windows\System32\PerfStringBackup.TMP
2014-01-20 20:37 - 2014-01-20 20:37 - 00140416 _____ C:\Windows\Minidump\012014-42625-01.dmp
2014-01-20 19:50 - 2014-01-20 19:50 - 00002170 _____ C:\Users\Public\Desktop\Google Earth.lnk
2014-01-20 19:01 - 2013-10-22 23:19 - 04318496 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2014-01-20 19:01 - 2013-10-22 23:19 - 03426956 _____ C:\Windows\System32\nvcoproc.bin
2014-01-20 19:01 - 2013-10-22 23:19 - 03036448 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc.dll
2014-01-20 19:01 - 2013-10-22 23:19 - 02555168 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2014-01-20 19:01 - 2013-10-22 23:19 - 00664352 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2014-01-20 19:01 - 2013-10-22 23:19 - 00209184 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2014-01-20 19:01 - 2013-10-22 23:19 - 00062752 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2014-01-20 18:57 - 2013-10-27 06:13 - 00053024 _____ (Khronos Group) C:\Windows\System32\OpenCL.dll
2014-01-20 18:56 - 2014-01-23 22:37 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2014-01-20 18:56 - 2014-01-20 18:56 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2014-01-20 18:33 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2014-01-20 18:33 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2014-01-20 18:24 - 2013-10-24 20:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-01-20 18:24 - 2013-10-24 20:45 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-01-20 18:24 - 2013-10-24 20:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-01-20 18:24 - 2013-10-24 19:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-01-20 18:24 - 2013-10-24 18:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2014-01-20 18:23 - 2013-10-24 20:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-01-20 18:06 - 2014-01-23 22:35 - 00000000 ____D C:\Windows\System32\MRT
2014-01-20 17:07 - 2013-11-26 03:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2014-01-20 17:07 - 2013-09-07 18:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-01-20 17:07 - 2013-06-14 19:40 - 00918528 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2014-01-20 17:07 - 2013-06-14 19:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2014-01-20 17:06 - 2013-11-26 02:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-01-20 16:57 - 2013-09-13 16:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-01-20 16:57 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2014-01-20 16:57 - 2013-06-25 14:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2014-01-20 16:45 - 2014-01-20 16:45 - 00140416 _____ C:\Windows\Minidump\012014-30093-01.dmp
2014-01-20 12:40 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2014-01-20 12:40 - 2013-07-02 20:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2014-01-20 12:40 - 2013-07-02 19:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2014-01-20 12:40 - 2013-07-02 19:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2014-01-20 12:39 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2014-01-20 12:39 - 2013-07-08 20:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2014-01-20 12:37 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2014-01-20 12:37 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2014-01-20 12:37 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2014-01-20 12:35 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll
2014-01-20 12:35 - 2013-09-24 18:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-01-20 12:35 - 2013-09-24 18:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2014-01-20 12:35 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-01-20 12:35 - 2013-09-24 17:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2014-01-20 12:35 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2014-01-20 12:35 - 2013-09-24 17:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-01-20 12:35 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-01-20 12:35 - 2013-09-24 16:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2014-01-20 12:35 - 2013-09-24 16:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2014-01-20 12:35 - 2013-07-04 04:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2014-01-20 12:34 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2014-01-20 12:34 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2014-01-20 12:34 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2014-01-20 12:34 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2014-01-20 12:34 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2014-01-20 12:34 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2014-01-20 12:32 - 2013-08-01 03:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2014-01-20 12:31 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-01-20 12:28 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-01-20 12:28 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2014-01-20 12:18 - 2013-07-12 02:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2014-01-20 11:32 - 2013-08-27 16:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2014-01-20 11:24 - 2013-10-03 17:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2014-01-20 11:24 - 2013-10-03 17:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2014-01-20 11:19 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2014-01-20 11:18 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2014-01-20 11:18 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2014-01-20 11:18 - 2013-07-04 01:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2014-01-20 11:17 - 2013-10-02 17:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-01-20 11:16 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2014-01-20 11:16 - 2013-10-11 18:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2014-01-20 11:16 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2014-01-20 11:16 - 2013-08-04 17:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2014-01-20 11:15 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2014-01-20 11:15 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2014-01-20 11:15 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2014-01-12 04:21 - 2014-01-20 11:39 - 00000000 ____D C:\2d13e14cfa611b384282e2d37ea4
2014-01-11 11:15 - 2014-01-11 11:15 - 00000000 ____D C:\4e60b952ee8d8a08bd1788c18711e7
2014-01-11 11:06 - 2014-01-11 11:06 - 00140464 _____ C:\Windows\Minidump\011114-30203-01.dmp
2014-01-11 10:55 - 2014-01-11 10:55 - 00000000 ____D C:\08c9e4f3578fc658dc
2014-01-11 10:45 - 2014-01-11 10:45 - 00140464 _____ C:\Windows\Minidump\011114-38250-01.dmp
2013-12-30 06:33 - 2013-12-30 06:33 - 00140416 _____ C:\Windows\Minidump\123013-39328-01.dmp
 
==================== One Month Modified Files and Folders =======
 
2014-01-25 19:15 - 2014-01-25 19:15 - 268435456 ___SH C:\WinPEpge.sys
2014-01-25 19:15 - 2014-01-25 19:15 - 00000000 ____D C:\$WINDOWS.~BT
2014-01-23 22:37 - 2014-01-20 21:08 - 00000000 ____D C:\993a91be3d7a2279a496
2014-01-23 22:37 - 2014-01-20 18:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2014-01-23 22:37 - 2011-02-04 20:25 - 00000000 ____D C:\Windows\Minidump
2014-01-23 22:37 - 2011-01-16 14:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2014-01-23 22:37 - 2010-12-13 23:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-23 22:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2014-01-23 22:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Help
2014-01-23 22:37 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-23 22:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2014-01-23 22:35 - 2014-01-20 18:06 - 00000000 ____D C:\Windows\System32\MRT
2014-01-23 22:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-23 22:33 - 2010-12-13 23:58 - 00000000 ____D C:\Program Files\Google
2014-01-23 21:46 - 2011-02-06 17:50 - 00000968 _____ C:\Users\USER\Desktop\My Pictures.lnk
2014-01-22 13:45 - 2014-01-22 13:45 - 00000000 ____D C:\FRST
2014-01-21 06:00 - 2010-12-14 02:03 - 01131148 _____ C:\Windows\WindowsUpdate.log
2014-01-21 05:53 - 2012-07-18 14:28 - 00041087 _____ C:\Windows\setupact.log
2014-01-20 21:09 - 2014-01-20 20:56 - 00000000 ____D C:\Windows\System32\MpEngineStore
2014-01-20 21:09 - 2009-07-13 20:34 - 00017168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-20 21:09 - 2009-07-13 20:34 - 00017168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-20 20:46 - 2014-01-20 20:46 - 00005126 _____ C:\Windows\System32\PerfStringBackup.TMP
2014-01-20 20:37 - 2014-01-20 20:37 - 00140416 _____ C:\Windows\Minidump\012014-42625-01.dmp
2014-01-20 20:35 - 2010-12-13 23:17 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2014-01-20 20:25 - 2012-07-18 14:28 - 00018214 _____ C:\Windows\PFRO.log
2014-01-20 20:25 - 2009-07-13 20:33 - 00409752 _____ C:\Windows\System32\FNTCACHE.DAT
2014-01-20 19:50 - 2014-01-20 19:50 - 00002170 _____ C:\Users\Public\Desktop\Google Earth.lnk
2014-01-20 18:56 - 2014-01-20 18:56 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2014-01-20 16:45 - 2014-01-20 16:45 - 00140416 _____ C:\Windows\Minidump\012014-30093-01.dmp
2014-01-20 11:39 - 2014-01-12 04:21 - 00000000 ____D C:\2d13e14cfa611b384282e2d37ea4
2014-01-20 09:19 - 2012-07-23 10:29 - 00002155 _____ C:\Windows\epplauncher.mif
2014-01-20 09:17 - 2012-07-23 10:28 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-18 23:32 - 2010-12-13 23:48 - 00231584 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-01-11 11:15 - 2014-01-11 11:15 - 00000000 ____D C:\4e60b952ee8d8a08bd1788c18711e7
2014-01-11 11:06 - 2014-01-11 11:06 - 00140464 _____ C:\Windows\Minidump\011114-30203-01.dmp
2014-01-11 10:55 - 2014-01-11 10:55 - 00000000 ____D C:\08c9e4f3578fc658dc
2014-01-11 10:45 - 2014-01-11 10:45 - 00140464 _____ C:\Windows\Minidump\011114-38250-01.dmp
2014-01-06 13:20 - 2013-06-02 10:26 - 83425928 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-12-30 07:25 - 2012-04-24 14:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-12-30 07:25 - 2012-03-03 19:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-12-30 06:33 - 2013-12-30 06:33 - 00140416 _____ C:\Windows\Minidump\123013-39328-01.dmp
 
Some content of TEMP:
====================
C:\Users\USER\AppData\Local\Temp\contentDATs.exe
C:\Users\USER\AppData\Local\Temp\googleupdatesetup.exe
C:\Users\USER\AppData\Local\Temp\iMesh_setup.exe
C:\Users\USER\AppData\Local\Temp\mpam-90bb48a7.exe
C:\Users\USER\AppData\Local\Temp\mpam-f583e347.exe
C:\Users\USER\AppData\Local\Temp\mpam-f62bafc8.exe
C:\Users\USER\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\USER\AppData\Local\Temp\SetupDataMngr_iMesh.exe
C:\Users\USER\AppData\Local\Temp\SkypeSetup.exe
C:\Users\USER\AppData\Local\Temp\{3613464C-6000-4152-90FE-8BD50329FC2E}-31.0.1650.63_chrome_installer.exe
C:\Users\USER\AppData\Local\Temp\{55E0C28E-0304-4780-B662-BF6C524551D5}-31.0.1650.63_chrome_installer.exe
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2014-01-21 06:02:21
 
==================== Memory info =========================== 
 
Percentage of memory in use: 40%
Total physical RAM: 1014.8 MB
Available physical RAM: 608.68 MB
Total Pagefile: 1014.8 MB
Available Pagefile: 614.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.2 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:180.29 GB) (Free:29.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Repair disc Windows 7 32-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
Drive j: (WDO_MEDIA32) (Removable) (Total:14.89 GB) (Free:14.89 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 186 GB) (Disk ID: 18387C7D)
Partition 1: (Not Active) - (Size=6 GB) - (Type=12)
Partition 2: (Active) - (Size=180 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
 
 
LastRegBack: 2013-07-24 17:25
 
==================== End Of Log ============================


#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:26 PM

Posted 28 January 2014 - 04:36 PM

==================== Drives ================================
 
Drive c: () (Fixed) (Total:180.29 GB) (Free:29.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Repair disc Windows 7 32-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
Drive j: (WDO_MEDIA32) (Removable) (Total:14.89 GB) (Free:14.89 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 186 GB) (Disk ID: 18387C7D)
Partition 1: (Not Active) - (Size=6 GB) - (Type=12)
Partition 2: (Active) - (Size=180 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
 
 
LastRegBack: 2013-07-24 17:25
 
==================== End Of Log ============================

 

Do you have Windows XP installed in a separate partition from Windows 7?

 

 

ListParts

  • Download ListParts to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

W7InstallDisk2.png

  • Select the Command Prompt option.
  • A command window will open.
  • Type notepad then hit Enter.
  • Notepad will open.
  • Click File > Open then select Computer.
  • Note down the drive letter for your USB Drive.
  • Close Notepad.

Back in the Command Prompt window....

  • Type E:\listparts.exe and hit Enter (where E: is replaced by the drive letter for your USB drive)
  • ListParts will start to run.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on the flash drive.
  • Close the command window.

Please post the Result.txt log.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 monchoponcho

monchoponcho
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 28 January 2014 - 09:01 PM

Thank you Jason.

No i do not have XP in this machine.

 

ListParts by Farbar Version: 20-10-2013
Ran by SYSTEM (administrator) on 28-01-2014 at 20:49:15
Windows 7 (X86)
Running From: J:\
Language: 0409
************************************************************
 
========================= Memory info ====================== 
 
Percentage of memory in use: 30%
Total physical RAM: 1022.8 MB
Available physical RAM: 713.05 MB
Total Pagefile: 1022.8 MB
Available Pagefile: 705.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.54 MB
 
======================= Partitions =========================
 
1 Drive c: () (Fixed) (Total:180.29 GB) (Free:29.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Repair disc Windows 7 32-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
8 Drive j: (WDO_MEDIA32) (Removable) (Total:14.89 GB) (Free:14.89 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          186 GB     9 MB         
  Disk 1    No Media           0 B      0 B         
  Disk 2    No Media           0 B      0 B         
  Disk 3    No Media           0 B      0 B         
  Disk 4    No Media           0 B      0 B         
  Disk 5    Online           14 GB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: 18387C7D
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    OEM               6149 MB    31 KB
  Partition 2    Primary            180 GB  6149 MB
 
======================================================================================================
 
Disk: 0
Partition 1
Type  : 12
Hidden: Yes
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 8                      NTFS   Partition   6149 MB  Healthy    Hidden  
 
======================================================================================================
 
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    180 GB  Healthy            
 
======================================================================================================
 
Partitions of Disk 5:
===============
 
Disk ID: 00000000
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             14 GB    16 KB
 
======================================================================================================
 
Disk: 5
Partition 1
Type  : 0C
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 7     J   WDO_MEDIA32  FAT32  Removable     14 GB  Healthy            
 
======================================================================================================
============================== MBR Partition Table ==================
 
==============================
Partitions of Disk 0:
===============
Disk ID: 18387C7D
Partition 1: (Not Active) - (Size=6 GB) - (Type=12)
Partition 2: (Active) - (Size=180 GB) - (Type=07 NTFS)
 
==============================
Partitions of Disk 5:
===============
Disk ID: 00000000
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
 
 
****** End Of Log ****** 


#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:26 PM

Posted 28 January 2014 - 09:10 PM

monchoponcho,

Just clarifying - you mentioned that your computer beeps twice and then loops. Please explain this some more - do you see the Windows 7 loading screen, shown below? Or does it beep twice and then automatically restarts before you get to this screen?
 
installing-win7_client_2.gif


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 monchoponcho

monchoponcho
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 28 January 2014 - 09:37 PM

No it never gets to this window. it only shows the vaio logo an beeps, shows a cursor and then beeps again and shows the vaio logo again and the same all the time.

Thanks.



#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:26 PM

Posted 28 January 2014 - 10:36 PM

What model Vaio computer is it?


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 monchoponcho

monchoponcho
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 29 January 2014 - 10:18 AM

VGC-RB43



#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:26 PM

Posted 29 January 2014 - 12:58 PM

Try resetting the BIOS: https://us.en.kb.sony.com/app/answers/detail/a_id/35240

Let me know if you have any questions.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 monchoponcho

monchoponcho
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 29 January 2014 - 03:20 PM

I went to link and followed the steps. but still it does not boot It keeps doing the same thing.

Thanks 



#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:26 PM

Posted 30 January 2014 - 10:44 AM

monchoponcho,

Please download a NEW version of Farbar Recovery Scan Tool (it's been updated) and save it to your flash drive.

  • Run FRST from your flash drive in the recovery environment, like we've done previously.
  • When the tool opens, click Yes to disclaimer.
  • Check the List BCD checkmark under Optional Scan.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 monchoponcho

monchoponcho
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 30 January 2014 - 08:43 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014 01
Ran by SYSTEM on MININT-5C6S7GL on 30-01-2014 20:25:30
Running from J:\
Windows 7 Ultimate (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [262656 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxsrvc.dll (Intel Corporation)
HKU\USER\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2010-12-13] (Google Inc.)
HKU\USER\...\Run: [Upromise Update] - C:\Program Files\Upromise\dca-ua.exe [ 2010-12-02] (Compete, Inc.)
HKU\USER\...\Run: [Upromise Tray] - C:\Program Files\Upromise\UpromiseTray.exe [ 2010-12-14] (Upromise, Inc.)
HKU\USER\...\Run: [Shop To Win] - C:\Program Files\Shop To Win\ShopToWin.exe [ 2012-05-02] (Jackpot Rewards)
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
========================== Services (Whitelisted) =================
 
S2 .AVQWindowsMonitorService; C:\Program Files\Avanquest\Fix-It\AVQWinMonEngine.exe [311032 2012-09-27] (Avanquest Software)
S2 AQFileRestoreSrv; C:\Program Files\Avanquest\Fix-It\AQFileRestoreSrv.exe [81328 2012-09-27] (Avanquest Software)
S2 Fix-It Task Manager; C:\Program Files\Avanquest\Fix-It\MXTask.exe [537608 2012-09-27] (Avanquest Software)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S2 BringMeSports_1cService; C:\PROGRA~1\BRINGM~2\bar\1.bin\1cbarsvc.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 AQFileRestore; C:\Windows\System32\DRIVERS\AQFileRestore.sys [17272 2012-09-27] ()
S3 HCWBT8xx; C:\Windows\System32\drivers\HCWBT8XX.sys [280644 2002-02-28] (Hauppauge Computer Works)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S1 MpKsl9135b9f1; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E705140C-570B-41B0-8222-E8B9E3163DB1}\MpKsl9135b9f1.sys [40392 2014-01-21] (Microsoft Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-25 19:15 - 2014-01-25 19:15 - 00000000 ____D C:\$WINDOWS.~BT
2014-01-25 19:15 - 2010-12-13 22:34 - 00250048 __RSH C:\ntldr
2014-01-22 13:45 - 2014-01-30 20:25 - 00000000 ____D C:\FRST
2014-01-21 15:15 - 2002-01-01 09:23 - 00000000 ____D C:\Windows\Microsoft Antimalware
2014-01-20 21:08 - 2014-01-29 21:19 - 00000000 ____D C:\993a91be3d7a2279a496
2014-01-20 20:56 - 2014-01-20 21:09 - 00000000 ____D C:\Windows\System32\MpEngineStore
2014-01-20 20:46 - 2014-01-20 20:46 - 00005126 _____ C:\Windows\System32\PerfStringBackup.TMP
2014-01-20 20:37 - 2014-01-20 20:37 - 00140416 _____ C:\Windows\Minidump\012014-42625-01.dmp
2014-01-20 19:50 - 2014-01-20 19:50 - 00002170 _____ C:\Users\Public\Desktop\Google Earth.lnk
2014-01-20 19:01 - 2013-10-22 23:19 - 04318496 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2014-01-20 19:01 - 2013-10-22 23:19 - 03426956 _____ C:\Windows\System32\nvcoproc.bin
2014-01-20 19:01 - 2013-10-22 23:19 - 03036448 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc.dll
2014-01-20 19:01 - 2013-10-22 23:19 - 02555168 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2014-01-20 19:01 - 2013-10-22 23:19 - 00664352 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2014-01-20 19:01 - 2013-10-22 23:19 - 00209184 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2014-01-20 19:01 - 2013-10-22 23:19 - 00062752 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2014-01-20 18:57 - 2013-10-27 06:13 - 00053024 _____ (Khronos Group) C:\Windows\System32\OpenCL.dll
2014-01-20 18:56 - 2014-01-29 21:19 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2014-01-20 18:56 - 2014-01-20 18:56 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2014-01-20 18:33 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2014-01-20 18:33 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2014-01-20 18:24 - 2013-10-24 20:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-01-20 18:24 - 2013-10-24 20:45 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-01-20 18:24 - 2013-10-24 20:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-01-20 18:24 - 2013-10-24 20:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-01-20 18:24 - 2013-10-24 19:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-01-20 18:24 - 2013-10-24 18:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2014-01-20 18:23 - 2013-10-24 20:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-01-20 18:06 - 2014-01-29 21:15 - 00000000 ____D C:\Windows\System32\MRT
2014-01-20 17:07 - 2013-11-26 03:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2014-01-20 17:07 - 2013-09-07 18:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-01-20 17:07 - 2013-06-14 19:40 - 00918528 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2014-01-20 17:07 - 2013-06-14 19:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2014-01-20 17:06 - 2013-11-26 02:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-01-20 16:57 - 2013-09-13 16:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-01-20 16:57 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2014-01-20 16:57 - 2013-06-25 14:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2014-01-20 16:45 - 2014-01-20 16:45 - 00140416 _____ C:\Windows\Minidump\012014-30093-01.dmp
2014-01-20 12:40 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2014-01-20 12:40 - 2013-07-02 20:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2014-01-20 12:40 - 2013-07-02 19:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2014-01-20 12:40 - 2013-07-02 19:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2014-01-20 12:39 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2014-01-20 12:39 - 2013-07-08 20:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2014-01-20 12:37 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2014-01-20 12:37 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2014-01-20 12:37 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2014-01-20 12:35 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll
2014-01-20 12:35 - 2013-09-24 18:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-01-20 12:35 - 2013-09-24 18:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2014-01-20 12:35 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-01-20 12:35 - 2013-09-24 17:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2014-01-20 12:35 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2014-01-20 12:35 - 2013-09-24 17:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-01-20 12:35 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-01-20 12:35 - 2013-09-24 16:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2014-01-20 12:35 - 2013-09-24 16:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2014-01-20 12:35 - 2013-07-04 04:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2014-01-20 12:34 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2014-01-20 12:34 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2014-01-20 12:34 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2014-01-20 12:34 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2014-01-20 12:34 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2014-01-20 12:34 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2014-01-20 12:32 - 2013-08-01 03:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2014-01-20 12:31 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-01-20 12:28 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-01-20 12:28 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2014-01-20 12:18 - 2013-07-12 02:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2014-01-20 11:32 - 2013-08-27 16:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2014-01-20 11:24 - 2013-10-03 17:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2014-01-20 11:24 - 2013-10-03 17:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2014-01-20 11:19 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2014-01-20 11:18 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2014-01-20 11:18 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2014-01-20 11:18 - 2013-07-04 01:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2014-01-20 11:17 - 2013-10-02 17:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-01-20 11:16 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2014-01-20 11:16 - 2013-10-11 18:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2014-01-20 11:16 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2014-01-20 11:16 - 2013-08-04 17:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2014-01-20 11:15 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2014-01-20 11:15 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2014-01-20 11:15 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2014-01-12 04:21 - 2014-01-20 11:39 - 00000000 ____D C:\2d13e14cfa611b384282e2d37ea4
2014-01-11 11:15 - 2014-01-11 11:15 - 00000000 ____D C:\4e60b952ee8d8a08bd1788c18711e7
2014-01-11 11:06 - 2014-01-11 11:06 - 00140464 _____ C:\Windows\Minidump\011114-30203-01.dmp
2014-01-11 10:55 - 2014-01-11 10:55 - 00000000 ____D C:\08c9e4f3578fc658dc
2014-01-11 10:45 - 2014-01-11 10:45 - 00140464 _____ C:\Windows\Minidump\011114-38250-01.dmp
 
==================== One Month Modified Files and Folders =======
 
2014-01-30 20:25 - 2014-01-22 13:45 - 00000000 ____D C:\FRST
2014-01-29 21:20 - 2012-06-04 18:15 - 00000000 ____D C:\Users\USER\AppData\Roaming\Skype
2014-01-29 21:20 - 2012-05-19 09:41 - 00000000 ____D C:\Users\USER\AppData\Local\RivalGaming
2014-01-29 21:20 - 2011-02-06 18:02 - 00000000 ____D C:\Users\USER\Desktop\Libraries
2014-01-29 21:20 - 2011-02-04 20:25 - 00000000 ____D C:\Windows\Minidump
2014-01-29 21:20 - 2010-12-19 19:30 - 00000000 ____D C:\Users\USER\AppData\Roaming\Vivox
2014-01-29 21:20 - 2010-12-19 14:47 - 00000000 ____D C:\Users\USER\AppData\Roaming\IMVUClient
2014-01-29 21:20 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2014-01-29 21:20 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-29 21:20 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Help
2014-01-29 21:19 - 2014-01-20 21:08 - 00000000 ____D C:\993a91be3d7a2279a496
2014-01-29 21:19 - 2014-01-20 18:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2014-01-29 21:19 - 2011-01-16 14:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2014-01-29 21:19 - 2010-12-13 23:37 - 00000000 ____D C:\Users\USER\AppData\Local\Microsoft Help
2014-01-29 21:19 - 2010-12-13 23:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-29 21:19 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-29 21:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2014-01-29 21:15 - 2014-01-20 18:06 - 00000000 ____D C:\Windows\System32\MRT
2014-01-29 21:13 - 2012-11-02 12:29 - 00000000 ____D C:\Users\USER\AppData\Roaming\Avanquest
2014-01-29 21:13 - 2011-08-07 07:39 - 00000000 ____D C:\Users\USER\Documents\Fax
2014-01-29 21:13 - 2010-12-19 14:47 - 00000000 ____D C:\Users\USER\AppData\Roaming\Mozilla
2014-01-29 21:13 - 2010-12-13 23:58 - 00000000 ____D C:\Users\USER\AppData\Roaming\Macromedia
2014-01-29 21:13 - 2010-12-13 23:58 - 00000000 ____D C:\Users\USER\AppData\Roaming\Adobe
2014-01-29 21:06 - 2010-12-18 13:04 - 00000000 ____D C:\Users\USER\AppData\Local\Microsoft Games
2014-01-29 21:06 - 2010-12-13 23:58 - 00000000 ____D C:\Users\USER\AppData\Local\Google
2014-01-29 21:05 - 2010-12-13 23:58 - 00000000 ____D C:\Program Files\Google
2014-01-25 19:15 - 2014-01-25 19:15 - 00000000 ____D C:\$WINDOWS.~BT
2014-01-21 06:00 - 2010-12-14 02:03 - 01131148 _____ C:\Windows\WindowsUpdate.log
2014-01-21 05:53 - 2012-07-18 14:28 - 00041087 _____ C:\Windows\setupact.log
2014-01-20 21:09 - 2014-01-20 20:56 - 00000000 ____D C:\Windows\System32\MpEngineStore
2014-01-20 21:09 - 2009-07-13 20:34 - 00017168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-20 21:09 - 2009-07-13 20:34 - 00017168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-20 20:46 - 2014-01-20 20:46 - 00005126 _____ C:\Windows\System32\PerfStringBackup.TMP
2014-01-20 20:37 - 2014-01-20 20:37 - 00140416 _____ C:\Windows\Minidump\012014-42625-01.dmp
2014-01-20 20:35 - 2010-12-13 23:17 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2014-01-20 20:25 - 2012-07-18 14:28 - 00018214 _____ C:\Windows\PFRO.log
2014-01-20 20:25 - 2009-07-13 20:33 - 00409752 _____ C:\Windows\System32\FNTCACHE.DAT
2014-01-20 19:50 - 2014-01-20 19:50 - 00002170 _____ C:\Users\Public\Desktop\Google Earth.lnk
2014-01-20 18:56 - 2014-01-20 18:56 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2014-01-20 16:45 - 2014-01-20 16:45 - 00140416 _____ C:\Windows\Minidump\012014-30093-01.dmp
2014-01-20 11:39 - 2014-01-12 04:21 - 00000000 ____D C:\2d13e14cfa611b384282e2d37ea4
2014-01-20 09:19 - 2012-07-23 10:29 - 00002155 _____ C:\Windows\epplauncher.mif
2014-01-20 09:17 - 2012-07-23 10:28 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-18 23:32 - 2010-12-13 23:48 - 00231584 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-01-11 11:15 - 2014-01-11 11:15 - 00000000 ____D C:\4e60b952ee8d8a08bd1788c18711e7
2014-01-11 11:06 - 2014-01-11 11:06 - 00140464 _____ C:\Windows\Minidump\011114-30203-01.dmp
2014-01-11 10:55 - 2014-01-11 10:55 - 00000000 ____D C:\08c9e4f3578fc658dc
2014-01-11 10:45 - 2014-01-11 10:45 - 00140464 _____ C:\Windows\Minidump\011114-38250-01.dmp
2014-01-06 13:20 - 2013-06-02 10:26 - 83425928 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\USER\AppData\Local\Temp\contentDATs.exe
C:\Users\USER\AppData\Local\Temp\googleupdatesetup.exe
C:\Users\USER\AppData\Local\Temp\iMesh_setup.exe
C:\Users\USER\AppData\Local\Temp\mpam-90bb48a7.exe
C:\Users\USER\AppData\Local\Temp\mpam-f583e347.exe
C:\Users\USER\AppData\Local\Temp\mpam-f62bafc8.exe
C:\Users\USER\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\USER\AppData\Local\Temp\SetupDataMngr_iMesh.exe
C:\Users\USER\AppData\Local\Temp\SkypeSetup.exe
C:\Users\USER\AppData\Local\Temp\{3613464C-6000-4152-90FE-8BD50329FC2E}-31.0.1650.63_chrome_installer.exe
C:\Users\USER\AppData\Local\Temp\{55E0C28E-0304-4780-B662-BF6C524551D5}-31.0.1650.63_chrome_installer.exe
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {bb684662-0768-11e0-b848-e3d07265e426}
displayorder            {default}
bootsequence            {memdiag}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {bb684664-0768-11e0-b848-e3d07265e426}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {bb684662-0768-11e0-b848-e3d07265e426}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {bb684664-0768-11e0-b848-e3d07265e426}
device                  ramdisk=[C:]\Recovery\bb684664-0768-11e0-b848-e3d07265e426\Winre.wim,{bb684665-0768-11e0-b848-e3d07265e426}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\bb684664-0768-11e0-b848-e3d07265e426\Winre.wim,{bb684665-0768-11e0-b848-e3d07265e426}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {bb684662-0768-11e0-b848-e3d07265e426}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description             Earlier Version of Windows
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {bb684665-0768-11e0-b848-e3d07265e426}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\bb684664-0768-11e0-b848-e3d07265e426\boot.sdi
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 39%
Total physical RAM: 1022.8 MB
Available physical RAM: 620.86 MB
Total Pagefile: 1022.8 MB
Available Pagefile: 625.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.41 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:180.29 GB) (Free:33.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Repair disc Windows 7 32-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
Drive j: (WDO_MEDIA32) (Removable) (Total:14.89 GB) (Free:14.89 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 186 GB) (Disk ID: 18387C7D)
Partition 1: (Not Active) - (Size=6 GB) - (Type=12)
Partition 2: (Active) - (Size=180 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
 
 
LastRegBack: 2013-07-24 17:25
 
==================== End Of Log ============================


#15 monchoponcho

monchoponcho
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 30 January 2014 - 08:44 PM

Thank you Jason for your help this is driving me crazy.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users