New
#11
ok i could only download the windef offline in safe mode , and can create the disc only in normal mode
my Q is: should i choose A) blank disk
or C) blank disc ISO file
ok i could only download the windef offline in safe mode , and can create the disc only in normal mode
my Q is: should i choose A) blank disk
or C) blank disc ISO file
ok i put the ISO file to disc, did a full scan and the WDO didnt come up with anything so it would appear the system is all clear :)
so whats next guys??
# **********************INSTRUCTIONS**************************
# STEP 1 ** RUN POWERSHELL AS ADMINISTRATOR ******************
# ************************************************************
#
# WIN key | type POWERSHELL | do NOT hit ENTER |
# in the PROGRAMS list, right-click on WINDOWS POWERSHELL |
# choose "Run as administrator" |
# Click on the YES button (if such appears)
#
# WIN key = key with Microsoft log on top
#
# for the guru:
# WIN | type POWERSHELL | CTRL+SHIFT+ENTER key combo | ALT+Y keycombo
# ************************************************************
# STEP 2 ** COPY AND PASTE ***********************************
# ************************************************************
#
# COPY the script using CTRL+C,
# COPY every line of script down thru both EXIT statements
#
# PASTE into Powershell
#----Right-Click at the PowerShell Prompt
#----(Ctrl+V does not work)
#
# Start copying with first script line without a # at start of the line
# Note: Actually, you can paste the entire file if you rather
#-------Lines starting with a # are ignored by PowerShell
# ************************************************************
# STEP 3 ** SCRIPT OUTPUT & SCRIPT PURPOSE *******************
# ************************************************************
# --The script output and purpose is given at the very front of the script
#
# --The script output and purpose is given at the very front of the script
#
# ************************************************************
# ***************** NOTE - POWERSHELL VERSION*****************
# if you receive this error msg:
#--The system can not find the path specified
# you may need to update your PowerShell
# you must be using Powershell 2.0 or later.
#
# To determine your Powershell version:
#---Run PowerShell
#---enter $host.version
#---you should see at least:
# Major Minor Build Revision
# ----- ----- ----- --------
# 2......0......-1.....-1
#
# If you do not see the above, update your Vista/Win 7.
# ************************************************************
# *************** NOTE - EXECUTION POLICY*********************
# If you haven't set the execution policy, you may need to:
#---Run PowerShell
#---enter SET-EXECUTIONPOLICY -EXECUTIONPOLICY REMOTESIGNED
# ************************************************************
Now that you know how, then run following script and upload the wdologs.zip file.
Script:
# ************************************************************
# Zips up your log files from Windows Defender Offline
# and extended info about the log files
# Places WDOlogs.ZIP on your Desktop
#
# ************************************************************
function New-Zip {
param([Parameter(Mandatory=$true, Position=0, ValueFromPipeline=$true)]
[String] $Path, [Switch] $PassThru, [Switch] $Force )
Process { if (Test-Path $path) {if (-not $Force) { return } }
Set-Content $path ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))
$item = Get-Item $path; $item.IsReadOnly = $false;if ($passThru) { $item } } }
function Copy-ToZip {param(
[Parameter(Mandatory=$true,Position=0,ValueFromPipelineByPropertyName=$true)] [Alias('FullName')]
[String]$File, [Parameter(Mandatory=$true,Position=1)] [String]$ZipFile,[Switch]$HideProgress,[Switch]$Force )
Begin {$ShellApplication = New-Object -ComObject Shell.Application
if (-not (Test-Path $ZipFile)) {New-Zip $ZipFile};$Path = Resolve-Path $ZipFile
$ZipPackage =$ShellApplication.Namespace("$Path")}
Process {$RealFile = Get-Item $File; if (-not $RealFile) { return }
if (-not $hideProgress) {$perc +=5; if ($perc -gt 100) { $perc = 0 }
Write-Progress "Copying to $ZipFile" $RealFile.FullName -PercentComplete $perc}
$Flags = 0; if ($force) {$flags = 16 -bor 1024 -bor 64 -bor 512};Write-Verbose $realFile.Fullname
$ZipPackage.CopyHere($realFile.Fullname, $flags);Start-Sleep -Milliseconds 500}}
$divider = "#" * 79
$fileinfo = join-path $env:TEMP \wdofileinfo.txt
IF (test-path $fileinfo) {del $fileinfo -ea:silentlycontinue -force:$true}
$dir = $env:windir + '\Microsoft Antimalware\Support'
$a = dir $dir -rec -force -ea:silentlycontinue | sort-object -property lastwritetime
$b = $a | where {$_.extension -eq '.log'} |Select mode, fullname, name, creationtime, lastwritetime, lastaccesstime, length, extension
$b | out-file -append $fileinfo
$b | foreach ($_.fullname) {
out-file -append $fileinfo -inputobject $divider
out-file -append $fileinfo -inputobject $_.fullname;
out-file -append $fileinfo -inputobject (get-content -path $_.fullname)
}
$ziploc = $env:userprofile + '\desktop\WDOlogs.ZIP'
new-zip $ziploc -verbose:$false -ea:silentlycontinue -force:$true
copy-tozip $fileinfo $ziploc -verbose:$false -hideprogress:$true
del $fileinfo
EXIT
EXIT
# ************************************************************
After you'v uploaded the zip file, then run this script and upload the computerinfo.txt file.
Script:
# ***********************************************************************
# Puts COMPUTERINFO.TXT on your desktop
# COMPUTERINFO.TXT contains info about your bios and your computer system
# ***********************************************************************
function get-ID {
param ([string]$title, [int]$arraycnt, [int]$arrayndx)
$id = " " + $title + " "
If ($arraycnt -ne 1) {$id = $id + [string]$arrayndx + " "}
$id }
function get-title { param ([string]$id)
$hashes = ([int](31 - $id.length)/2)
$hashstr = '#' * $hashes
$title = $hashstr + $id + $hashstr
If ($title.length -le 51) {$title += "#"}
$title }
$sterne = "*" * 79
$ossys = @(gwmi win32_operatingsystem)
$ossyscnt = $ossys.count
$ossysid = get-id "WIN" 1 0
$dskvol = @(gwmi win32_volume)
$dskvolcnt = $dskvol.count
$dskarr =@(gwmi win32_diskdrive)
$dskarrcnt = $dskarr.count
$cpu = @(gwmi win32_processor)
$cpucnt = $cpu.count
$mobo = gwmi win32_BaseBoard
$moboid = get-id "MOTHERBOARD" 1 0
$bootcfg = gwmi Win32_BootConfiguration
$bootid = get-id "BOOT CONFIGURATION" 1 0
$Build = gwmi Win32_WMISetting
$osid = get-id "COMPUTER INFO" 1 0
$CS = gwmi Win32_ComputerSystem
$CSprod = gwmi Win32_ComputerSystemProduct
$id = get-id "BIOS" 1 0
$csid = get-id "COMPUTER INFO" 1 0
$bios = gwmi win32_bios
$obj = new-object -typename PSobject
$obj | Add-member -membertype noteproperty -name (Get-title $id ) -value $sterne -passthru |
add-member -membertype noteproperty -name ($id + "Name") -value($bios.name) -passthru |
add-member -membertype noteproperty -name ($id + "Manufacturer") -value($bios.manufacturer) -passthru|
add-member -membertype noteproperty -name ($id + "Release Date") -value($bios.converttodatetime($bios.releasedate)) -passthru |
add-member -membertype noteproperty -name ($id + "Serial Number") -value($bios.SerialNumber) -passthru |
Add-member -membertype noteproperty -name (Get-title $csid) -value $sterne -passthru |
add-member -membertype noteproperty -name ("Manufacturer") -value($cs.manufacturer) -passthru |
add-member -membertype noteproperty -name ("Model") -value($cs.model) -passthru |
add-member -membertype noteproperty -name ("Primary Owner") -value($cs.primaryownername) -passthru |
add-member -membertype noteproperty -name ("Type") -value($cs.systemtype) -passthru |
add-member -membertype noteproperty -name ("Total Memory") -value(([string][int]($cs.totalphysicalmemory/1073741824) + " GB")) -passthru |
add-member -membertype noteproperty -name ("User Name") -value($cs.username) -passthru |
add-member -membertype noteproperty -name ("Product Name") -value($csprod.name) -passthru |
add-member -membertype noteproperty -name ("Version") -value($csprod.version) -passthru |
add-member -membertype noteproperty -name ("Build version") -value($build.BuildVersion) -passthru |
add-member -membertype noteproperty -name ("Identifying Number") -value($csprod.identifyingnumber) -passthru |
add-member -membertype noteproperty -name ("Vendor") -value($csprod.vendor) -passthru |
add-member -membertype noteproperty -name ("Boot Directory") -value($bootcfg.bootdirectory) -passthru |
add-member -membertype noteproperty -name ("Last Drive") -value($bootcfg.lastdrive) -passthru |
add-member -membertype noteproperty -name ($moboID + "Manufacturer") -value($mobo.manufacturer) -passthru |
add-member -membertype noteproperty -name ($moboid + "Product Type" ) -value($mobo.product) -passthru |
add-member -membertype noteproperty -name ($moboid + "Serial Number") -value($mobo.serialnumber)
for ($ndx=1; $ndx -le $ossyscnt; $ndx++) {
$d = $ossys[$ndx - 1]
$ossysid = get-id "WIN" $ossyscnt $ndx
$obj | add-member -membertype noteproperty -name ($ossysid + "Build Number") -value($d.buildnumber) -passthru |
add-member -membertype noteproperty -name ($ossysid + "OS Version") -value($d.caption) -passthru |
add-member -membertype noteproperty -name ($ossysid + "Country Code") -value($d.countrycode) -passthru |
## add-member -membertype noteproperty -name ($ossysid + "Service Pack") -value($d.csdversion) -passthru |
add-member -membertype noteproperty -name ($ossysid + "Install Date") -value($d.converttodatetime($d.installdate)) -passthru |
add-member -membertype noteproperty -name ($ossysid + "Computer System Name") -value($d.csname) -passthru |
add-member -membertype noteproperty -name ($ossysid + "Last Bootup") -value($d.converttodatetime($d.lastbootuptime)) -passthru |
add-member -membertype noteproperty -name ($ossysid + "OS Architecture") -value($d.osarchitecture) -passthru |
add-member -membertype noteproperty -name ($ossysid + "Registered User") -value($d.registereduser) -passthru |
add-member -membertype noteproperty -name ($ossysid + "Product ID") -value($d.serialnumber) -passthru |
add-member -membertype noteproperty -name ($ossysid + "Service Pack Version") -value($d.servicepackmajorversion)
}
for ($ndx=1; $ndx -le $cpucnt; $ndx++) {
$d = $cpu[$ndx - 1]
$cpuid = get-id "CPU" $cpucnt $ndx
$obj | add-member -membertype noteproperty -name ($cpuid + "Current Core Speed") -value([string][int]$d.currentclockspeed + " MHz") -passthru |
add-member -membertype noteproperty -name ($cpuid + "Current Voltage") -value($d.currentvoltage) -passthru |
add-member -membertype noteproperty -name ($cpuid + "External Clock") -value($d.extclock) -passthru |
add-member -membertype noteproperty -name ($cpuid + "Max. Clock Speed") -value([string][int]$d.maxclockspeed + " MHz") -passthru |
add-member -membertype noteproperty -name ($cpuid + "Manufacturer") -value($d.manufacturer) -passthru |
add-member -membertype noteproperty -name ($cpuid + "Name") -value($d.name) -passthru |
add-member -membertype noteproperty -name ($cpuid + "Description") -value($d.description) -passthru |
add-member -membertype noteproperty -name ($cpuid + "version") -value($d.version) -passthru |
add-member -membertype noteproperty -name ($cpuid + "Number of Cores per CPU") -value($d.numberofcores) -passthru |
add-member -membertype noteproperty -name ($cpuid + "Number of Logical Processors") -value($d.numberoflogicalprocessors) -passthru |
add-member -membertype noteproperty -name ($cpuid + "Socket Designation") -value($d.socketdesignation)
}
for($ndx=1; $ndx -le $dskarrcnt; $ndx++) {
$d = $dskarr[$ndx -1];
$dskarrid = get-id "DISK" $dskarrcnt $ndx
$obj | Add-member -membertype noteproperty -name (get-title $dskarrid) -value $sterne -passthru |
add-member -membertype noteproperty -name ($dskarrid + "Model") -value($d.model) -passthru |
add-member -membertype noteproperty -name ($dskarrid + "Size") -value([string][int]($d.size/1073741824) + " GB") -passthru |
add-member -membertype noteproperty -name ($dskarrid + "Status") -value($d.status) -passthru |
add-member -membertype noteproperty -name ($dskarrid + "Capabilities") -value($d.capabilitydescriptions) -passthru |
add-member -membertype noteproperty -name ($dskarrid + "Interface Type") -value($d.interfacetype) -passthru |
add-member -membertype noteproperty -name ($dskarrid + "Partitions") -value($d.partitions) -passthru |
add-member -membertype noteproperty -name ($dskarrid + "Bytespersector") -value($d.bytespersector) -passthru |
add-member -membertype noteproperty -name ($dskarrid + "Sectors per track") -value($d.sectorspertrack) -passthru |
add-member -membertype noteproperty -name ($dskarrid + "Firmware revision") -value($d.firmwarerevision) -passthru |
add-member -membertype noteproperty -name ($dskarrid + "Device ID") -value($d.deviceid) -passthru |
add-member -membertype noteproperty -name ($dskarrid + "PNP Device ID") -value($d.pnpdeviceid)
}
function Get-DrvType ($n) {
switch ([int]$n) {
2 {$result = "Removable"}
3 {$result = "Partition"}
5 {$result = "CDROM"}
default {$result = "Unknown"}
}
$result
}
for ($ndx=1; $ndx -le $dskvolcnt; $ndx++) {
$d = $dskvol[$ndx-1]
$dskvolid = get-id "DISK VOLUME" $dskvolcnt $ndx
$obj | add-member -membertype noteproperty -name (get-title $dskvolid) -value $sterne -passthru |
add-member -membertype noteproperty -name ($dskvolid + "Caption") -value($d.caption) -passthru |
add-member -membertype noteproperty -name ($dskvolid + "Drive Letter") -value($d.driveletter) -passthru |
add-member -membertype noteproperty -name ($dskvolid + "Label") -value($d.label) -passthru |
add-member -membertype noteproperty -name ($dskvolid + "Capacity") -value([string][int]($d.capacity/1073741824) + " GB") -passthru |
add-member -membertype noteproperty -name ($dskvolid + "Free Space") -value([string][int]($d.freespace/1073741824) + " GB") -passthru |
add-member -membertype noteproperty -name ($dskvolid + "Volume Type") -value(get-drvtype($d.drivetype)) -passthru |
add-member -membertype noteproperty -name ($dskvolid + "Boot Volume") -value($d.bootvolume) -passthru |
add-member -membertype noteproperty -name ($dskvolid + "System Volume") -value($d.systemvolume) -passthru |
add-member -membertype noteproperty -name ($dskvolid + "Compressed") -value($d.compressed) -passthru |
add-member -membertype noteproperty -name ($dskvolid + "Serial Number") -value($d.serialnumber) -passthru |
# add-member -membertype noteproperty -name ($dskvolid + "Device ID") -value($d.deviceid) -passthru |
add-member -membertype noteproperty -name ($dskvolid + "File System") -value($d.filesystem) -passthru |
add-member -membertype noteproperty -name ($dskvolid + "Block Size") -value($d.blocksize) -passthru |
add-member -membertype noteproperty -name ($dskvolid + "Indexing Enabled") -value($d.indexingenabled) -passthru |
add-member -membertype noteproperty -name ($dskvolid + "Auto Mount") -value($d.automount) -passthru |
add-member -membertype noteproperty -name ($dskvolid + "Dirty Bit Set") -value($d.dirtybitset)
}
$PhyMemArray = @(gwmi win32_PhysicalMemoryArray)
$cnt = $phymemarray.count
for ($ndx=1; $ndx -le $cnt; $ndx++) {
$d = $phymemarray[$ndx -1]
$id = get-id "PHYSICAL MEMORY ARRAY" $cnt $ndx
$obj | add-member -membertype noteproperty -name ( Get-title $Id ) -value $sterne
$obj | add-member -membertype noteproperty -name (" Maximum Memory Capacity") -value([string][int]($d.maxcapacity/1048576) + " GB")
$obj | add-member -membertype noteproperty -name (" Number of Memory Devices") -value($d.memorydevices)
}
$arr = @(gwmi win32_PhysicalMemory)
$cnt = $arr.count
for($i=1; $i -le $cnt; $i++){
$d = $arr[$i-1]
$id = get-id "PHYSICAL MEMORY" $cnt $i
$obj | add-member -membertype noteproperty -name (get-title $id) -value $sterne
$obj | add-member -membertype noteproperty -name ($id + "Bank Label") -value($d.banklabel)
$obj | add-member -membertype noteproperty -name ($id + "Capacity") -value([string][int]($d.capacity/1073741824) + " GB")
$obj | add-member -membertype noteproperty -name ($id + "Data Width") -value($d.datawidth)
$obj | add-member -membertype noteproperty -name ($id + "Speed") -value($d.speed)
$obj | add-member -membertype noteproperty -name ($id + "Description") -value($d.description)
$obj | add-member -membertype noteproperty -name ($id + "Tag") -value($d.tag)
$obj | add-member -membertype noteproperty -name ($id + "Device Locator") -value($d.devicelocator)
$obj | add-member -membertype noteproperty -name ($id + "Manufacturer") -value($d.manufacturer)
$obj | add-member -membertype noteproperty -name ($id + "Part Number") -value($d.partnumber)
$obj | add-member -membertype noteproperty -name ($id + "Serial Number") -value($d.serialnumber)
}
$Arr = @(gwmi win32_cachememory)
$cnt = $arr.count
for($i=1; $i -le $cnt; $i++){
$d = $arr[$i-1];
$id = get-id "CACHE MEMORY" $cnt $i
$obj | add-member -membertype noteproperty -name (get-title $id) -value $sterne
$obj | add-member -membertype noteproperty -name ($id + "Name") -value($d.name)
$obj | add-member -membertype noteproperty -name ($id + "Device ID") -value($d.deviceid)
$obj | add-member -membertype noteproperty -name ($id + "Purpose") -value($d.purpose)
$obj | add-member -membertype noteproperty -name ($id + "Block Size") -value($d.blocksize)
$obj | add-member -membertype noteproperty -name ($id + "Installed Size") -value($d.installedsize)
$obj | add-member -membertype noteproperty -name ($id + "Max Cache Size") -value($d.maxcachesize)
$obj | add-member -membertype noteproperty -name ($id + "Number of Blocks") -value($d.numberofblocks)
$obj | add-member -membertype noteproperty -name ($id + "Status") -value($d.status)
}
$Arr = @(gwmi win32_memoryarray)
$cnt = $arr.count
for($i=1; $i -le $cnt; $i++){
$d = $arr[$i-1];
$id = get-id "MEMORY ARRAY" $CNT $I
$obj | add-member -membertype noteproperty -name (get-title $id) -value $sterne
$obj | add-member -membertype noteproperty -name ($id + "Description") -value($d.description)
$obj | add-member -membertype noteproperty -name ($id + "Device ID") -value($d.deviceid)
$obj | add-member -membertype noteproperty -name ($id + "Starting Address") -value($d.startingaddress)
$obj | add-member -membertype noteproperty -name ($id + "Ending Address") -value($d.endingaddress)
}
$Arr = @(gwmi win32_memorydevice)
$cnt = $arr.count
for($i=1; $i -le $cnt; $i++){
$d = $arr[$i-1];
$id = get-id "MEMORY DEVICE" $cnd $i
$obj | add-member -membertype noteproperty -name (get-title $id) -value $sterne
$obj | add-member -membertype noteproperty -name ($id + "Description") -value($d.description)
$obj | add-member -membertype noteproperty -name ($id + "Device ID") -value($d.deviceid)
$obj | add-member -membertype noteproperty -name ($id + "Starting Address") -value($d.startingaddress)
$obj | add-member -membertype noteproperty -name ($id + "Ending Address") -value($d.endingaddress)
}
$obj > $env:userprofile\desktop\COMPUTERINFO.TXT
EXIT
EXIT
hi.. ok when i paste into the powershell box the box then disappears, it seems to have accepted it but there is no confirmation and it doesn't lead me onto anything else, is this right??
ok i have the 2 files on my desktop ty
Last edited by dman1965; 04 Aug 2012 at 10:37. Reason: progression
yep i have them but i dont kno what to do now, sry
Mode : -a---
FullName : C:\Windows\Microsoft Antimalware\Support\MpCacheStats.log
Name : MpCacheStats.log
CreationTime : 04/08/2012 12:21:59
LastWriteTime : 04/08/2012 12:21:59
LastAccessTime : 04/08/2012 12:21:59
Length : 978
Extension : .log
Mode : -a---
FullName : C:\Windows\Microsoft Antimalware\Support\MPLog-08042012-032159
.log
Name : MPLog-08042012-032159.log
CreationTime : 04/08/2012 12:21:59
LastWriteTime : 04/08/2012 13:43:12
LastAccessTime : 04/08/2012 12:21:59
Length : 5434
Extension : .log
Mode : -a---
FullName : C:\Windows\Microsoft Antimalware\Support\MPDetection-08042012-
032159.log
Name : MPDetection-08042012-032159.log
CreationTime : 04/08/2012 12:21:59
LastWriteTime : 04/08/2012 13:43:12
LastAccessTime : 04/08/2012 12:21:59
Length : 468
Extension : .log
Mode : -a---
FullName : C:\Windows\Microsoft Antimalware\Support\msssWrapper.log
Name : msssWrapper.log
CreationTime : 04/08/2012 12:21:59
LastWriteTime : 04/08/2012 13:43:13
LastAccessTime : 04/08/2012 12:21:59
Length : 3806
Extension : .log
###############################################################################
C:\Windows\Microsoft Antimalware\Support\MpCacheStats.log
* * * * * * * * * * C a c h e s t a t s * * * * * * * * * * * *
N o . O f b u c k e t s - > 1 2 8 0 0
E a c h B u c k e t h a s m a x c a p a c i t y o f - > 1 e n t r i e s
n u m b e r o f E n t r i e s i s 0
N u m b e r o f i n v a l i d e n t r i e s i s 0
N u m b e r o f I n s e r t s i s s u e d i s 0
N u m b e r o f r e p l a c e s i s s u e d i s 0
N u m b e r o f I n s e r t f a i l u r e s i s 0
N u m b e r o f l o o k u p s i s 0
N u m b e r o f m i s s e s i s 0
N u m b e r o f f a l s e f a s t l o o k u p s i s 0
N u m b e r o f i n v a l i d a t i o n s i s 0
N u m b e r o f m a i n t e n a n c e i n v a l i d a t i o n s i s 0
C u r r e n t F i l e S i z e i s 3 1 1 2 9 6
J o u r n a l I D = 0
T r u s t e d i m a g e s t a t e = 0 U S N = 0
###############################################################################
C:\Windows\Microsoft Antimalware\Support\MPLog-08042012-032159.log
--------------------------------------------------------------------------------
2012-08-04T11:21:59.443Z Trace session started - MpWppTracing-08042012-032159-00000003-ffffffff.bin
2012-08-04T11:21:59.443Z Service is asked to be reenabled.
2012-08-04T11:21:59.458Z Task(-EnableService) launched**********Cache stats************
No. Of buckets -> 12800
Each Bucket has max capacity of -> 1 entries
number of Entries is 0
Number of invalid entries is 0
Number of Inserts issued is 0
Number of replaces issued is 0
Number of Insert failures is 0
Number of lookups is 0
Number of misses is 0
Number of false fast lookups is 0
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 311296
Journal ID = 0
Trusted image state = 0 USN = 0
2012-08-04T11:21:59.474Z Loading engine...
2012-08-04T11:21:59.474Z loaded!
2012-08-04T11:21:59.474Z NisUpdate from SignatureDropLocation returns S_OK
2012-08-04T11:21:59.474Z NisUpdate from SignatureDefaultLocation returns S_OK
2012-08-04T11:21:59.474Z Cache Disabled: 0
2012-08-04T11:21:59.490Z Verifying license file...
2012-08-04T11:21:59.490Z verified!
2012-08-04T11:21:59.490Z Product supports installmode: 0
Product Version: 4.0.1538.0
Service Version: 4.0.1538.0
Engine Version: 0.0.0.0
AS Signature Version: 0.0.0.0
AV Signature Version: 0.0.0.0
************************************************************
2012-08-04T11:22:21.392Z Verifying engine and signature files (source: 0) ...
2012-08-04T11:22:21.642Z verified!
2012-08-04T11:22:25.183Z Initializing SQM in engine...
2012-08-04T11:22:25.183Z SQM initialized in the engine successfully
Signature updated on 08-04-2012 03:22:25
Product Version: 4.0.1538.0
Service Version: 4.0.1538.0
Engine Version: 1.1.8601.0
AS Signature Version: 1.131.1345.0
AV Signature Version: 1.131.1345.0
************************************************************
2012-08-04T12:40:38.825Z Task(SpyNetService -RestrictPrivileges -AccessKey B6F2C07F-E4D2-B65B-4509-4DB42F4D78D5) launched
Begin Resource Scan
Scan ID:{6A86893A-4E1C-4BFA-BAA9-E479E3E8AE9E}
Scan Source:7
Start Time:08-04-2012 04:41:07
End Time:08-04-2012 04:41:13
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:\Users\Dwayn\Downloads\avg_pct_stf_all_10_27_c1.exe
Result Count:1
Known File
Number of Resources:2
Resource Schema:file
Resource Path:\Users\Dwayn\Downloads\avg_pct_stf_all_10_27_c1.exe:Zone.Identifier
Extended Info:35874746033117
Resource Schema:file
Resource Path:\Users\Dwayn\Downloads\avg_pct_stf_all_10_27_c1.exe
Extended Info:103835777263593
End Scan
************************************************************
###############################################################################
C:\Windows\Microsoft Antimalware\Support\MPDetection-08042012-032159.log
2012-08-04T11:21:59.490Z Version: Product 4.0.1538.0 Service 4.0.1538.0 Engine 0.0.0.0 AS 0.0.0.0 AV 0.0.0.0
2012-08-04T11:22:25.230Z Version: Product 4.0.1538.0 Service 4.0.1538.0 Engine 1.1.8601.0 AS 1.131.1345.0 AV 1.131.1345.0
###############################################################################
C:\Windows\Microsoft Antimalware\Support\msssWrapper.log
ERRORS_ONLY=0
MAX_SIZE=5120
APPEND=1
MAX_LINE_SIZE=256
-------------------------------------------------
START 2012/08/04 03:21:59:240 TID:932 PID:824
INFO 2012/08/04 03:21:59:240 TID:932 PID:824
Binary architecture is amd64
INFO 2012/08/04 03:21:59:271 TID:932 PID:824
UtilIsFileExists(D:\Windows\SysWOW64\ntdll.dll) returned 0x00000000
INFO 2012/08/04 03:21:59:271 TID:932 PID:824
CheckProcessorArchitecture returned 0x00000000
INFO 2012/08/04 03:21:59:271 TID:932 PID:824
Setting target OS key: "D:\Windows"
INFO 2012/08/04 03:21:59:271 TID:932 PID:824
SetRecoveryEnvironmentKey returned 0x00000000
INFO 2012/08/04 03:21:59:271 TID:932 PID:824
Searching for signatures. Default signature path: ""
INFO 2012/08/04 03:21:59:271 TID:932 PID:824
Searching for signatures at root of drives...
WARNING 2012/08/04 03:21:59:271 TID:932 PID:824
Missing definitions file in 'C:\mpam-fex64.exe'
WARNING 2012/08/04 03:21:59:271 TID:932 PID:824
Missing definitions file in 'D:\mpam-fex64.exe'
INFO 2012/08/04 03:21:59:271 TID:932 PID:824
Found definitions file in 'E:\mpam-fex64.exe'
INFO 2012/08/04 03:21:59:271 TID:932 PID:824
Using signature path: "E:\mpam-fex64.exe"
INFO 2012/08/04 03:21:59:271 TID:932 PID:824
SearchForSignatures returned 0x00000000
INFO 2012/08/04 03:21:59:271 TID:932 PID:824
Initializing offline environment and service...
INFO 2012/08/04 03:22:25:230 TID:932 PID:824
Launching user interface...
INFO 2012/08/04 03:22:25:245 TID:932 PID:824
Launched UI, waiting...
INFO 2012/08/04 04:43:11:160 TID:932 PID:824
Wait finished (UI signaled)
INFO 2012/08/04 04:43:11:160 TID:932 PID:824
RunCallisto returned 0x00000000
INFO 2012/08/04 04:43:13:172 TID:932 PID:824
Offline scan completed with 0x00000000
FINISH 2012/08/04 04:43:13:172 TID:828 PID:824
Hi,
I'm a bit lost at the moment - what are we trying to solve? If I understand correctly BitDefender cleaned your system (its a good piece if kit that I have used with success before) - are there any other issues?
Regards,
Golden
yep my main issue is windows would only start in safe mode, i did manage to get it to boot semi normally by using only on-board graphics but still it will not load properly or let me do many things like access my internet as usual.. if i click on my browser it says i must chose a different path ... i do this and it loads a very basic version of my browser, with much missing,,,, i can only download in safe mode, cant use my nvidia card etc etc.. bit defender seemed to have identified that traojan heur and eliminated it and the windef bootable scan i did came up clear. but the 1st issue is still to be resolved.. at the moment im just trying to inch forward with each bit of info and advice im getting .... the help is much appreciated.
i think the idea is to bring it back to its original state but to do this i was told my hdd needed a clean bill of health, if any1 could help me carry on with this i would be most grateful, thanks D