GSOD safe mode no bueno

Page 1 of 2 12 LastLast

  1. Posts : 10
    7 home premium 64 bit
       #1

    GSOD safe mode no bueno


    Guy brings me his Sony VAIO running Win 7 Home SP1. Says that he was using it and got a warning that he has porn or something on his rig and either up 300 bucks or else. He shuts it down and now, it comes up normal, shows his desktop and then bam grey screen. Safe mode starts and then shuts down restarting to normal mode. Then same thing, desktop and finally grey screen. I cannot get through to do anything with it. He has no recovery disks, and I tried reverting to when it last operated right and nothing. Any help is appreciated. Also, the only safe mode that appears to work is with command prompt

    MM
      My Computer


  2. Posts : 2,470
    Windows 7 Home Premium
       #2

    scythempress,

    Ransomware...bad news! A fake alert pretending to be from the United States Department of Justice, stating they have detected the user was viewing child pornography, etc.

    Got a USB pen drive?

    If so, let's use HitmanPro.Kickstart on the troubled computer, scan it for malware, and remove any infection that is present.

    Also, you may want to print these instructions, so they are available to follow.

    Load the USB flash drive with HitmanPro.Kickstart as follows...
    Note: the contents of the USB flash drive are erased during this process!

    Use the clean (non-infected) computer, and download:
    HitmanPro.Kickstart - Anti ransomware, politievirus, bundestrojaner, Reveton, BKA, GVU - SurfRight

    Under Download (on the right) select the program applicable to the infected system: 64-bit or 32-bit

    When HitmanPro opens, click the KickStart icon at the bottom of the screen.

    Plug in the USB flash drive.

    When the USB flash drive is detected, a selection screen is presented.
    Select the USB flash drive from the choices, and press: Install Kickstart
    A warning that all contents of the selected flash drive will erase is presented.
    Press: Yes

    As the HitmanPro.Kickstart files are loaded, a progress indicator is shown on the screen.
    Once the process is completed a screen is presented with the contents of HitmanPro.Kickstart

    Remove the USB flash drive from the clean computer and press: Close


    Now, with the problem computer shut down, plug the USB flash drive into a USB port, and turn on the power.

    When the computer starts, press the key that brings up the Boot Menu. (On some machines its F12, F10, or F2)

    From there, select to boot from the USB drive. (It may say 'Removable Drive' in the options.)
    Info: How to Remove Ransomware - Select Real Security

    Once you select the USB flash drive to boot from, press: Enter

    A KickStart prompt with USB boot options appears.
    Select: 1 (Bypass the Master Boot Record (Default))

    The system continues to boot from the hard drive and starts Windows.

    If you get a message stating that Windows failed to start, etc., just select: Start Windows Normally

    When Windows boots, you either get a logon screen, or the Desktop is started.
    If you see a logon screen with your User name, logon with it.


    In the next prompt, to start the program without installing to the local hard disk, select the option to do: One-time scan to check the computer

    To start scanning for malware press: Next

    If malware is detected, the program shows what malware is present on the system using a red framed screen as shown below:


    Select Next to quarantine the malware into a secure storage where it can no longer start.


    At the next screen, activate the 30-day free license:

    After successful activation (30 days), press: Next

    A screen indicating that the malware was successfully disabled or removed is presented.
    Press: Next

    To obtain a report of the scan results, press: Save log
    Save the Notepad log!!
    It has a name such as: HitmanPro_xxxxxxxx_xxxx


    Remove the USB drive, and press: Reboot
    If no malware is found, press: Close

    After HitmanPro.Kickstart is done, you should be back into normal Windows.

    Please post the HitmanPro log in your reply.
      My Computer


  3. Posts : 1,269
    Windows 7 Ultimate Retail Box (64-bit installed) + Service Pack 1
       #3

    Or remove the hard drive and scan/repair it from a known good system, that is method I have used, I have a SATA/EIDE to USB adaptor + power supply, so I just connect it up that way.
      My Computer


  4. Posts : 10
    7 home premium 64 bit
    Thread Starter
       #4

    Yeah tried that


    New boot option was external device, once started had two options, either run win7 or run repair, been through both options, it is not my computer so there is no internet connection which it says it needs for hitman, any way thanks
      My Computer


  5. Posts : 2,470
    Windows 7 Home Premium
       #5

    Almost incredible that in this day and age one cannot change the Boot order to boot from a pen drive.
      My Computer


  6. Posts : 10
    7 home premium 64 bit
    Thread Starter
       #6

    was waiting on the insult. Like all these sites gurus treating people like crap. thanks. totally expected. was really hoping this one was different. Did change to pen drive, the problem is I cannot get to anything for the grey screen so there is no way to make it use my internet for hitman. I was hoping the program would check the computer as it is, but it aborts because it wants an internet access I cannot give it.
      My Computer


  7. Posts : 10
    7 home premium 64 bit
    Thread Starter
       #7

    Ok so anyone please. The computer is up, the desktop basically appears to be behind a grey screen because when I shut it down, right before it shuts down it shows me the desktop intact. If I attempt safe mode, it automatically restarts unless I use safe mode with command prompt. While in grey screen if I attempt task manager, it allows me to choose it, but goes back to grey screen. Since I cannot open network connections, it cannot connect to the internet, and apparently unless hitman can take you back to its site for an exchange of monetary value, it cannot help you without a connection. So any thoughts on how to fix it without reloading the OS? Would like to save the guys files if possible.
      My Computer


  8. Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       #8

    scythempress

    Lets try this

       Warning
    You will need a USB FLASH DRIVE


       Tip
    Download the Tool from a non infected PC


    Farbar Recovery Scan Tool

    Choose one that goes with your OS bit version . Save the file to a USB Flash drive

    32-bit Version OS Farbar Recovery Scan Tool

    64-Bit Version OS Farbar Recovery Scan Tool x64


       Note
    Click the button and right-click Computer .Select Properties . Look for System Type: which will say 32-bit Operating System or 64-bit Operating System


    Plug the flash drive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    Restart the computer.
    As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    Use the arrow keys to select Repair Your Computer menu item.
    Select US as the keyboard language settings, and then click Next.
    Select the operating system you want to repair, and then click Next.
    Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    Insert the installation disc.
    Restart your computer.
    If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    Click Repair your computer.
    Select US as the keyboard language settings, and then click Next.
    Select the operating system you want to repair, and then click Next.
    Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair


    • System Restore


    • Windows Complete PC Restore


    • Windows Memory Diagnostic Tool


    • Command Prompt


    Select Command Prompt

    In the command window type X:\FRST.exe (for x64 bit version type X:\FRST64.exe) and press Enter

       Note
    Replace letter X with the drive letter of your flash drive.


       Tip
    Type the commands below to see what your letter is for the USB drive and press ENTER after each command


    Code:
    Diskpart
    List volume
    The tool will start to run.
    When the tool opens click Yes to disclaimer.
    Press Scan button.
    FRST will let you know when the scan is complete and has written the FRST.txt to file

    Upload the FRST.txt file

       Note
    FRST.txt file will be inside the root of the USB Flash Drive
      My Computer


  9. Posts : 10
    7 home premium 64 bit
    Thread Starter
       #9

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
    Ran by SYSTEM on 01-08-2013 02:46:55
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

    Code:
    ==================== Registry (Whitelisted) ==================
    
    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-04-06] (Realtek Semiconductor)
    HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [221480 2010-05-16] (Alps Electric Co., Ltd.)
    HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
    HKLM-x32\...\Run: [SmartWiHelper] - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [89080 2010-07-15] (Sony Electronics Corporation)
    HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-21] (Sony Corporation)
    HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [] -  [x]
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
    HKU\Eddie\...\Run: [Easy Dock] - C:\Users\Eddie\Documents\RCA easyRip\EZDock.exe [x]
    HKU\Eddie\...\Run: [BackupAgent] - C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe [197448 2013-03-19] (Strongvault LLC)
    HKU\Eddie\...\Run: [CRE] - rundll32 "C:\Users\Eddie\AppData\Local\Citrix\CRE\eodo.dll",DllRegisterServer [x] <===== ATTENTION
    HKU\Eddie\...\Run: [Stronghold Online Backup] - C:\Users\Eddie\AppData\Local\Stronghold Online Backup\civymiwm.dll [690176 2013-07-18] (Microsoft Corporation) <===== ATTENTION
    HKU\Eddie\...\Run: [Internet Security] - C:\Users\Eddie\AppData\Roaming\mldefender.exe [839168 2013-07-23] (Poly-enter-Software Solutions)
    HKU\Eddie\...\Winlogon: [Shell] explorer.exe,C:\Users\Eddie\AppData\Roaming\skype.dat [113664 2011-11-16] (ImDev Software Group) <==== ATTENTION 
    
    ==================== Services (Whitelisted) =================
    
    S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1453872 2013-05-21] ()
    S2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
    S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [252416 2010-05-25] (Sony Corporation)
    S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2010-04-08] (Sony Corporation)
    S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [852336 2010-03-18] (Sony Corporation)
    S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1203568 2010-01-22] (Sony Corporation)
    
    ==================== Drivers (Whitelisted) ====================
    
    S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [1157240 2011-11-30] (Symantec Corporation)
    S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [1157240 2011-11-30] (Symantec Corporation)
    S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-04] (Symantec Corporation)
    S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-04] (Symantec Corporation)
    S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120224.002\IDSvia64.sys [488568 2011-12-15] (Symantec Corporation)
    S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120224.002\IDSvia64.sys [488568 2011-12-15] (Symantec Corporation)
    S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120227.002\ENG64.SYS [117880 2011-12-06] (Symantec Corporation)
    S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120227.002\ENG64.SYS [117880 2011-12-06] (Symantec Corporation)
    S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120227.002\EX64.SYS [2048632 2011-12-06] (Symantec Corporation)
    S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120227.002\EX64.SYS [2048632 2011-12-06] (Symantec Corporation)
    S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
    S1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
    S0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
    S0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
    S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-06-04] (Symantec Corporation)
    S1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
    S1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
    S2 IAStorDataMgrSvc; 
    S2 MCSTRM; No ImagePath
    S2 MSSQL$DDNI; 
    
    ==================== NetSvcs (Whitelisted) ===================
    
    
    ==================== One Month Created Files and Folders ========
    
    2013-08-01 02:46 - 2013-08-01 02:46 - 00000000 ____D C:\FRST
    2013-07-31 22:03 - 2013-07-31 22:03 - 00000000 ____D C:\Program Files\HitmanPro
    2013-07-31 21:55 - 2013-07-31 21:55 - 00000000 ____D C:\ProgramData\HitmanPro
    2013-07-23 23:29 - 2013-07-31 23:36 - 00000004 _____ C:\Users\Eddie\AppData\Roaming\skype.ini
    2013-07-23 23:25 - 2013-07-23 23:25 - 00839168 _____ (Poly-enter-Software Solutions) C:\Users\Eddie\AppData\Roaming\mldefender.exe
    2013-07-23 23:25 - 2013-07-23 23:25 - 00113664 _____ (ImDev Software Group) C:\Users\Eddie\ctfmon.exe
    2013-07-23 23:25 - 2013-07-23 23:25 - 00000791 _____ C:\Users\Eddie\Desktop\Internet Security Pro.lnk
    2013-07-23 23:25 - 2013-07-23 23:25 - 00000000 _____ C:\Users\Eddie\spoolsv.exe
    2013-07-23 23:25 - 2013-07-23 23:25 - 00000000 _____ C:\Users\Eddie\notepad.exe
    2013-07-23 22:22 - 2013-07-23 22:23 - 00000000 ____D C:\Users\Eddie\Downloads\Falling.Skies.S03E07.720p.HDTV.x264-IMMERSE[rarbg]
    2013-07-23 22:21 - 2013-07-23 22:23 - 00000000 ____D C:\Users\Eddie\Downloads\Falling Skies (2013) S03E09 720p WEB-DL NL Subs SAM TBS
    2013-07-23 22:20 - 2013-07-23 22:42 - 00000000 ____D C:\Users\Eddie\Downloads\[ SPEED.CD :: You're home now! ] - Falling.Skies.S03E08.720p.HDTV.x264-EVOLVE
    2013-07-23 21:09 - 2013-07-23 21:09 - 00000000 ____D C:\Program Files (x86)\LyricsSpeaker
    2013-07-19 11:25 - 2013-07-19 11:25 - 00010172 _____ C:\Users\Eddie\Documents\Weekly Clean up.xlsx
    2013-07-18 07:23 - 2013-07-31 21:33 - 00000000 ____D C:\Users\Eddie\AppData\Local\Stronghold Online Backup
    2013-07-17 16:33 - 2013-07-17 16:33 - 00001417 _____ C:\Users\Eddie\Desktop\Internet Explorer.lnk
    2013-07-10 13:19 - 2013-07-10 13:19 - 00000000 ____D C:\Users\Eddie\Downloads\BIT TORRANT
    2013-07-10 00:11 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-07-10 00:11 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-07-10 00:11 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-07-10 00:11 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-07-10 00:11 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-07-10 00:11 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2013-07-10 00:11 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2013-07-10 00:11 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2013-07-10 00:11 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-07-10 00:11 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-07-10 00:11 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-07-10 00:11 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-07-10 00:11 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-07-10 00:11 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-07-10 00:11 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2013-07-10 00:11 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2013-07-10 00:11 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2013-07-10 00:11 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2013-07-10 00:11 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2013-07-10 00:11 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-07-10 00:11 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-07-10 00:10 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-07-10 00:10 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-07-10 00:10 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-07-10 00:10 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-07-10 00:10 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-07-10 00:10 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-07-10 00:10 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-07-10 00:10 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-07-10 00:10 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-07-10 00:10 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-07-09 23:47 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
    2013-07-09 23:47 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2013-07-09 23:47 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
    2013-07-09 23:47 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2013-07-09 23:39 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-07-09 23:28 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2013-07-09 23:28 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2013-07-05 07:44 - 2013-07-31 23:33 - 00000396 _____ C:\Windows\Tasks\LyricsSpeaker Update.job
    2013-07-05 07:44 - 2013-07-10 00:45 - 00003044 _____ C:\Windows\System32\Tasks\LyricsSpeaker Update
      My Computer


  10. Posts : 10
    7 home premium 64 bit
    Thread Starter
       #10

    Code:
    ==================== One Month Modified Files and Folders =======
    
    2013-08-01 00:30 - 2010-08-10 17:11 - 00000000 ____D C:\users\boinc_master
    2013-08-01 00:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2013-08-01 00:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2013-07-31 23:36 - 2013-07-23 23:29 - 00000004 _____ C:\Users\Eddie\AppData\Roaming\skype.ini
    2013-07-31 23:33 - 2013-07-05 07:44 - 00000396 _____ C:\Windows\Tasks\LyricsSpeaker Update.job
    2013-07-31 23:33 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-07-31 23:33 - 2009-07-13 20:51 - 00133550 _____ C:\Windows\setupact.log
    2013-07-31 23:12 - 2010-08-10 17:11 - 00729538 _____ C:\Windows\PFRO.log
    2013-07-31 23:12 - 2010-08-10 16:48 - 00000000 ____D C:\Program Files\Google
    2013-07-31 23:12 - 2010-08-10 16:48 - 00000000 ____D C:\Program Files (x86)\Google
    2013-07-31 23:07 - 2010-11-25 17:30 - 01417208 _____ C:\Windows\WindowsUpdate.log
    2013-07-31 23:05 - 2011-11-19 18:54 - 00000000 ____D C:\Users\Eddie\AppData\Local\Conduit
    2013-07-31 23:00 - 2011-01-23 05:42 - 00000000 ____D C:\Users\Eddie\AppData\Local\Google
    2013-07-31 23:00 - 2010-08-10 16:48 - 00000000 ____D C:\ProgramData\Google
    2013-07-31 22:58 - 2010-08-10 16:27 - 00000000 ____D C:\ProgramData\DDNi
    2013-07-31 22:32 - 2011-01-27 19:28 - 00000000 ____D C:\Program Files (x86)\Yahoo!
    2013-07-31 22:19 - 2009-07-13 20:45 - 00013872 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-07-31 22:19 - 2009-07-13 20:45 - 00013872 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-07-31 22:03 - 2013-07-31 22:03 - 00000000 ____D C:\Program Files\HitmanPro
    2013-07-31 21:55 - 2013-07-31 21:55 - 00000000 ____D C:\ProgramData\HitmanPro
    2013-07-31 21:50 - 2009-07-13 21:13 - 00780196 _____ C:\Windows\System32\PerfStringBackup.INI
    2013-07-31 21:33 - 2013-07-18 07:23 - 00000000 ____D C:\Users\Eddie\AppData\Local\Stronghold Online Backup
    2013-07-31 21:33 - 2012-08-21 10:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-07-31 21:32 - 2011-01-23 05:36 - 00000000 ____D C:\users\Eddie
    2013-07-23 23:25 - 2013-07-23 23:25 - 00839168 _____ (Poly-enter-Software Solutions) C:\Users\Eddie\AppData\Roaming\mldefender.exe
    2013-07-23 23:25 - 2013-07-23 23:25 - 00113664 _____ (ImDev Software Group) C:\Users\Eddie\ctfmon.exe
    2013-07-23 23:25 - 2013-07-23 23:25 - 00000791 _____ C:\Users\Eddie\Desktop\Internet Security Pro.lnk
    2013-07-23 23:25 - 2013-07-23 23:25 - 00000000 _____ C:\Users\Eddie\spoolsv.exe
    2013-07-23 23:25 - 2013-07-23 23:25 - 00000000 _____ C:\Users\Eddie\notepad.exe
    2013-07-23 23:24 - 2011-11-19 18:53 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\BitTorrent
    2013-07-23 22:42 - 2013-07-23 22:20 - 00000000 ____D C:\Users\Eddie\Downloads\[ SPEED.CD :: You're home now! ] - Falling.Skies.S03E08.720p.HDTV.x264-EVOLVE
    2013-07-23 22:25 - 2011-10-22 17:40 - 00000000 ____D C:\Users\Eddie\AppData\Local\CrashDumps
    2013-07-23 22:23 - 2013-07-23 22:22 - 00000000 ____D C:\Users\Eddie\Downloads\Falling.Skies.S03E07.720p.HDTV.x264-IMMERSE[rarbg]
    2013-07-23 22:23 - 2013-07-23 22:21 - 00000000 ____D C:\Users\Eddie\Downloads\Falling Skies (2013) S03E09 720p WEB-DL NL Subs SAM TBS
    2013-07-23 21:09 - 2013-07-23 21:09 - 00000000 ____D C:\Program Files (x86)\LyricsSpeaker
    2013-07-21 01:55 - 2013-04-25 18:58 - 00003376 _____ C:\Windows\System32\Tasks\AmiUpdXp
    2013-07-19 11:25 - 2013-07-19 11:25 - 00010172 _____ C:\Users\Eddie\Documents\Weekly Clean up.xlsx
    2013-07-18 07:23 - 2011-11-14 11:19 - 00000000 ____D C:\Users\Eddie\AppData\Local\Citrix
    2013-07-17 16:33 - 2013-07-17 16:33 - 00001417 _____ C:\Users\Eddie\Desktop\Internet Explorer.lnk
    2013-07-17 07:48 - 2010-08-10 16:48 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2013-07-17 07:48 - 2010-08-10 16:48 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2013-07-10 13:19 - 2013-07-10 13:19 - 00000000 ____D C:\Users\Eddie\Downloads\BIT TORRANT
    2013-07-10 00:45 - 2013-07-05 07:44 - 00003044 _____ C:\Windows\System32\Tasks\LyricsSpeaker Update
    2013-07-10 00:43 - 2009-07-13 20:45 - 00437568 _____ C:\Windows\System32\FNTCACHE.DAT
    2013-07-10 00:42 - 2013-03-13 00:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-07-10 00:42 - 2013-03-13 00:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-07-10 00:39 - 2010-07-21 16:37 - 00000000 ____D C:\Program Files\Windows Journal
    2013-07-10 00:39 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
    2013-07-10 00:39 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2013-07-10 00:23 - 2011-01-23 08:11 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-07-10 00:12 - 2011-11-26 14:37 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-07-08 06:54 - 2012-06-11 19:33 - 00000000 ____D C:\Users\Eddie\Documents\IAMC
    2013-07-05 07:44 - 2013-05-17 18:28 - 00000000 ____D C:\Program Files (x86)\SingAlong
    2013-07-03 17:10 - 2010-08-10 16:27 - 00000000 ____D C:\Program Files (x86)\DDNi
    
    Files to move or delete:
    ====================
    C:\Users\Eddie\AppData\Local\Stronghold Online Backup\civymiwm.dll
    C:\Users\Eddie\ctfmon.exe
    C:\Users\Eddie\GoToAssistDownloadHelper.exe
    C:\Users\Eddie\notepad.exe
    C:\Users\Eddie\spoolsv.exe
    C:\Users\Eddie\AppData\Roaming\skype.dat
    C:\Users\Eddie\AppData\Roaming\skype.ini
    
    ==================== Known DLLs (Whitelisted) ================
    
    
    ==================== Bamital & volsnap Check =================
    
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    
    ==================== EXE ASSOCIATION =====================
    
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    
    ==================== Restore Points  =========================
    
    Restore point made on: 2013-06-14 19:31:29
    Restore point made on: 2013-06-17 21:59:17
    Restore point made on: 2013-07-10 00:00:37
    Restore point made on: 2013-07-23 23:53:05
    
    ==================== Memory info =========================== 
    
    Percentage of memory in use: 15%
    Total physical RAM: 3834.9 MB
    Available physical RAM: 3222.87 MB
    Total Pagefile: 3833.05 MB
    Available Pagefile: 3215.86 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.86 MB
    
    ==================== Drives ================================
    
    Drive c: () (Fixed) (Total:456.26 GB) (Free:384.71 GB) NTFS (Disk=0 Partition=3)
    Drive e: (Recovery) (Fixed) (Total:9.4 GB) (Free:0.82 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
    Drive g: (HITMANPRO) (Removable) (Total:7.44 GB) (Free:7.44 GB) FAT32 (Disk=1 Partition=1)
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
    
    ==================== MBR & Partition Table ==================
    
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B99EB1C8)
    Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
    
    ========================================================
    Disk: 1 (Size: 7 GB) (Disk ID: 95E6BCA3)
    Partition 1: (Active) - (Size=7 GB) - (Type=0B)
    
    
    LastRegBack: 2013-07-23 23:45
    
    ==================== End Of Log ============================
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:29.
Find Us