Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: GSOD safe mode no bueno

31 Jul 2013   #1

7 home premium 64 bit
 
 
GSOD safe mode no bueno

Guy brings me his Sony VAIO running Win 7 Home SP1. Says that he was using it and got a warning that he has porn or something on his rig and either up 300 bucks or else. He shuts it down and now, it comes up normal, shows his desktop and then bam grey screen. Safe mode starts and then shuts down restarting to normal mode. Then same thing, desktop and finally grey screen. I cannot get through to do anything with it. He has no recovery disks, and I tried reverting to when it last operated right and nothing. Any help is appreciated. Also, the only safe mode that appears to work is with command prompt

MM

My System SpecsSystem Spec
.

01 Aug 2013   #2

Windows 7 Home Premium
 
 

scythempress,

Ransomware...bad news! A fake alert pretending to be from the United States Department of Justice, stating they have detected the user was viewing child pornography, etc.

Got a USB pen drive?

If so, let's use HitmanPro.Kickstart on the troubled computer, scan it for malware, and remove any infection that is present.

Also, you may want to print these instructions, so they are available to follow.

Load the USB flash drive with HitmanPro.Kickstart as follows...
Note: the contents of the USB flash drive are erased during this process!

Use the clean (non-infected) computer, and download:
HitmanPro.Kickstart - Anti ransomware, politievirus, bundestrojaner, Reveton, BKA, GVU - SurfRight

Under Download (on the right) select the program applicable to the infected system: 64-bit or 32-bit

When HitmanPro opens, click the KickStart icon at the bottom of the screen.

Plug in the USB flash drive.

When the USB flash drive is detected, a selection screen is presented.
Select the USB flash drive from the choices, and press: Install Kickstart
A warning that all contents of the selected flash drive will erase is presented.
Press: Yes

As the HitmanPro.Kickstart files are loaded, a progress indicator is shown on the screen.
Once the process is completed a screen is presented with the contents of HitmanPro.Kickstart

Remove the USB flash drive from the clean computer and press: Close


Now, with the problem computer shut down, plug the USB flash drive into a USB port, and turn on the power.

When the computer starts, press the key that brings up the Boot Menu. (On some machines its F12, F10, or F2)

From there, select to boot from the USB drive. (It may say 'Removable Drive' in the options.)
Info: How to Remove Ransomware - Select Real Security

Once you select the USB flash drive to boot from, press: Enter

A KickStart prompt with USB boot options appears.
Select: 1 (Bypass the Master Boot Record (Default))

The system continues to boot from the hard drive and starts Windows.

If you get a message stating that Windows failed to start, etc., just select: Start Windows Normally

When Windows boots, you either get a logon screen, or the Desktop is started.
If you see a logon screen with your User name, logon with it.


In the next prompt, to start the program without installing to the local hard disk, select the option to do: One-time scan to check the computer

To start scanning for malware press: Next

If malware is detected, the program shows what malware is present on the system using a red framed screen as shown below:


Select Next to quarantine the malware into a secure storage where it can no longer start.


At the next screen, activate the 30-day free license:

After successful activation (30 days), press: Next

A screen indicating that the malware was successfully disabled or removed is presented.
Press: Next

To obtain a report of the scan results, press: Save log
Save the Notepad log!!
It has a name such as: HitmanPro_xxxxxxxx_xxxx


Remove the USB drive, and press: Reboot
If no malware is found, press: Close

After HitmanPro.Kickstart is done, you should be back into normal Windows.

Please post the HitmanPro log in your reply.
My System SpecsSystem Spec
01 Aug 2013   #3

Windows 7 Ultimate Retail Box (64-bit installed) + Service Pack 1
 
 

Or remove the hard drive and scan/repair it from a known good system, that is method I have used, I have a SATA/EIDE to USB adaptor + power supply, so I just connect it up that way.
My System SpecsSystem Spec
.


01 Aug 2013   #4

7 home premium 64 bit
 
 
Yeah tried that

New boot option was external device, once started had two options, either run Windows 7 or run repair, been through both options, it is not my computer so there is no internet connection which it says it needs for hitman, any way thanks
My System SpecsSystem Spec
01 Aug 2013   #5

Windows 7 Home Premium
 
 

Almost incredible that in this day and age one cannot change the Boot order to boot from a pen drive.
My System SpecsSystem Spec
01 Aug 2013   #6

7 home premium 64 bit
 
 

was waiting on the insult. Like all these sites gurus treating people like crap. thanks. totally expected. was really hoping this one was different. Did change to pen drive, the problem is I cannot get to anything for the grey screen so there is no way to make it use my internet for hitman. I was hoping the program would check the computer as it is, but it aborts because it wants an internet access I cannot give it.
My System SpecsSystem Spec
01 Aug 2013   #7

7 home premium 64 bit
 
 

Ok so anyone please. The computer is up, the desktop basically appears to be behind a grey screen because when I shut it down, right before it shuts down it shows me the desktop intact. If I attempt safe mode, it automatically restarts unless I use safe mode with command prompt. While in grey screen if I attempt task manager, it allows me to choose it, but goes back to grey screen. Since I cannot open network connections, it cannot connect to the internet, and apparently unless hitman can take you back to its site for an exchange of monetary value, it cannot help you without a connection. So any thoughts on how to fix it without reloading the OS? Would like to save the guys files if possible.
My System SpecsSystem Spec
01 Aug 2013   #8

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

scythempress

Lets try this

warning   Warning
You will need a USB FLASH DRIVE


Tip   Tip
Download the Tool from a non infected PC


Farbar Recovery Scan Tool

Choose one that goes with your OS bit version . Save the file to a USB Flash drive

32-bit Version OS Farbar Recovery Scan Tool

64-Bit Version OS Farbar Recovery Scan Tool x64


Note   Note
Click the button and right-click Computer .Select Properties . Look for System Type: which will say 32-bit Operating System or 64-bit Operating System


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select Repair Your Computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

Select Command Prompt

In the command window type X:\FRST.exe (for x64 bit version type X:\FRST64.exe) and press Enter

Note   Note
Replace letter X with the drive letter of your flash drive.


Tip   Tip
Type the commands below to see what your letter is for the USB drive and press ENTER after each command


Code:
Diskpart
List volume
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file

Upload the FRST.txt file

Note   Note
FRST.txt file will be inside the root of the USB Flash Drive
My System SpecsSystem Spec
01 Aug 2013   #9

7 home premium 64 bit
 
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by SYSTEM on 01-08-2013 02:46:55
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

Code:
==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [221480 2010-05-16] (Alps Electric Co., Ltd.)
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKLM-x32\...\Run: [SmartWiHelper] - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [89080 2010-07-15] (Sony Electronics Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-21] (Sony Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKU\Eddie\...\Run: [Easy Dock] - C:\Users\Eddie\Documents\RCA easyRip\EZDock.exe [x]
HKU\Eddie\...\Run: [BackupAgent] - C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe [197448 2013-03-19] (Strongvault LLC)
HKU\Eddie\...\Run: [CRE] - rundll32 "C:\Users\Eddie\AppData\Local\Citrix\CRE\eodo.dll",DllRegisterServer [x] <===== ATTENTION
HKU\Eddie\...\Run: [Stronghold Online Backup] - C:\Users\Eddie\AppData\Local\Stronghold Online Backup\civymiwm.dll [690176 2013-07-18] (Microsoft Corporation) <===== ATTENTION
HKU\Eddie\...\Run: [Internet Security] - C:\Users\Eddie\AppData\Roaming\mldefender.exe [839168 2013-07-23] (Poly-enter-Software Solutions)
HKU\Eddie\...\Winlogon: [Shell] explorer.exe,C:\Users\Eddie\AppData\Roaming\skype.dat [113664 2011-11-16] (ImDev Software Group) <==== ATTENTION 

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1453872 2013-05-21] ()
S2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [252416 2010-05-25] (Sony Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2010-04-08] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [852336 2010-03-18] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1203568 2010-01-22] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [1157240 2011-11-30] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [1157240 2011-11-30] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-04] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-04] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120224.002\IDSvia64.sys [488568 2011-12-15] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120224.002\IDSvia64.sys [488568 2011-12-15] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120227.002\ENG64.SYS [117880 2011-12-06] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120227.002\ENG64.SYS [117880 2011-12-06] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120227.002\EX64.SYS [2048632 2011-12-06] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120227.002\EX64.SYS [2048632 2011-12-06] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-06-04] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
S2 IAStorDataMgrSvc; 
S2 MCSTRM; No ImagePath
S2 MSSQL$DDNI; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-01 02:46 - 2013-08-01 02:46 - 00000000 ____D C:\FRST
2013-07-31 22:03 - 2013-07-31 22:03 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-31 21:55 - 2013-07-31 21:55 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-23 23:29 - 2013-07-31 23:36 - 00000004 _____ C:\Users\Eddie\AppData\Roaming\skype.ini
2013-07-23 23:25 - 2013-07-23 23:25 - 00839168 _____ (Poly-enter-Software Solutions) C:\Users\Eddie\AppData\Roaming\mldefender.exe
2013-07-23 23:25 - 2013-07-23 23:25 - 00113664 _____ (ImDev Software Group) C:\Users\Eddie\ctfmon.exe
2013-07-23 23:25 - 2013-07-23 23:25 - 00000791 _____ C:\Users\Eddie\Desktop\Internet Security Pro.lnk
2013-07-23 23:25 - 2013-07-23 23:25 - 00000000 _____ C:\Users\Eddie\spoolsv.exe
2013-07-23 23:25 - 2013-07-23 23:25 - 00000000 _____ C:\Users\Eddie\notepad.exe
2013-07-23 22:22 - 2013-07-23 22:23 - 00000000 ____D C:\Users\Eddie\Downloads\Falling.Skies.S03E07.720p.HDTV.x264-IMMERSE[rarbg]
2013-07-23 22:21 - 2013-07-23 22:23 - 00000000 ____D C:\Users\Eddie\Downloads\Falling Skies (2013) S03E09 720p WEB-DL NL Subs SAM TBS
2013-07-23 22:20 - 2013-07-23 22:42 - 00000000 ____D C:\Users\Eddie\Downloads\[ SPEED.CD :: You're home now! ] - Falling.Skies.S03E08.720p.HDTV.x264-EVOLVE
2013-07-23 21:09 - 2013-07-23 21:09 - 00000000 ____D C:\Program Files (x86)\LyricsSpeaker
2013-07-19 11:25 - 2013-07-19 11:25 - 00010172 _____ C:\Users\Eddie\Documents\Weekly Clean up.xlsx
2013-07-18 07:23 - 2013-07-31 21:33 - 00000000 ____D C:\Users\Eddie\AppData\Local\Stronghold Online Backup
2013-07-17 16:33 - 2013-07-17 16:33 - 00001417 _____ C:\Users\Eddie\Desktop\Internet Explorer.lnk
2013-07-10 13:19 - 2013-07-10 13:19 - 00000000 ____D C:\Users\Eddie\Downloads\BIT TORRANT
2013-07-10 00:11 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 00:11 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 00:11 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 00:11 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 00:11 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 00:11 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 00:11 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 00:11 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 00:11 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 00:11 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 00:11 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 00:11 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 00:11 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 00:11 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 00:11 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 00:11 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 00:11 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 00:11 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 00:11 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 00:11 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 00:11 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 00:10 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 00:10 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 00:10 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 00:10 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 00:10 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 00:10 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 00:10 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 00:10 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 00:10 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 00:10 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-09 23:47 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-09 23:47 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-09 23:47 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-09 23:47 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-09 23:39 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-09 23:28 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 23:28 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-05 07:44 - 2013-07-31 23:33 - 00000396 _____ C:\Windows\Tasks\LyricsSpeaker Update.job
2013-07-05 07:44 - 2013-07-10 00:45 - 00003044 _____ C:\Windows\System32\Tasks\LyricsSpeaker Update
My System SpecsSystem Spec
01 Aug 2013   #10

7 home premium 64 bit
 
 

Code:
==================== One Month Modified Files and Folders =======

2013-08-01 00:30 - 2010-08-10 17:11 - 00000000 ____D C:\users\boinc_master
2013-08-01 00:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-01 00:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-07-31 23:36 - 2013-07-23 23:29 - 00000004 _____ C:\Users\Eddie\AppData\Roaming\skype.ini
2013-07-31 23:33 - 2013-07-05 07:44 - 00000396 _____ C:\Windows\Tasks\LyricsSpeaker Update.job
2013-07-31 23:33 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-31 23:33 - 2009-07-13 20:51 - 00133550 _____ C:\Windows\setupact.log
2013-07-31 23:12 - 2010-08-10 17:11 - 00729538 _____ C:\Windows\PFRO.log
2013-07-31 23:12 - 2010-08-10 16:48 - 00000000 ____D C:\Program Files\Google
2013-07-31 23:12 - 2010-08-10 16:48 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-31 23:07 - 2010-11-25 17:30 - 01417208 _____ C:\Windows\WindowsUpdate.log
2013-07-31 23:05 - 2011-11-19 18:54 - 00000000 ____D C:\Users\Eddie\AppData\Local\Conduit
2013-07-31 23:00 - 2011-01-23 05:42 - 00000000 ____D C:\Users\Eddie\AppData\Local\Google
2013-07-31 23:00 - 2010-08-10 16:48 - 00000000 ____D C:\ProgramData\Google
2013-07-31 22:58 - 2010-08-10 16:27 - 00000000 ____D C:\ProgramData\DDNi
2013-07-31 22:32 - 2011-01-27 19:28 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-07-31 22:19 - 2009-07-13 20:45 - 00013872 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 22:19 - 2009-07-13 20:45 - 00013872 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-31 22:03 - 2013-07-31 22:03 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-31 21:55 - 2013-07-31 21:55 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-31 21:50 - 2009-07-13 21:13 - 00780196 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-31 21:33 - 2013-07-18 07:23 - 00000000 ____D C:\Users\Eddie\AppData\Local\Stronghold Online Backup
2013-07-31 21:33 - 2012-08-21 10:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 21:32 - 2011-01-23 05:36 - 00000000 ____D C:\users\Eddie
2013-07-23 23:25 - 2013-07-23 23:25 - 00839168 _____ (Poly-enter-Software Solutions) C:\Users\Eddie\AppData\Roaming\mldefender.exe
2013-07-23 23:25 - 2013-07-23 23:25 - 00113664 _____ (ImDev Software Group) C:\Users\Eddie\ctfmon.exe
2013-07-23 23:25 - 2013-07-23 23:25 - 00000791 _____ C:\Users\Eddie\Desktop\Internet Security Pro.lnk
2013-07-23 23:25 - 2013-07-23 23:25 - 00000000 _____ C:\Users\Eddie\spoolsv.exe
2013-07-23 23:25 - 2013-07-23 23:25 - 00000000 _____ C:\Users\Eddie\notepad.exe
2013-07-23 23:24 - 2011-11-19 18:53 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\BitTorrent
2013-07-23 22:42 - 2013-07-23 22:20 - 00000000 ____D C:\Users\Eddie\Downloads\[ SPEED.CD :: You're home now! ] - Falling.Skies.S03E08.720p.HDTV.x264-EVOLVE
2013-07-23 22:25 - 2011-10-22 17:40 - 00000000 ____D C:\Users\Eddie\AppData\Local\CrashDumps
2013-07-23 22:23 - 2013-07-23 22:22 - 00000000 ____D C:\Users\Eddie\Downloads\Falling.Skies.S03E07.720p.HDTV.x264-IMMERSE[rarbg]
2013-07-23 22:23 - 2013-07-23 22:21 - 00000000 ____D C:\Users\Eddie\Downloads\Falling Skies (2013) S03E09 720p WEB-DL NL Subs SAM TBS
2013-07-23 21:09 - 2013-07-23 21:09 - 00000000 ____D C:\Program Files (x86)\LyricsSpeaker
2013-07-21 01:55 - 2013-04-25 18:58 - 00003376 _____ C:\Windows\System32\Tasks\AmiUpdXp
2013-07-19 11:25 - 2013-07-19 11:25 - 00010172 _____ C:\Users\Eddie\Documents\Weekly Clean up.xlsx
2013-07-18 07:23 - 2011-11-14 11:19 - 00000000 ____D C:\Users\Eddie\AppData\Local\Citrix
2013-07-17 16:33 - 2013-07-17 16:33 - 00001417 _____ C:\Users\Eddie\Desktop\Internet Explorer.lnk
2013-07-17 07:48 - 2010-08-10 16:48 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-17 07:48 - 2010-08-10 16:48 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-10 13:19 - 2013-07-10 13:19 - 00000000 ____D C:\Users\Eddie\Downloads\BIT TORRANT
2013-07-10 00:45 - 2013-07-05 07:44 - 00003044 _____ C:\Windows\System32\Tasks\LyricsSpeaker Update
2013-07-10 00:43 - 2009-07-13 20:45 - 00437568 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-10 00:42 - 2013-03-13 00:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 00:42 - 2013-03-13 00:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 00:39 - 2010-07-21 16:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 00:39 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 00:39 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 00:23 - 2011-01-23 08:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 00:12 - 2011-11-26 14:37 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-08 06:54 - 2012-06-11 19:33 - 00000000 ____D C:\Users\Eddie\Documents\IAMC
2013-07-05 07:44 - 2013-05-17 18:28 - 00000000 ____D C:\Program Files (x86)\SingAlong
2013-07-03 17:10 - 2010-08-10 16:27 - 00000000 ____D C:\Program Files (x86)\DDNi

Files to move or delete:
====================
C:\Users\Eddie\AppData\Local\Stronghold Online Backup\civymiwm.dll
C:\Users\Eddie\ctfmon.exe
C:\Users\Eddie\GoToAssistDownloadHelper.exe
C:\Users\Eddie\notepad.exe
C:\Users\Eddie\spoolsv.exe
C:\Users\Eddie\AppData\Roaming\skype.dat
C:\Users\Eddie\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-14 19:31:29
Restore point made on: 2013-06-17 21:59:17
Restore point made on: 2013-07-10 00:00:37
Restore point made on: 2013-07-23 23:53:05

==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3834.9 MB
Available physical RAM: 3222.87 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3215.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:456.26 GB) (Free:384.71 GB) NTFS (Disk=0 Partition=3)
Drive e: (Recovery) (Fixed) (Total:9.4 GB) (Free:0.82 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive g: (HITMANPRO) (Removable) (Total:7.44 GB) (Free:7.44 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B99EB1C8)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 95E6BCA3)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-07-23 23:45

==================== End Of Log ============================
My System SpecsSystem Spec
Reply

 GSOD safe mode no bueno




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:39 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33