GSOD safe mode no bueno

scythempress · Aug 1, 2013

Guy brings me his Sony VAIO running Win 7 Home SP1. Says that he was using it and got a warning that he has porn or something on his rig and either up 300 bucks or else. He shuts it down and now, it comes up normal, shows his desktop and then bam grey screen. Safe mode starts and then shuts down restarting to normal mode. Then same thing, desktop and finally grey screen. I cannot get through to do anything with it. He has no recovery disks, and I tried reverting to when it last operated right and nothing. Any help is appreciated. Also, the only safe mode that appears to work is with command prompt

MM

cottonball · Aug 1, 2013

scythempress,

Ransomware...bad news! A fake alert pretending to be from the United States Department of Justice, stating they have detected the user was viewing child pornography, etc.

Got a USB pen drive?

If so, let's use HitmanPro.Kickstart on the troubled computer, scan it for malware, and remove any infection that is present.

Also, you may want to print these instructions, so they are available to follow.

Load the USB flash drive with HitmanPro.Kickstart as follows...
Note: the contents of the USB flash drive are erased during this process!

Use the clean (non-infected) computer, and download:
HitmanPro.Kickstart - Anti ransomware, politievirus, bundestrojaner, Reveton, BKA, GVU - SurfRight

Under Download (on the right) select the program applicable to the infected system: 64-bit or 32-bit

When HitmanPro opens, click the KickStart icon at the bottom of the screen.

:ar: Plug in the USB flash drive.

When the USB flash drive is detected, a selection screen is presented.
Select the USB flash drive from the choices, and press: Install Kickstart
A warning that all contents of the selected flash drive will erase is presented.
Press: Yes

As the HitmanPro.Kickstart files are loaded, a progress indicator is shown on the screen.
Once the process is completed a screen is presented with the contents of HitmanPro.Kickstart

:ar: Remove the USB flash drive from the clean computer and press: Close

:info: Now, with the problem computer shut down, plug the USB flash drive into a USB port, and turn on the power.

When the computer starts, press the key that brings up the Boot Menu. (On some machines its F12, F10, or F2)

From there, select to boot from the USB drive. (It may say 'Removable Drive' in the options.)
Info: How to Remove Ransomware - Select Real Security

Once you select the USB flash drive to boot from, press: Enter

A KickStart prompt with USB boot options appears.
Select: 1 (Bypass the Master Boot Record (Default))

The system continues to boot from the hard drive and starts Windows.

If you get a message stating that Windows failed to start, etc., just select: Start Windows Normally

When Windows boots, you either get a logon screen, or the Desktop is started.
If you see a logon screen with your User name, logon with it.

In the next prompt, to start the program without installing to the local hard disk, select the option to do: One-time scan to check the computer

To start scanning for malware press: Next

If malware is detected, the program shows what malware is present on the system using a red framed screen as shown below:

Select Next to quarantine the malware into a secure storage where it can no longer start.

At the next screen, activate the 30-day free license:

After successful activation (30 days), press: Next

A screen indicating that the malware was successfully disabled or removed is presented.
Press: Next

To obtain a report of the scan results, press: Save log
Save the Notepad log!!
It has a name such as: HitmanPro_xxxxxxxx_xxxx

Remove the USB drive, and press: Reboot
If no malware is found, press: Close

After HitmanPro.Kickstart is done, you should be back into normal Windows.

:ar: Please post the HitmanPro log in your reply.

Faladu · Aug 1, 2013

Or remove the hard drive and scan/repair it from a known good system, that is method I have used, I have a SATA/EIDE to USB adaptor + power supply, so I just connect it up that way.

scythempress · Aug 1, 2013

Yeah tried that

New boot option was external device, once started had two options, either run win7 or run repair, been through both options, it is not my computer so there is no internet connection which it says it needs for hitman, any way thanks

cottonball · Aug 1, 2013

Almost incredible that in this day and age one cannot change the Boot order to boot from a pen drive.

scythempress · Aug 1, 2013

was waiting on the insult. Like all these sites gurus treating people like crap. thanks. totally expected. was really hoping this one was different. Did change to pen drive, the problem is I cannot get to anything for the grey screen so there is no way to make it use my internet for hitman. I was hoping the program would check the computer as it is, but it aborts because it wants an internet access I cannot give it.

scythempress · Aug 1, 2013

Ok so anyone please. The computer is up, the desktop basically appears to be behind a grey screen because when I shut it down, right before it shuts down it shows me the desktop intact. If I attempt safe mode, it automatically restarts unless I use safe mode with command prompt. While in grey screen if I attempt task manager, it allows me to choose it, but goes back to grey screen. Since I cannot open network connections, it cannot connect to the internet, and apparently unless hitman can take you back to its site for an exchange of monetary value, it cannot help you without a connection. So any thoughts on how to fix it without reloading the OS? Would like to save the guys files if possible.

VistaKing · Aug 1, 2013

scythempress

Lets try this

Warning

You will need a USB FLASH DRIVE

Tip

Download the Tool from a non infected PC

Farbar Recovery Scan Tool

Choose one that goes with your OS bit version . Save the file to a USB Flash drive

32-bit Version OS :ar: Farbar Recovery Scan Tool

64-Bit Version OS :ar: Farbar Recovery Scan Tool x64

Note

Click the

rb: button and right-click Computer .Select Properties . Look for System Type: which will say 32-bit Operating System or 64-bit Operating System

Plug the flash drive into the infected PC.

Enter System Recovery Options.

:ar: To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select Repair Your Computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

:ar: To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

:ar: On the System Recovery Options menu you will get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

Select Command Prompt

In the command window type X:\FRST.exe (for x64 bit version type X:\FRST64.exe) and press Enter

Note

Replace letter X with the drive letter of your flash drive.

Tip

Type the commands below to see what your letter is for the USB drive and press ENTER after each command

Code:

Diskpart
List volume

The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file

Upload the FRST.txt file

Note

FRST.txt file will be inside the root of the USB Flash Drive

scythempress · Aug 1, 2013

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by SYSTEM on 01-08-2013 02:46:55
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

Code:

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [221480 2010-05-16] (Alps Electric Co., Ltd.)
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKLM-x32\...\Run: [SmartWiHelper] - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [89080 2010-07-15] (Sony Electronics Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-21] (Sony Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKU\Eddie\...\Run: [Easy Dock] - C:\Users\Eddie\Documents\RCA easyRip\EZDock.exe [x]
HKU\Eddie\...\Run: [BackupAgent] - C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe [197448 2013-03-19] (Strongvault LLC)
HKU\Eddie\...\Run: [CRE] - rundll32 "C:\Users\Eddie\AppData\Local\Citrix\CRE\eodo.dll",DllRegisterServer [x] <===== ATTENTION
HKU\Eddie\...\Run: [Stronghold Online Backup] - C:\Users\Eddie\AppData\Local\Stronghold Online Backup\civymiwm.dll [690176 2013-07-18] (Microsoft Corporation) <===== ATTENTION
HKU\Eddie\...\Run: [Internet Security] - C:\Users\Eddie\AppData\Roaming\mldefender.exe [839168 2013-07-23] (Poly-enter-Software Solutions)
HKU\Eddie\...\Winlogon: [Shell] explorer.exe,C:\Users\Eddie\AppData\Roaming\skype.dat [113664 2011-11-16] (ImDev Software Group) <==== ATTENTION 

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1453872 2013-05-21] ()
S2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [252416 2010-05-25] (Sony Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2010-04-08] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [852336 2010-03-18] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1203568 2010-01-22] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [1157240 2011-11-30] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [1157240 2011-11-30] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-04] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-04] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120224.002\IDSvia64.sys [488568 2011-12-15] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120224.002\IDSvia64.sys [488568 2011-12-15] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120227.002\ENG64.SYS [117880 2011-12-06] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120227.002\ENG64.SYS [117880 2011-12-06] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120227.002\EX64.SYS [2048632 2011-12-06] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120227.002\EX64.SYS [2048632 2011-12-06] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-06-04] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
S2 IAStorDataMgrSvc; 
S2 MCSTRM; No ImagePath
S2 MSSQL$DDNI; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-01 02:46 - 2013-08-01 02:46 - 00000000 ____D C:\FRST
2013-07-31 22:03 - 2013-07-31 22:03 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-31 21:55 - 2013-07-31 21:55 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-23 23:29 - 2013-07-31 23:36 - 00000004 _____ C:\Users\Eddie\AppData\Roaming\skype.ini
2013-07-23 23:25 - 2013-07-23 23:25 - 00839168 _____ (Poly-enter-Software Solutions) C:\Users\Eddie\AppData\Roaming\mldefender.exe
2013-07-23 23:25 - 2013-07-23 23:25 - 00113664 _____ (ImDev Software Group) C:\Users\Eddie\ctfmon.exe
2013-07-23 23:25 - 2013-07-23 23:25 - 00000791 _____ C:\Users\Eddie\Desktop\Internet Security Pro.lnk
2013-07-23 23:25 - 2013-07-23 23:25 - 00000000 _____ C:\Users\Eddie\spoolsv.exe
2013-07-23 23:25 - 2013-07-23 23:25 - 00000000 _____ C:\Users\Eddie\notepad.exe
2013-07-23 22:22 - 2013-07-23 22:23 - 00000000 ____D C:\Users\Eddie\Downloads\Falling.Skies.S03E07.720p.HDTV.x264-IMMERSE[rarbg]
2013-07-23 22:21 - 2013-07-23 22:23 - 00000000 ____D C:\Users\Eddie\Downloads\Falling Skies (2013) S03E09 720p WEB-DL NL Subs SAM TBS
2013-07-23 22:20 - 2013-07-23 22:42 - 00000000 ____D C:\Users\Eddie\Downloads\[ [URL="http://www.Speed.Cd"]SPEED.CD :: You're home now![/URL] ] - Falling.Skies.S03E08.720p.HDTV.x264-EVOLVE
2013-07-23 21:09 - 2013-07-23 21:09 - 00000000 ____D C:\Program Files (x86)\LyricsSpeaker
2013-07-19 11:25 - 2013-07-19 11:25 - 00010172 _____ C:\Users\Eddie\Documents\Weekly Clean up.xlsx
2013-07-18 07:23 - 2013-07-31 21:33 - 00000000 ____D C:\Users\Eddie\AppData\Local\Stronghold Online Backup
2013-07-17 16:33 - 2013-07-17 16:33 - 00001417 _____ C:\Users\Eddie\Desktop\Internet Explorer.lnk
2013-07-10 13:19 - 2013-07-10 13:19 - 00000000 ____D C:\Users\Eddie\Downloads\BIT TORRANT
2013-07-10 00:11 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 00:11 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 00:11 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 00:11 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 00:11 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 00:11 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 00:11 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 00:11 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 00:11 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 00:11 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 00:11 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 00:11 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 00:11 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 00:11 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 00:11 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 00:11 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 00:11 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 00:11 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 00:11 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 00:11 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 00:11 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 00:10 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 00:10 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 00:10 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 00:10 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 00:10 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 00:10 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 00:10 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 00:10 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 00:10 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 00:10 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-09 23:47 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-09 23:47 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-09 23:47 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-09 23:47 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-09 23:39 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-09 23:28 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 23:28 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-05 07:44 - 2013-07-31 23:33 - 00000396 _____ C:\Windows\Tasks\LyricsSpeaker Update.job
2013-07-05 07:44 - 2013-07-10 00:45 - 00003044 _____ C:\Windows\System32\Tasks\LyricsSpeaker Update

scythempress · Aug 1, 2013

Code:

==================== One Month Modified Files and Folders =======

2013-08-01 00:30 - 2010-08-10 17:11 - 00000000 ____D C:\users\boinc_master
2013-08-01 00:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-01 00:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-07-31 23:36 - 2013-07-23 23:29 - 00000004 _____ C:\Users\Eddie\AppData\Roaming\skype.ini
2013-07-31 23:33 - 2013-07-05 07:44 - 00000396 _____ C:\Windows\Tasks\LyricsSpeaker Update.job
2013-07-31 23:33 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-31 23:33 - 2009-07-13 20:51 - 00133550 _____ C:\Windows\setupact.log
2013-07-31 23:12 - 2010-08-10 17:11 - 00729538 _____ C:\Windows\PFRO.log
2013-07-31 23:12 - 2010-08-10 16:48 - 00000000 ____D C:\Program Files\Google
2013-07-31 23:12 - 2010-08-10 16:48 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-31 23:07 - 2010-11-25 17:30 - 01417208 _____ C:\Windows\WindowsUpdate.log
2013-07-31 23:05 - 2011-11-19 18:54 - 00000000 ____D C:\Users\Eddie\AppData\Local\Conduit
2013-07-31 23:00 - 2011-01-23 05:42 - 00000000 ____D C:\Users\Eddie\AppData\Local\Google
2013-07-31 23:00 - 2010-08-10 16:48 - 00000000 ____D C:\ProgramData\Google
2013-07-31 22:58 - 2010-08-10 16:27 - 00000000 ____D C:\ProgramData\DDNi
2013-07-31 22:32 - 2011-01-27 19:28 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-07-31 22:19 - 2009-07-13 20:45 - 00013872 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 22:19 - 2009-07-13 20:45 - 00013872 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-31 22:03 - 2013-07-31 22:03 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-31 21:55 - 2013-07-31 21:55 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-31 21:50 - 2009-07-13 21:13 - 00780196 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-31 21:33 - 2013-07-18 07:23 - 00000000 ____D C:\Users\Eddie\AppData\Local\Stronghold Online Backup
2013-07-31 21:33 - 2012-08-21 10:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 21:32 - 2011-01-23 05:36 - 00000000 ____D C:\users\Eddie
2013-07-23 23:25 - 2013-07-23 23:25 - 00839168 _____ (Poly-enter-Software Solutions) C:\Users\Eddie\AppData\Roaming\mldefender.exe
2013-07-23 23:25 - 2013-07-23 23:25 - 00113664 _____ (ImDev Software Group) C:\Users\Eddie\ctfmon.exe
2013-07-23 23:25 - 2013-07-23 23:25 - 00000791 _____ C:\Users\Eddie\Desktop\Internet Security Pro.lnk
2013-07-23 23:25 - 2013-07-23 23:25 - 00000000 _____ C:\Users\Eddie\spoolsv.exe
2013-07-23 23:25 - 2013-07-23 23:25 - 00000000 _____ C:\Users\Eddie\notepad.exe
2013-07-23 23:24 - 2011-11-19 18:53 - 00000000 ____D C:\Users\Eddie\AppData\Roaming\BitTorrent
2013-07-23 22:42 - 2013-07-23 22:20 - 00000000 ____D C:\Users\Eddie\Downloads\[ [URL="http://www.Speed.Cd"]SPEED.CD :: You're home now![/URL] ] - Falling.Skies.S03E08.720p.HDTV.x264-EVOLVE
2013-07-23 22:25 - 2011-10-22 17:40 - 00000000 ____D C:\Users\Eddie\AppData\Local\CrashDumps
2013-07-23 22:23 - 2013-07-23 22:22 - 00000000 ____D C:\Users\Eddie\Downloads\Falling.Skies.S03E07.720p.HDTV.x264-IMMERSE[rarbg]
2013-07-23 22:23 - 2013-07-23 22:21 - 00000000 ____D C:\Users\Eddie\Downloads\Falling Skies (2013) S03E09 720p WEB-DL NL Subs SAM TBS
2013-07-23 21:09 - 2013-07-23 21:09 - 00000000 ____D C:\Program Files (x86)\LyricsSpeaker
2013-07-21 01:55 - 2013-04-25 18:58 - 00003376 _____ C:\Windows\System32\Tasks\AmiUpdXp
2013-07-19 11:25 - 2013-07-19 11:25 - 00010172 _____ C:\Users\Eddie\Documents\Weekly Clean up.xlsx
2013-07-18 07:23 - 2011-11-14 11:19 - 00000000 ____D C:\Users\Eddie\AppData\Local\Citrix
2013-07-17 16:33 - 2013-07-17 16:33 - 00001417 _____ C:\Users\Eddie\Desktop\Internet Explorer.lnk
2013-07-17 07:48 - 2010-08-10 16:48 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-17 07:48 - 2010-08-10 16:48 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-10 13:19 - 2013-07-10 13:19 - 00000000 ____D C:\Users\Eddie\Downloads\BIT TORRANT
2013-07-10 00:45 - 2013-07-05 07:44 - 00003044 _____ C:\Windows\System32\Tasks\LyricsSpeaker Update
2013-07-10 00:43 - 2009-07-13 20:45 - 00437568 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-10 00:42 - 2013-03-13 00:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 00:42 - 2013-03-13 00:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 00:39 - 2010-07-21 16:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 00:39 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 00:39 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 00:23 - 2011-01-23 08:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 00:12 - 2011-11-26 14:37 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-08 06:54 - 2012-06-11 19:33 - 00000000 ____D C:\Users\Eddie\Documents\IAMC
2013-07-05 07:44 - 2013-05-17 18:28 - 00000000 ____D C:\Program Files (x86)\SingAlong
2013-07-03 17:10 - 2010-08-10 16:27 - 00000000 ____D C:\Program Files (x86)\DDNi

Files to move or delete:
====================
C:\Users\Eddie\AppData\Local\Stronghold Online Backup\civymiwm.dll
C:\Users\Eddie\ctfmon.exe
C:\Users\Eddie\GoToAssistDownloadHelper.exe
C:\Users\Eddie\notepad.exe
C:\Users\Eddie\spoolsv.exe
C:\Users\Eddie\AppData\Roaming\skype.dat
C:\Users\Eddie\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-14 19:31:29
Restore point made on: 2013-06-17 21:59:17
Restore point made on: 2013-07-10 00:00:37
Restore point made on: 2013-07-23 23:53:05

==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3834.9 MB
Available physical RAM: 3222.87 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3215.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:456.26 GB) (Free:384.71 GB) NTFS (Disk=0 Partition=3)
Drive e: (Recovery) (Fixed) (Total:9.4 GB) (Free:0.82 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive g: (HITMANPRO) (Removable) (Total:7.44 GB) (Free:7.44 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B99EB1C8)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 95E6BCA3)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-07-23 23:45

==================== End Of Log ============================

PeaB4YouGo · Aug 1, 2013

Not for nothin', but isn't it possible to write Hitman to a bootable CD? I know that my BIOS doesn't include the option to boot from USB. There are probably others. Is it necessary to use a USB drive for a specific reason?

Faladu · Aug 1, 2013

Yes, remove the hard drive(s) and connect it/them up to clean system and back up their data there, then re-format the Hd(s), put back the critical data on a partition not used for the OS, and then return them to the system, then re-install Windows.

If the HD is 3+ years old, it's a good time to think about replacing it, also.

VistaKing · Aug 1, 2013

PeaB4YouGo said:
Not for nothin', but isn't it possible to write Hitman to a bootable CD? I know that my BIOS doesn't include the option to boot from USB. There are probably others. Is it necessary to use a USB drive for a specific reason?

Yes it is but you still would need a USB Flash drive to run HitmanPro . The bootable disc is only used if cant boot off your USB drive in the bios . You use the disc to do the Kickstart then it searches for the hitman pro exe file on your USB Flash drive .

cottonball · Aug 1, 2013

scythempress,

was waiting on the insult. Like all these sites gurus treating people like crap. thanks. totally expected.
was really hoping this one was different.

If my comment is perceived as an insult, you have my apology. The comment did not imply you, or your action. I treat people with the dignity deserved.

There are computers where the BIOS does not include the option to boot from USB, and, in this day an age of so many kinds of USB pen or external drives, to me, it seems incredible the manufacturer does not include the option to boot from them.

VistaKing · Aug 1, 2013

Some Sony Vaios don't . Like one of the All-in-Ones desktops running Windows 7 . Don't remember the exact model number .

VistaKing · Aug 1, 2013

scythempress

Sir , I think we deserve an apology for your comment no one here was treating you like crap . No one here said anything about your level of PC knowledge . We're a different forum then the others . We treat people here with respect .

scythempress · Aug 1, 2013

The comment was made, not by you vista and it contained this day and age cant do something simple I dont remember and if you want to go back and look feel free. It may not seem like an insult to you but trust me it did to me. Anyway it was not you so, kinda like all the people that felt the Zimmerman verdict was a slap in their face too even though they knew nobody involved. Not directed at or to you. Any way, I just came back to see if there was any helpful notes about hitman, seems I am the only one it wants an internet connection from, so I have to get back to it. If I offended you by talking back to someone else talking to me, sorry.

VistaKing · Aug 1, 2013

See if someone else could help you . Your comments are uncalled for including bringing up Zimmerman trial .

scythempress · Aug 2, 2013

For those that do not know, and without a condescending tone in my voice, in hitman go to advanced settings and check early warning scoring to place it in the drop down and choose it. No internet needed at this point but you have to check the "I am an expert" box to get it. Gentlemen, it worked. Cottonwood, my thanks for the hitman direction in the end it found 113 threats and deleted every one. I am now dumping some sites from his programs, Sweetpacks, ugh, and such. Vista not sure what the whole farbar thing was about but thanks for trying. Looks like I can take by friends computer back to him working. Obliged to all.

GSOD safe mode no bueno

New member

My Computer

Retired ol' hound...

My Computer

muhahaha!

My Computer

New member

My Computer

Retired ol' hound...

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

Celebrity Guest

My Computer

muhahaha!

My Computer

New member

My Computer

Retired ol' hound...

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

Similar threads