Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Black Screen/Blinking Cursor and boot.tideserv

Started by jadams0325 , Mar 06 2012 09:44 PM

  • This topic is locked This topic is locked

#1
jadams0325
Posted 06 March 2012 - 09:44 PM

jadams0325

    New Member

  • Member
  • Pip
  • 3 posts
Good evening, trying to save a laptop for a co-worker. It's a toshiba satellite l505d-gs6000 laptop, pc has windows 7 home premium 64 bit loaded. On startup, I get the bios splash screen, the screen goes blank with a white cursor blinking. Here's what I've tried so far...1) tried my windows 7 ultimate repair consol, did the repair startup option, and it said there was no windows image present. My co worker doesn't have any cd's with this and didn't make any system image cd's. 2)I downloaded norton bootable recovery tool, ran it from a flash drive, and it found boot.tideserv virus, but could not remove it. 3) downloaded AVG rescue cd suggested by this site on to the flash drive, and it didn't get past running the cd option. now I'm at the end of my rope and need help...

Edited by jadams0325, 06 March 2012 - 09:46 PM.

  • 0

Advertisements

#2
JSntgRvr
Posted 07 March 2012 - 08:59 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
:welcome:

Lets give it a try. You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

  • 0

#3
jadams0325
Posted 07 March 2012 - 04:36 PM

jadams0325

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Pressing F8 does not work...all I get after the bios flash screen is the black screen with the blinking cursor. If i hit the F12, I can go to the advanced boot menu where I can boot from the usb...
  • 0

#4
JSntgRvr
Posted 07 March 2012 - 06:42 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Lets try this tool. You will need a USB drive and a CD to burn. There will be several steps to follow.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh by noahdfear to your USB drive
  • Also Download Query.exe by noahdfear to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Once this process is completed, download Dumpit by noahdfear to the USB drive.
  • Remove the USB & CD and insert them in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • In some computers you need to tap F12 and choose to boot from the CD, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    volsnap.sys

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Close the Terminal.
  • Confirm that you see the file dumpit in your USB drive and double click on it.
  • After it has finished a report will be located in your USB drive named mbr.zip
  • Plug the USB back into the clean computer post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply. The mbr.zip file must be attached to your reply.

  • 0

#5
jadams0325
Posted 07 March 2012 - 07:15 PM

jadams0325

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
O.K. I got the the first method to work using my windows 7 recovery disk for my dell. here's what I got:
Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 07-03-2012 01
Ran by SYSTEM at 07-03-2012 21:08:40
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1482080 2009-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey [1448568 2010-09-15] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2010-01-27] (LogMeIn, Inc.)
HKU\brandi\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [22631608 2011-05-18] (ooVoo LLC)
HKU\brandi\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [4862384 2011-09-01] (Exent Technologies Ltd.)
HKU\brandi\...\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe [38408 2012-02-19] (MyWebSearch.com)
HKU\brandi\...\Policies\system: [LogonHoursAction] 2
HKU\brandi\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\brandi\...\Policies\system: [DisableTaskMgr] 1
HKU\Guest\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [22631608 2011-05-18] (ooVoo LLC)
HKU\Guest\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000 [4862384 2011-09-01] (Exent Technologies Ltd.)
HKU\Guest\...\Policies\system: [LogonHoursAction] 2
HKU\Guest\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\queenb437\...\Policies\system: [LogonHoursAction] 2
HKU\queenb437\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\ravens27\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [22631608 2011-05-18] (ooVoo LLC)
HKU\ravens27\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [4862384 2011-09-01] (Exent Technologies Ltd.)
HKU\ravens27\...\Policies\system: [LogonHoursAction] 2
HKU\ravens27\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\Parameters: [DhcpNameServer] 167.206.251.129 167.206.251.130

================================ Services (Whitelisted) ==================

2 AMD External Events Utility; C:\Windows\System32\atiesrxx.exe [203264 2009-07-29] (AMD)
2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [55144 2011-10-09] (Apple Inc.)
2 atashost; "C:\windows\SysWOW64\atashost.exe" [43912 2011-09-21] (WebEx Communications, Inc.)
2 cfWiMAXService; "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe" [248688 2009-08-10] (TOSHIBA CORPORATION)
4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
2 ConfigFree Gadget Service; "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe" [42368 2009-07-14] (TOSHIBA CORPORATION)
2 ConfigFree Service; "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe" [46448 2009-03-10] (TOSHIBA CORPORATION)
3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42840 2009-06-10] (Microsoft Corporation)
2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [136176 2010-11-24] (Google Inc.)
3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [136176 2010-11-24] (Google Inc.)
3 idsvc; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [856384 2009-06-10] (Microsoft Corporation)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2011-12-19] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2011-12-19] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2010-12-16] (LogMeIn, Inc.)
2 MyWebSearchService; C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [34320 2012-02-19] (MyWebSearch.com)
4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [116560 2009-06-10] (Microsoft Corporation)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\SymcPCCULaunchSvc.exe /s [123320 2011-09-29] (Symantec Corporation)
3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [441712 2008-11-03] (Microsoft Corporation)
3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-26] (Microsoft Corporation)
2 OurBabyMaker_27Service; C:\PROGRA~2\OURBAB~2\bar\1.bin\27barsvc.exe [36864 2011-03-25] (OurBabymaker)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\diMaster.dll" /prefetch:1 [132984 2011-09-29] (Symantec Corporation)
3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
3 TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)
2 TOSHIBA eco Utility Service; "C:\Program Files\TOSHIBA\TECO\TecoService.exe" [252272 2009-08-11] (TOSHIBA Corporation)
3 TOSHIBA HDD SSD Alert Service; "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" [137560 2009-08-03] (TOSHIBA Corporation)
3 TPCHSrv; "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" [826224 2009-08-04] (TOSHIBA Corporation)
2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [203776 2012-01-27] ()
2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Essentials\MsMpEng.exe" [x]

========================== Drivers (Whitelisted) =============

3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1146880 2009-06-10] (LSI Corp)
3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1394688 2009-06-19] (Atheros Communications, Inc.)
3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6037504 2009-07-30] (ATI Technologies Inc.)
0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [16440 2009-05-04] (Advanced Micro Devices Inc.)
3 b06bdrv; C:\Windows\System32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
3 ebdrv; C:\Windows\System32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
3 FwLnk; C:\Windows\System32\DRIVERS\FwLnk.sys [9216 2009-07-07] (TOSHIBA Corporation)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [1966624 2009-07-28] (Realtek Semiconductor Corp.)
3 ksthunk; C:\Windows\System32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2010-01-27] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [11552 2010-01-27] (LogMeIn, Inc.)
2 LMIRfsDriver; \??\C:\windows\system32\drivers\LMIRfsDriver.sys [72216 2010-01-27] (LogMeIn, Inc.)
1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [173984 2010-03-25] (Microsoft Corporation)
3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [40832 2010-03-25] (Microsoft Corporation)
3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [35008 2009-06-22] (TOSHIBA Corporation)
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [291328 2009-11-05] (Realtek )
3 rtl8192se; C:\Windows\System32\DRIVERS\rtl8192se.sys [1103904 2010-04-26] (Realtek Semiconductor Corporation )
0 tos_sps64; C:\Windows\System32\DRIVERS\tos_sps64.sys [482384 2009-07-24] (TOSHIBA Corporation)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [26840 2009-07-14] (TOSHIBA Corporation)
2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [14472 2009-06-19] (TOSHIBA Corporation)
3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-08-02] (Apple, Inc.)
2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [55400 2010-11-22] (Exent Technologies Ltd.)
4 LMIRfsClientNP; [x]
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-03-06 19:58 - 2012-03-06 19:58 - 0000000 ____D C:\NBRT
2012-03-06 08:56 - 2012-03-05 18:57 - 2804712 ____A (Symantec Corporation) C:\NPE.exe
2012-02-25 14:11 - 2008-01-19 02:36 - 0736768 ____A (Microsoft Corporation) C:\Windows\unbcl.dll
2012-02-25 14:11 - 2008-01-19 02:36 - 0348160 ____A (Microsoft Corporation) C:\Windows\spwizeng.dll
2012-02-25 14:11 - 2008-01-19 02:36 - 0218624 ____A (Microsoft Corporation) C:\Windows\wdscore.dll
2012-02-25 14:11 - 2008-01-19 02:34 - 0054272 ____A (Microsoft Corporation) C:\Windows\usmt2xtr.dll
2012-02-25 14:11 - 2008-01-19 02:31 - 0007680 ____A (Microsoft Corporation) C:\Windows\spwizres.dll
2012-02-25 14:11 - 2008-01-19 00:31 - 8322048 ____A (Microsoft Corporation) C:\Windows\spwizimg.dll
2012-02-25 14:11 - 2008-01-18 22:12 - 0112292 ____A C:\Windows\upgrade_bulk.xml
2012-02-25 14:11 - 2008-01-18 22:12 - 0053484 ____A C:\Windows\upgWow_bulk.xml
2012-02-25 14:11 - 2008-01-18 22:12 - 0009173 ____A C:\Windows\SFPAT.inf
2012-02-25 14:11 - 2008-01-18 22:12 - 0004731 ____A C:\Windows\SFPATXP.inf
2012-02-25 14:11 - 2008-01-18 22:12 - 0003220 ____A C:\Windows\SFPATLH.inf
2012-02-25 14:11 - 2006-11-02 07:35 - 0002309 ____A C:\Windows\SFPAT2K.inf
2012-02-25 14:10 - 2012-02-25 12:21 - 0000046 ____A C:\Windows\cd_setting.ini
2012-02-25 14:10 - 2008-01-19 02:42 - 0155704 ____A (Microsoft Corporation) C:\Windows\migwiz.exe
2012-02-25 14:10 - 2008-01-19 02:42 - 0150584 ____A (Microsoft Corporation) C:\Windows\MigSetup.exe
2012-02-25 14:10 - 2008-01-19 02:35 - 0087552 ____A (Microsoft Corporation) C:\Windows\MXEAgent.dll
2012-02-25 14:10 - 2008-01-19 02:34 - 7463424 ____A (Microsoft Corporation) C:\Windows\migcore.dll
2012-02-25 14:10 - 2008-01-19 02:34 - 0479232 ____A (Microsoft Corporation) C:\Windows\docagent.dll
2012-02-25 14:10 - 2008-01-19 02:34 - 0445952 ____A (Microsoft Corporation) C:\Windows\migui.dll
2012-02-25 14:10 - 2008-01-19 02:34 - 0248832 ____A (Microsoft Corporation) C:\Windows\csiagent.dll
2012-02-25 14:10 - 2008-01-19 02:34 - 0171520 ____A (Microsoft Corporation) C:\Windows\MigSys.dll
2012-02-25 14:10 - 2008-01-19 02:34 - 0095232 ____A (Microsoft Corporation) C:\Windows\migisol.dll
2012-02-25 14:10 - 2008-01-19 02:33 - 0258560 ____A (Microsoft Corporation) C:\Windows\mighost.exe
2012-02-25 14:10 - 2008-01-19 02:33 - 0159232 ____A (Microsoft Corporation) C:\Windows\cmi2migxml.dll
2012-02-25 14:10 - 2008-01-05 06:38 - 2462746 ____A C:\Windows\SFLISTLH.dat
2012-02-25 14:10 - 2008-01-05 06:38 - 1427046 ____A C:\Windows\SFLISTXP.dat
2012-02-25 14:10 - 2008-01-05 06:38 - 0634268 ____A C:\Windows\SFLIST2K.dat
2012-02-25 14:10 - 2006-11-02 07:35 - 3295232 ____A (Microsoft Corporation) C:\Windows\MIGUIImg.dll
2012-02-25 14:10 - 2006-11-02 07:35 - 0838188 ____A C:\Windows\MigApp.xml
2012-02-25 14:10 - 2006-11-02 07:35 - 0573440 ____A C:\Windows\progress.avi
2012-02-25 14:10 - 2006-11-02 07:35 - 0082944 ____A (Microsoft Corporation) C:\Windows\MIGUIRes.dll
2012-02-25 14:10 - 2006-11-02 07:35 - 0009216 ____A (Microsoft Corporation) C:\Windows\migres.dll
2012-02-25 14:10 - 2006-11-02 07:35 - 0000092 ____A C:\Windows\migfiles.dat
2012-02-25 14:10 - 2006-10-02 21:10 - 0511292 ____A C:\Windows\segoeui.ttf
2012-02-25 13:48 - 2009-07-14 02:17 - 0111880 ____A (Microsoft Corporation) C:\SETUP.EXE
2012-02-22 07:27 - 2012-02-22 07:27 - 0000664 ___AH C:\Users\brandi\Desktop\System Check.lnk
2012-02-22 07:27 - 2012-02-22 07:27 - 0000344 ___AH C:\Users\All Users\3oXTeWDLckigB5
2012-02-22 07:27 - 2012-02-22 07:27 - 0000344 ___AH C:\ProgramData\3oXTeWDLckigB5
2012-02-22 07:27 - 2012-02-22 07:27 - 0000312 ___AH C:\Users\All Users\~3oXTeWDLckigB5
2012-02-22 07:27 - 2012-02-22 07:27 - 0000312 ___AH C:\ProgramData\~3oXTeWDLckigB5
2012-02-22 07:27 - 2012-02-22 07:27 - 0000192 ___AH C:\Users\All Users\~3oXTeWDLckigB5r
2012-02-22 07:27 - 2012-02-22 07:27 - 0000192 ___AH C:\ProgramData\~3oXTeWDLckigB5r
2012-02-19 20:51 - 2012-02-19 20:52 - 0000000 ___HD C:\Program Files (x86)\Norton PC Checkup
2012-02-19 20:51 - 2012-02-19 20:51 - 0000000 ___HD C:\Program Files (x86)\NortonInstaller
2012-02-19 20:51 - 2012-02-19 20:51 - 0000000 ____D C:\Windows\System32\Drivers\NortonPCCheckupx64
2012-02-19 19:51 - 2012-02-19 19:51 - 0038320 ___AH (FunWebProducts.com) C:\Windows\SysWOW64\f3PSSavr.scr
2012-02-19 19:51 - 2012-02-19 19:51 - 0000000 __AHD C:\Program Files (x86)\FunWebProducts
2012-02-19 19:51 - 2012-02-19 19:51 - 0000000 ___HD C:\Program Files (x86)\MyWebSearch
2012-02-19 17:54 - 2012-02-19 17:54 - 0000000 ___HD C:\Users\ravens27\AppData\Roaming\ooVoo Details
2012-02-16 19:57 - 2012-02-17 06:55 - 0000000 ____D C:\Remote Programs
2012-02-16 19:57 - 2012-02-16 19:59 - 0000000 ___HD C:\Program Files (x86)\Free Ride Games
2012-02-16 19:57 - 2012-02-16 19:57 - 0000064 ____A C:\Windows\GPlrLanc.dat
2012-02-16 19:57 - 2012-02-16 19:57 - 0000000 ___HD C:\Users\All Users\Free Ride Games
2012-02-16 19:57 - 2012-02-16 19:57 - 0000000 ___HD C:\ProgramData\Free Ride Games
2012-02-16 19:57 - 2012-02-16 19:57 - 0000000 ___HD C:\Program Files (x86)\ADLGames Solitaire Kingdom Supreme
2012-02-16 19:57 - 2011-09-01 14:25 - 0053314 ____N (Exent Technologies Ltd.) C:\Windows\ExentInfo.exe
2012-02-16 19:57 - 2010-07-07 11:01 - 0017542 ____N C:\Windows\FRGN.ico
2012-02-16 19:56 - 2012-02-16 19:57 - 0000000 ___HD C:\Program Files (x86)\Amazon Browser Bar
2012-02-16 19:56 - 2012-02-16 19:56 - 0090624 ___AH C:\Users\Public\AlexaNSISPlugin.3448.dll
2012-02-16 19:56 - 2012-02-16 19:56 - 0000000 ___HD C:\Program Files (x86)\Amazon
2012-02-16 10:53 - 2012-02-16 10:53 - 0012052 ___AH C:\Users\brandi\Documents\I Tampa FL.docx
2012-02-15 17:45 - 2012-01-13 20:02 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-15 17:45 - 2012-01-04 01:59 - 14164480 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-02-15 17:45 - 2012-01-04 01:58 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-02-15 17:45 - 2012-01-04 01:03 - 12868096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-02-15 17:45 - 2012-01-04 01:03 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-02-15 17:45 - 2012-01-02 22:24 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-02-15 17:45 - 2012-01-02 21:44 - 0478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-02-15 17:45 - 2011-12-27 19:59 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-02-15 17:44 - 2011-12-16 00:45 - 1501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-15 17:44 - 2011-12-16 00:45 - 1197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-15 17:44 - 2011-12-16 00:45 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-15 17:44 - 2011-12-16 00:42 - 9335296 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-15 17:44 - 2011-12-16 00:42 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-02-15 17:44 - 2011-12-16 00:42 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-15 17:44 - 2011-12-16 00:42 - 0634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-15 17:44 - 2011-12-16 00:42 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-15 17:44 - 2011-12-16 00:42 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-15 17:44 - 2011-12-16 00:41 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-15 17:44 - 2011-12-16 00:41 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-15 17:44 - 2011-12-16 00:40 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-15 17:44 - 2011-12-16 00:40 - 12372480 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-15 17:44 - 2011-12-16 00:40 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-15 17:44 - 2011-12-16 00:40 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-15 17:44 - 2011-12-16 00:40 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-15 17:44 - 2011-12-16 00:38 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-15 17:44 - 2011-12-16 00:02 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-15 17:44 - 2011-12-16 00:02 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-15 17:44 - 2011-12-16 00:02 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-15 17:44 - 2011-12-15 23:59 - 5999104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-15 17:44 - 2011-12-15 23:59 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-02-15 17:44 - 2011-12-15 23:59 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-02-15 17:44 - 2011-12-15 23:59 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-15 17:44 - 2011-12-15 23:59 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-15 17:44 - 2011-12-15 23:59 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-02-15 17:44 - 2011-12-15 23:58 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-15 17:44 - 2011-12-15 23:58 - 10991104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-15 17:44 - 2011-12-15 23:58 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-02-15 17:44 - 2011-12-15 23:58 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-02-15 17:44 - 2011-12-15 23:58 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-15 17:44 - 2011-12-15 23:58 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-15 17:44 - 2011-12-15 23:58 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-02-15 17:44 - 2011-12-15 23:56 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-02-15 17:44 - 2011-12-15 23:26 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-15 17:44 - 2011-12-15 22:49 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-02-15 17:44 - 2011-12-15 22:43 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-15 17:44 - 2011-12-15 22:15 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-14 19:09 - 2012-02-14 19:09 - 0009892 ___AH C:\Users\brandi\Documents\bonkb.docx


============ 3 Months Modified Files and Folders ===============

2012-03-07 21:09 - 2012-03-07 21:08 - 0000000 ____D C:\FRST
2012-03-06 19:58 - 2012-03-06 19:58 - 0000000 ____D C:\NBRT
2012-03-05 18:57 - 2012-03-06 08:56 - 2804712 ____A (Symantec Corporation) C:\NPE.exe
2012-03-05 18:32 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-02-25 12:21 - 2012-02-25 14:10 - 0000046 ____A C:\Windows\cd_setting.ini
2012-02-22 07:32 - 2010-04-19 20:22 - 1301075 ____A C:\Windows\WindowsUpdate.log
2012-02-22 07:27 - 2012-02-22 07:27 - 0000664 ___AH C:\Users\brandi\Desktop\System Check.lnk
2012-02-22 07:27 - 2012-02-22 07:27 - 0000344 ___AH C:\Users\All Users\3oXTeWDLckigB5
2012-02-22 07:27 - 2012-02-22 07:27 - 0000344 ___AH C:\ProgramData\3oXTeWDLckigB5
2012-02-22 07:27 - 2012-02-22 07:27 - 0000312 ___AH C:\Users\All Users\~3oXTeWDLckigB5
2012-02-22 07:27 - 2012-02-22 07:27 - 0000312 ___AH C:\ProgramData\~3oXTeWDLckigB5
2012-02-22 07:27 - 2012-02-22 07:27 - 0000192 ___AH C:\Users\All Users\~3oXTeWDLckigB5r
2012-02-22 07:27 - 2012-02-22 07:27 - 0000192 ___AH C:\ProgramData\~3oXTeWDLckigB5r
2012-02-22 07:00 - 2010-11-24 19:16 - 0000898 ___AH C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-02-21 22:35 - 2010-07-12 17:34 - 0000000 ___HD C:\Users\All Users\LogMeIn
2012-02-21 22:35 - 2010-07-12 17:34 - 0000000 ___HD C:\ProgramData\LogMeIn
2012-02-21 13:51 - 2010-11-24 19:16 - 0000894 ___AH C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-02-21 09:34 - 2010-12-09 17:03 - 0019070 ___AH C:\Users\brandi\Documents\Brandi R.docx
2012-02-21 09:20 - 2011-05-09 05:44 - 0011878 ___AH C:\Users\brandi\Documents\Lja.coverlet.dot.rss.docx
2012-02-21 08:56 - 2009-07-13 20:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-21 08:56 - 2009-07-13 20:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-21 08:48 - 2010-07-12 17:26 - 0050335 ____A C:\Windows\setupact.log
2012-02-21 08:48 - 2010-07-12 17:26 - 0021426 ____A C:\Windows\PFRO.log
2012-02-21 08:48 - 2010-04-19 20:17 - 3016884224 __ASH C:\hiberfil.sys
2012-02-21 08:48 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-19 20:52 - 2012-02-19 20:51 - 0000000 ___HD C:\Program Files (x86)\Norton PC Checkup
2012-02-19 20:51 - 2012-02-19 20:51 - 0000000 ___HD C:\Program Files (x86)\NortonInstaller
2012-02-19 20:51 - 2012-02-19 20:51 - 0000000 ____D C:\Windows\System32\Drivers\NortonPCCheckupx64
2012-02-19 20:51 - 2010-04-19 20:58 - 0000000 ___HD C:\Users\All Users\NortonInstaller
2012-02-19 20:51 - 2010-04-19 20:58 - 0000000 ___HD C:\Users\All Users\Norton
2012-02-19 20:51 - 2010-04-19 20:58 - 0000000 ___HD C:\ProgramData\NortonInstaller
2012-02-19 20:51 - 2010-04-19 20:58 - 0000000 ___HD C:\ProgramData\Norton
2012-02-19 20:51 - 2009-07-13 19:20 - 0000000 ___RD C:\Program Files (x86)
2012-02-19 19:51 - 2012-02-19 19:51 - 0038320 ___AH (FunWebProducts.com) C:\Windows\SysWOW64\f3PSSavr.scr
2012-02-19 19:51 - 2012-02-19 19:51 - 0000000 __AHD C:\Program Files (x86)\FunWebProducts
2012-02-19 19:51 - 2012-02-19 19:51 - 0000000 ___HD C:\Program Files (x86)\MyWebSearch
2012-02-19 19:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64
2012-02-19 17:59 - 2011-10-28 14:09 - 0000000 ___HD C:\Users\brandi\Incomplete
2012-02-19 17:54 - 2012-02-19 17:54 - 0000000 ___HD C:\Users\ravens27\AppData\Roaming\ooVoo Details
2012-02-19 17:53 - 2011-11-23 13:29 - 0000174 ___SH C:\Users\ravens27\Start Menu\Programs\Startup\desktop.ini
2012-02-19 17:53 - 2011-11-23 13:29 - 0000174 ___SH C:\Users\ravens27\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-17 16:22 - 2010-07-12 17:46 - 0000000 ___HD C:\Users\brandi\AppData\Roaming\Azureus
2012-02-17 16:22 - 2010-07-12 17:46 - 0000000 ___HD C:\Program Files (x86)\Vuze
2012-02-17 15:48 - 2009-07-13 21:08 - 0032564 ___AH C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-17 06:55 - 2012-02-16 19:57 - 0000000 ____D C:\Remote Programs
2012-02-16 19:59 - 2012-02-16 19:57 - 0000000 ___HD C:\Program Files (x86)\Free Ride Games
2012-02-16 19:57 - 2012-02-16 19:57 - 0000064 ____A C:\Windows\GPlrLanc.dat
2012-02-16 19:57 - 2012-02-16 19:57 - 0000000 ___HD C:\Users\All Users\Free Ride Games
2012-02-16 19:57 - 2012-02-16 19:57 - 0000000 ___HD C:\ProgramData\Free Ride Games
2012-02-16 19:57 - 2012-02-16 19:57 - 0000000 ___HD C:\Program Files (x86)\ADLGames Solitaire Kingdom Supreme
2012-02-16 19:57 - 2012-02-16 19:56 - 0000000 ___HD C:\Program Files (x86)\Amazon Browser Bar
2012-02-16 19:57 - 2009-11-12 18:46 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-02-16 19:57 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-02-16 19:56 - 2012-02-16 19:56 - 0090624 ___AH C:\Users\Public\AlexaNSISPlugin.3448.dll
2012-02-16 19:56 - 2012-02-16 19:56 - 0000000 ___HD C:\Program Files (x86)\Amazon
2012-02-16 19:56 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Public
2012-02-16 10:53 - 2012-02-16 10:53 - 0012052 ___AH C:\Users\brandi\Documents\I Tampa FL.docx
2012-02-16 08:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Microsoft.NET
2012-02-16 08:00 - 2010-07-12 13:21 - 0000174 ___SH C:\Users\brandi\Start Menu\Programs\Startup\desktop.ini
2012-02-16 08:00 - 2010-07-12 13:21 - 0000174 ___SH C:\Users\brandi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 07:41 - 2009-07-13 20:45 - 0375016 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-15 18:39 - 2009-07-13 21:13 - 0740374 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-15 18:35 - 2010-07-12 17:48 - 54585368 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-15 11:01 - 2010-08-14 18:45 - 0000000 ___HD C:\Users\brandi\AppData\Local\ElevatedDiagnostics
2012-02-14 19:17 - 2011-04-21 09:29 - 0060185 ___AH C:\Users\brandi\Documents\Larry J.resume.docx
2012-02-14 19:09 - 2012-02-14 19:09 - 0009892 ___AH C:\Users\brandi\Documents\bonkb.docx
2012-02-14 11:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-02-10 17:36 - 2011-10-28 14:08 - 0000000 ___HD C:\Users\brandi\AppData\Roaming\MP3Rocket
2012-01-31 04:44 - 2010-07-12 16:33 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-22 15:37 - 2012-01-22 15:37 - 0000000 ___HD C:\Users\ravens27\AppData\Local\Apple
2012-01-14 11:50 - 2011-07-25 20:24 - 0000000 ___HD C:\Program Files (x86)\Ask.com
2012-01-13 20:02 - 2012-02-15 17:45 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-04 01:59 - 2012-02-15 17:45 - 14164480 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 01:58 - 2012-02-15 17:45 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 01:03 - 2012-02-15 17:45 - 12868096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 01:03 - 2012-02-15 17:45 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-01-02 22:24 - 2012-02-15 17:45 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-01-02 21:44 - 2012-02-15 17:45 - 0478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2011-12-31 09:47 - 2011-10-28 14:08 - 0000000 ___HD C:\Program Files (x86)\MP3 Rocket
2011-12-28 18:39 - 2010-07-12 17:34 - 0000000 ___HD C:\Program Files (x86)\LogMeIn
2011-12-28 18:24 - 2011-12-28 18:24 - 0000000 ___AH C:\Users\ravens27\AppData\Local\BIT54D2.tmp
2011-12-28 18:23 - 2011-12-28 18:23 - 0000000 ___AH C:\Users\ravens27\AppData\Local\{7A733343-A227-41D0-86DA-E3A0178F670D}
2011-12-27 19:59 - 2012-02-15 17:45 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-12-21 18:43 - 2011-12-21 18:43 - 1143888 ___AH (ooVoo LLC) C:\Users\ravens27\Downloads\ooVooSetup(2).exe
2011-12-21 18:43 - 2011-12-21 18:42 - 1143888 ___AH (ooVoo LLC) C:\Users\ravens27\Downloads\ooVooSetup.exe
2011-12-19 17:20 - 2010-07-12 17:34 - 0087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2011-12-19 17:20 - 2010-07-12 17:34 - 0080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2011-12-19 17:20 - 2010-07-12 17:34 - 0034688 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2011-12-16 00:45 - 2012-02-15 17:44 - 1501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-16 00:45 - 2012-02-15 17:44 - 1197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-16 00:45 - 2012-02-15 17:44 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-16 00:42 - 2012-02-15 17:44 - 9335296 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-16 00:42 - 2012-02-15 17:44 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-12-16 00:42 - 2012-02-15 17:44 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-12-16 00:42 - 2012-02-15 17:44 - 0634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2011-12-16 00:42 - 2012-02-15 17:44 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-16 00:42 - 2012-02-15 17:44 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-12-16 00:41 - 2012-02-15 17:44 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-16 00:41 - 2012-02-15 17:44 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-12-16 00:40 - 2012-02-15 17:44 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-16 00:40 - 2012-02-15 17:44 - 12372480 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-16 00:40 - 2012-02-15 17:44 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-12-16 00:40 - 2012-02-15 17:44 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-12-16 00:40 - 2012-02-15 17:44 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-16 00:38 - 2012-02-15 17:44 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-12-16 00:02 - 2012-02-15 17:44 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-12-16 00:02 - 2012-02-15 17:44 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-12-16 00:02 - 2012-02-15 17:44 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-12-15 23:59 - 2012-02-15 17:44 - 5999104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-12-15 23:59 - 2012-02-15 17:44 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2011-12-15 23:59 - 2012-02-15 17:44 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-12-15 23:59 - 2012-02-15 17:44 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-12-15 23:59 - 2012-02-15 17:44 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-12-15 23:59 - 2012-02-15 17:44 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-12-15 23:58 - 2012-02-15 17:44 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-12-15 23:58 - 2012-02-15 17:44 - 10991104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-12-15 23:58 - 2012-02-15 17:44 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-12-15 23:58 - 2012-02-15 17:44 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-12-15 23:58 - 2012-02-15 17:44 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-12-15 23:58 - 2012-02-15 17:44 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-12-15 23:58 - 2012-02-15 17:44 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-12-15 23:56 - 2012-02-15 17:44 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-12-15 23:26 - 2012-02-15 17:44 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-12-15 22:49 - 2012-02-15 17:44 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-12-15 22:43 - 2012-02-15 17:44 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-15 22:15 - 2012-02-15 17:44 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-12-15 17:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-12-15 15:50 - 2011-12-15 15:50 - 0414368 ___AH (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

========================= Known DLLs (Whitelisted) ============

C:\Windows\System32\DllDirectory32.dll is missing

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2011-04-27 14:15] - [2011-02-25 22:23] - 2870272 ____A (Microsoft Corporation)

C:\Windows\System32\winlogon.exe
[2010-07-12 17:36] - [2009-10-27 22:24] - 0389632 ____A (Microsoft Corporation) DA3E2A6FA9660CC75B471530CE88453A

C:\Windows\System32\wininit.exe
[2009-07-13 15:52] - [2009-07-13 17:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA

C:\Windows\System32\svchost.exe
[2009-07-13 15:31] - [2009-07-13 17:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\System32\User32.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6

C:\Windows\System32\Drivers\volsnap.sys
[2009-07-13 15:20] - [2009-07-13 17:45] - 0294992 ____A (Microsoft Corporation) 58F82EED8CA24B461441F9C3E4F0BF5C


========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 3836.17 MB
Available physical RAM: 3374.95 MB
Total Pagefile: 3834.45 MB
Available Pagefile: 3378.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.31 MB

======================= Partitions =========================

1 Drive c: (TI105736W0B) (Fixed) (Total:287.61 GB) (Free:227.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (CD_ROM) (CDROM) (Total:3.48 GB) (Free:0 GB) CDFS
4 Drive f: () (Removable) (Total:1.8 GB) (Free:1.8 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1852 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 287 GB 1501 MB
Partition 3 Primary 9 GB 289 GB
Partition 4 Primary 336 KB 298 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105736W0B NTFS Partition 287 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1851 MB 64 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 1851 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-02-19 20:25

======================= End Of Log ==========================
  • 0

#6
JSntgRvr
Posted 08 March 2012 - 10:35 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
There seems to be a problem in the Partitions Table. The following instructions are similar to FRST:

For x86 (x32) bit systems please download Listparts
For x64 bit systems please download Listparts64
and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\ListParts.exe (for x64 bit version type e:\ListParts64.exe) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Put check mark on List BCD.
  • Press the Scan button.
  • It will make a log (Result.txt) in the flash drive. Please copy and paste it to your reply.

  • 0

#7
JSntgRvr
Posted 25 April 2012 - 09:43 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Due to the lack of feedback this Topic is closed. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP