Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
PCeu virus leading to an entire system crash
Message
<blockquote data-quote="Harry" data-source="post: 120234" data-attributes="member: 8150"><p>Thanks very much Kuttus. By pressing the windows button at the bottom of the keyboard repeatedly as a last resort during reboot I managed to get through to the screen that allowed me to select the 'command prompt', since my last post.</p><p></p><p>This is the FRST.txt - It seem it has a very large amount to tell me...</p><p></p><p></p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2013 01</p><p>Ran by SYSTEM on 12-05-2013 01:47:55</p><p>Running from G:\</p><p>Windows 7 Home Premium (X64) OS Language: English(US)</p><p>Internet Explorer Version 9</p><p>Boot Mode: Recovery</p><p>The current controlset is ControlSet001</p><p><strong>ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.</strong></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)</p><p>HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610360 2009-07-08] ()</p><p>HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)</p><p>HKLM-x32\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, [26624 2010-11-20] (Microsoft Corporation)</p><p>HKLM-x32\...\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()</p><p>HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-29] (Advanced Micro Devices, Inc.)</p><p>HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [218408 2009-02-25] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [581480 2009-05-12] (Symantec Corporation)</p><p>HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2009-12-21] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [948672 2009-12-11] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)</p><p>HKLM-x32\...\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run [167936 2011-03-23] (Applian Technologies, Inc.)</p><p>HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [371864 2012-04-05] (Citrix Systems, Inc.)</p><p>HKLM-x32\...\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" [1074736 2013-04-25] (Iminent)</p><p>HKLM-x32\...\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-04-25] (Iminent)</p><p>HKU\Default\...\Run: [HPADVISOR] [x]</p><p>HKU\Default User\...\Run: [HPADVISOR] [x]</p><p>HKU\Magnall\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1689144 2010-06-29] (Hewlett-Packard)</p><p>HKU\Magnall\...\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [81952 2012-10-30] (PC Utilities Pro)</p><p>HKU\Magnall\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Magnall\Documents\79bf9f2f.exe [30208 2013-05-11] ()</p><p>HKU\Magnall\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation)</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)</p><p>S2 MyWebSearchService; C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [28762 2010-08-10] (MyWebSearch.com)</p><p>S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll [554288 2013-03-29] (Symantec Corporation)</p><p>S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1124184 2013-02-13] (Trusteer Ltd.)</p><p>S2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2795048 2013-04-24] (Iminent)</p><p>S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1024384 2013-01-14] (Enigma Software Group USA, LLC.)</p><p>S2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-03-28] (Wajam)</p><p>S2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S1 acedrv09; C:\Windows\system32\drivers\acedrv09.sys [134880 2012-03-13] ()</p><p>S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [1390680 2013-04-12] (Symantec Corporation)</p><p>S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-15] (Symantec Corporation)</p><p>S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-03-14] (Symantec Corporation)</p><p>S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()</p><p>S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130510.022\ENG64.SYS [126192 2013-03-14] (Symantec Corporation)</p><p>S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130510.022\EX64.SYS [2087664 2013-03-14] (Symantec Corporation)</p><p>S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2009-10-06] (Nokia)</p><p>S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18944 2009-10-06] (Nokia)</p><p>S1 RapportCerberus_50414; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_50414.sys [585944 2013-03-14] ()</p><p>S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [228760 2013-02-13] (Trusteer Ltd.)</p><p>S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [175352 2013-03-14] (Trusteer Ltd.)</p><p>S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [357272 2013-02-13] (Trusteer Ltd.)</p><p>S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-09-15] (Symantec Corporation)</p><p>S1 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1403010.016\ccSetx64.sys [x]</p><p>S1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130503.001\IDSvia64.sys [x]</p><p>S0 RapportKE64; System32\Drivers\RapportKE64.sys [x]</p><p>S0 sr; </p><p>S1 SRTSP; \SystemRoot\System32\Drivers\NISx64\1403010.016\SRTSP64.SYS [x]</p><p>S1 SRTSPX; \SystemRoot\system32\drivers\NISx64\1403010.016\SRTSPX64.SYS [x]</p><p>S0 SymDS; system32\drivers\NISx64\1403010.016\SYMDS64.SYS [x]</p><p>S0 SymEFA; system32\drivers\NISx64\1403010.016\SYMEFA64.SYS [x]</p><p>S1 SymIRON; \SystemRoot\system32\drivers\NISx64\1403010.016\Ironx64.SYS [x]</p><p>S1 SymNetS; \SystemRoot\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS [x]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-05-12 01:47 - 2013-05-12 01:47 - 00000000 ____D C:\FRST</p><p>2013-05-11 11:06 - 2013-05-11 11:06 - 01038447 ____A C:\Users\Magnall\AppData\Roaming\2433f433</p><p>2013-05-11 11:06 - 2013-05-11 11:06 - 01038410 ____A C:\ProgramData\2433f433</p><p>2013-05-11 11:06 - 2013-05-11 11:06 - 01038392 ____A C:\Users\Magnall\AppData\Local\2433f433</p><p>2013-05-11 11:06 - 2013-05-11 11:06 - 00030208 ____A C:\Users\Magnall\Documents\79bf9f2f.exe</p><p>2013-05-09 05:48 - 2013-05-09 05:48 - 00276232 ____A C:\Windows\Minidump\050913-74381-01.dmp</p><p>2013-05-01 14:58 - 2013-05-01 14:58 - 00000000 ____D C:\Users\Magnall\AppData\Roaming\Optimizer Pro</p><p>2013-05-01 14:54 - 2013-05-11 23:35 - 00000000 ____D C:\Program Files (x86)\Wajam</p><p>2013-05-01 14:54 - 2013-05-11 11:59 - 00000000 ____A C:\end</p><p>2013-05-01 14:54 - 2013-05-01 14:54 - 00000000 ____D C:\Users\Magnall\AppData\Local\Wajam</p><p>2013-05-01 14:52 - 2013-05-11 23:35 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro</p><p>2013-05-01 14:52 - 2013-05-01 14:52 - 00001024 ____A C:\Users\Magnall\Desktop\Optimizer Pro.lnk</p><p>2013-05-01 14:52 - 2013-05-01 14:52 - 00000000 ____D C:\Users\Magnall\AppData\Roaming\Iminent</p><p>2013-05-01 14:51 - 2013-05-01 14:51 - 00000000 ____D C:\ProgramData\Iminent</p><p>2013-05-01 14:50 - 2013-05-01 14:51 - 00000620 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog</p><p>2013-05-01 14:49 - 2013-05-11 23:35 - 00000000 ____D C:\Program Files (x86)\Iminent</p><p>2013-05-01 14:45 - 2012-09-12 06:20 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys</p><p>2013-04-23 13:53 - 2013-04-23 13:53 - 00219575 ____A C:\Users\Magnall\Desktop\ACL reco_ hamstring graft results is hamstring tendonitis.htm</p><p>2013-04-23 13:53 - 2013-04-23 13:53 - 00000000 ____D C:\Users\Magnall\Desktop\ACL reco_ hamstring graft results is hamstring tendonitis_files</p><p>2013-04-23 11:08 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys</p><p>2013-04-20 08:16 - 2013-04-20 08:16 - 00276232 ____A C:\Windows\Minidump\042013-80012-01.dmp</p><p>2013-04-12 07:31 - 2013-04-12 07:31 - 00276232 ____A C:\Windows\Minidump\041213-55005-01.dmp</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-05-12 01:47 - 2013-05-12 01:47 - 00000000 ____D C:\FRST</p><p>2013-05-12 01:35 - 2010-03-16 13:22 - 00000000 ____D C:\ProgramData\Recovery</p><p>2013-05-11 23:35 - 2013-05-01 14:54 - 00000000 ____D C:\Program Files (x86)\Wajam</p><p>2013-05-11 23:35 - 2013-05-01 14:52 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro</p><p>2013-05-11 23:35 - 2013-05-01 14:49 - 00000000 ____D C:\Program Files (x86)\Iminent</p><p>2013-05-11 23:35 - 2012-12-12 10:48 - 00000000 ____D C:\Program Files\Windows Live</p><p>2013-05-11 23:35 - 2009-08-26 10:03 - 00000000 ____D C:\ProgramData\Norton</p><p>2013-05-11 23:34 - 2011-07-31 15:06 - 00000000 ____D C:\Users\Magnall\AppData\Local\FLVService</p><p>2013-05-11 23:34 - 2010-03-07 08:40 - 00000000 ____D C:\Users\Magnall\AppData\Roaming\ArcSoft</p><p>2013-05-11 23:34 - 2009-12-22 13:01 - 00000000 ____D C:\Users\Magnall\AppData\Roaming\ICAClient</p><p>2013-05-11 23:34 - 2009-12-21 05:09 - 00000000 ____D C:\Users\Magnall\AppData\Local\Hewlett-Packard</p><p>2013-05-11 23:34 - 2009-12-21 05:02 - 00000000 ____D C:\users\Magnall</p><p>2013-05-11 23:33 - 2010-08-12 23:15 - 00000000 ____D C:\Windows\Minidump</p><p>2013-05-11 12:00 - 2009-10-19 02:49 - 01262773 ____A C:\Windows\WindowsUpdate.log</p><p>2013-05-11 11:59 - 2013-05-01 14:54 - 00000000 ____A C:\end</p><p>2013-05-11 11:58 - 2009-12-23 14:31 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-05-11 11:57 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-05-11 11:57 - 2009-07-13 20:51 - 00069462 ____A C:\Windows\setupact.log</p><p>2013-05-11 11:06 - 2013-05-11 11:06 - 01038447 ____A C:\Users\Magnall\AppData\Roaming\2433f433</p><p>2013-05-11 11:06 - 2013-05-11 11:06 - 01038410 ____A C:\ProgramData\2433f433</p><p>2013-05-11 11:06 - 2013-05-11 11:06 - 01038392 ____A C:\Users\Magnall\AppData\Local\2433f433</p><p>2013-05-11 11:06 - 2013-05-11 11:06 - 00030208 ____A C:\Users\Magnall\Documents\79bf9f2f.exe</p><p>2013-05-11 11:03 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-05-11 11:03 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-05-11 10:55 - 2009-12-23 14:31 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-05-11 10:52 - 2012-06-27 09:44 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForMagnall.job</p><p>2013-05-11 04:16 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI</p><p>2013-05-11 01:45 - 2009-12-22 02:39 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log</p><p>2013-05-11 01:44 - 2011-11-12 00:26 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt</p><p>2013-05-11 01:40 - 2009-12-22 02:38 - 00000000 ____D C:\Users\Magnall\AppData\Roaming\HpUpdate</p><p>2013-05-11 01:40 - 2009-12-22 02:38 - 00000000 ____D C:\Users\Magnall\AppData\Roaming\HP Support Assistant</p><p>2013-05-10 11:27 - 2010-10-04 13:13 - 00000000 ____D C:\Users\Magnall\AppData\Local\Windows Live</p><p>2013-05-09 05:48 - 2013-05-09 05:48 - 00276232 ____A C:\Windows\Minidump\050913-74381-01.dmp</p><p>2013-05-09 05:48 - 2010-08-12 23:15 - 414128006 ____A C:\Windows\MEMORY.DMP</p><p>2013-05-07 23:13 - 2010-01-25 09:56 - 00000362 ____A C:\Windows\Tasks\File Helper.job</p><p>2013-05-05 05:03 - 2012-07-30 09:16 - 00000000 ____D C:\Users\Magnall\Desktop\Courses</p><p>2013-05-02 14:50 - 2010-02-21 08:25 - 00000000 ____D C:\Users\Magnall\AppData\Roaming\Skype</p><p>2013-05-01 14:58 - 2013-05-01 14:58 - 00000000 ____D C:\Users\Magnall\AppData\Roaming\Optimizer Pro</p><p>2013-05-01 14:54 - 2013-05-01 14:54 - 00000000 ____D C:\Users\Magnall\AppData\Local\Wajam</p><p>2013-05-01 14:52 - 2013-05-01 14:52 - 00001024 ____A C:\Users\Magnall\Desktop\Optimizer Pro.lnk</p><p>2013-05-01 14:52 - 2013-05-01 14:52 - 00000000 ____D C:\Users\Magnall\AppData\Roaming\Iminent</p><p>2013-05-01 14:51 - 2013-05-01 14:51 - 00000000 ____D C:\ProgramData\Iminent</p><p>2013-05-01 14:51 - 2013-05-01 14:50 - 00000620 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog</p><p>2013-05-01 14:45 - 2009-12-22 11:45 - 00000000 ____D C:\Program Files (x86)\Windows Live</p><p>2013-05-01 14:38 - 2010-03-30 07:38 - 00000000 ____D C:\Users\Magnall\AppData\Local\CrashDumps</p><p>2013-05-01 14:16 - 2010-02-21 08:24 - 00000000 ____D C:\ProgramData\Skype</p><p>2013-05-01 14:15 - 2010-02-21 08:24 - 00000000 ___RD C:\Program Files (x86)\Skype</p><p>2013-05-01 14:12 - 2009-12-22 12:49 - 00000000 ____D C:\Users\Magnall\Tracing</p><p>2013-04-30 10:37 - 2009-12-22 13:31 - 00000552 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job</p><p>2013-04-23 13:53 - 2013-04-23 13:53 - 00219575 ____A C:\Users\Magnall\Desktop\ACL reco_ hamstring graft results is hamstring tendonitis.htm</p><p>2013-04-23 13:53 - 2013-04-23 13:53 - 00000000 ____D C:\Users\Magnall\Desktop\ACL reco_ hamstring graft results is hamstring tendonitis_files</p><p>2013-04-20 08:16 - 2013-04-20 08:16 - 00276232 ____A C:\Windows\Minidump\042013-80012-01.dmp</p><p>2013-04-18 14:45 - 2010-03-12 13:42 - 00002481 ____A C:\Users\Magnall\Desktop\Norton Internet Security.lnk</p><p>2013-04-18 14:45 - 2009-08-26 10:03 - 00000000 ____D C:\Windows\System32\Drivers\NISx64</p><p>2013-04-12 07:31 - 2013-04-12 07:31 - 00276232 ____A C:\Windows\Minidump\041213-55005-01.dmp</p><p>2013-04-12 06:45 - 2013-04-23 11:08 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys</p><p></p><p>Other Malware:</p><p>===========</p><p>C:\Users\Magnall\GoToAssistDownloadHelper.exe</p><p>C:\ProgramData\6874135.pad</p><p></p><p>==================== Known DLLs (Whitelisted) ================</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points =========================</p><p></p><p>Restore point made on: 2013-04-23 23:15:10</p><p>Restore point made on: 2013-05-01 14:43:06</p><p>Restore point made on: 2013-05-01 14:44:35</p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 37%</p><p>Total physical RAM: 1790.43 MB</p><p>Available physical RAM: 1124.47 MB</p><p>Total Pagefile: 1790.43 MB</p><p>Available Pagefile: 1146.16 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.88 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (HP) (Fixed) (Total:285.06 GB) (Free:69.86 GB) NTFS (Disk=0 Partition=2)</p><p>Drive e: (FACTORY_IMAGE) (Fixed) (Total:12.93 GB) (Free:2.3 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]</p><p>Drive g: (FRONT USB R) (Removable) (Total:1.92 GB) (Free:0.06 GB) FAT (Disk=1 Partition=1)</p><p>Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS</p><p>Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (Size: 298 GB) (Disk ID: 1549F232)</p><p>Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=285 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 1 (Size: 2 GB) (Disk ID: 2099962C)</p><p>Partition 1: (Not Active) - (Size=2 GB) - (Type=0E)</p><p></p><p></p><p>Last Boot: 2013-05-11 20:31</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="Harry, post: 120234, member: 8150"] Thanks very much Kuttus. By pressing the windows button at the bottom of the keyboard repeatedly as a last resort during reboot I managed to get through to the screen that allowed me to select the 'command prompt', since my last post. This is the FRST.txt - It seem it has a very large amount to tell me... Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2013 01 Ran by SYSTEM on 12-05-2013 01:47:55 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor) HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610360 2009-07-08] () HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) HKLM-x32\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, [26624 2010-11-20] (Microsoft Corporation) HKLM-x32\...\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] () HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [218408 2009-02-25] (CyberLink Corp.) HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [581480 2009-05-12] (Symantec Corporation) HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2009-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [948672 2009-12-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run [167936 2011-03-23] (Applian Technologies, Inc.) HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [371864 2012-04-05] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" [1074736 2013-04-25] (Iminent) HKLM-x32\...\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-04-25] (Iminent) HKU\Default\...\Run: [HPADVISOR] [x] HKU\Default User\...\Run: [HPADVISOR] [x] HKU\Magnall\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1689144 2010-06-29] (Hewlett-Packard) HKU\Magnall\...\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [81952 2012-10-30] (PC Utilities Pro) HKU\Magnall\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Magnall\Documents\79bf9f2f.exe [30208 2013-05-11] () HKU\Magnall\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 MyWebSearchService; C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [28762 2010-08-10] (MyWebSearch.com) S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll [554288 2013-03-29] (Symantec Corporation) S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1124184 2013-02-13] (Trusteer Ltd.) S2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2795048 2013-04-24] (Iminent) S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1024384 2013-01-14] (Enigma Software Group USA, LLC.) S2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-03-28] (Wajam) S2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x] ==================== Drivers (Whitelisted) ==================== S1 acedrv09; C:\Windows\system32\drivers\acedrv09.sys [134880 2012-03-13] () S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [1390680 2013-04-12] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-15] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-03-14] (Symantec Corporation) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130510.022\ENG64.SYS [126192 2013-03-14] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130510.022\EX64.SYS [2087664 2013-03-14] (Symantec Corporation) S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2009-10-06] (Nokia) S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18944 2009-10-06] (Nokia) S1 RapportCerberus_50414; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_50414.sys [585944 2013-03-14] () S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [228760 2013-02-13] (Trusteer Ltd.) S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [175352 2013-03-14] (Trusteer Ltd.) S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [357272 2013-02-13] (Trusteer Ltd.) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-09-15] (Symantec Corporation) S1 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1403010.016\ccSetx64.sys [x] S1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130503.001\IDSvia64.sys [x] S0 RapportKE64; System32\Drivers\RapportKE64.sys [x] S0 sr; S1 SRTSP; \SystemRoot\System32\Drivers\NISx64\1403010.016\SRTSP64.SYS [x] S1 SRTSPX; \SystemRoot\system32\drivers\NISx64\1403010.016\SRTSPX64.SYS [x] S0 SymDS; system32\drivers\NISx64\1403010.016\SYMDS64.SYS [x] S0 SymEFA; system32\drivers\NISx64\1403010.016\SYMEFA64.SYS [x] S1 SymIRON; \SystemRoot\system32\drivers\NISx64\1403010.016\Ironx64.SYS [x] S1 SymNetS; \SystemRoot\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-12 01:47 - 2013-05-12 01:47 - 00000000 ____D C:\FRST 2013-05-11 11:06 - 2013-05-11 11:06 - 01038447 ____A C:\Users\Magnall\AppData\Roaming\2433f433 2013-05-11 11:06 - 2013-05-11 11:06 - 01038410 ____A C:\ProgramData\2433f433 2013-05-11 11:06 - 2013-05-11 11:06 - 01038392 ____A C:\Users\Magnall\AppData\Local\2433f433 2013-05-11 11:06 - 2013-05-11 11:06 - 00030208 ____A C:\Users\Magnall\Documents\79bf9f2f.exe 2013-05-09 05:48 - 2013-05-09 05:48 - 00276232 ____A C:\Windows\Minidump\050913-74381-01.dmp 2013-05-01 14:58 - 2013-05-01 14:58 - 00000000 ____D C:\Users\Magnall\AppData\Roaming\Optimizer Pro 2013-05-01 14:54 - 2013-05-11 23:35 - 00000000 ____D C:\Program Files (x86)\Wajam 2013-05-01 14:54 - 2013-05-11 11:59 - 00000000 ____A C:\end 2013-05-01 14:54 - 2013-05-01 14:54 - 00000000 ____D C:\Users\Magnall\AppData\Local\Wajam 2013-05-01 14:52 - 2013-05-11 23:35 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 2013-05-01 14:52 - 2013-05-01 14:52 - 00001024 ____A C:\Users\Magnall\Desktop\Optimizer Pro.lnk 2013-05-01 14:52 - 2013-05-01 14:52 - 00000000 ____D C:\Users\Magnall\AppData\Roaming\Iminent 2013-05-01 14:51 - 2013-05-01 14:51 - 00000000 ____D C:\ProgramData\Iminent 2013-05-01 14:50 - 2013-05-01 14:51 - 00000620 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog 2013-05-01 14:49 - 2013-05-11 23:35 - 00000000 ____D C:\Program Files (x86)\Iminent 2013-05-01 14:45 - 2012-09-12 06:20 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys 2013-04-23 13:53 - 2013-04-23 13:53 - 00219575 ____A C:\Users\Magnall\Desktop\ACL reco_ hamstring graft results is hamstring tendonitis.htm 2013-04-23 13:53 - 2013-04-23 13:53 - 00000000 ____D C:\Users\Magnall\Desktop\ACL reco_ hamstring graft results is hamstring tendonitis_files 2013-04-23 11:08 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-20 08:16 - 2013-04-20 08:16 - 00276232 ____A C:\Windows\Minidump\042013-80012-01.dmp 2013-04-12 07:31 - 2013-04-12 07:31 - 00276232 ____A C:\Windows\Minidump\041213-55005-01.dmp ==================== One Month Modified Files and Folders ======= 2013-05-12 01:47 - 2013-05-12 01:47 - 00000000 ____D C:\FRST 2013-05-12 01:35 - 2010-03-16 13:22 - 00000000 ____D C:\ProgramData\Recovery 2013-05-11 23:35 - 2013-05-01 14:54 - 00000000 ____D C:\Program Files (x86)\Wajam 2013-05-11 23:35 - 2013-05-01 14:52 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 2013-05-11 23:35 - 2013-05-01 14:49 - 00000000 ____D C:\Program Files (x86)\Iminent 2013-05-11 23:35 - 2012-12-12 10:48 - 00000000 ____D C:\Program Files\Windows Live 2013-05-11 23:35 - 2009-08-26 10:03 - 00000000 ____D C:\ProgramData\Norton 2013-05-11 23:34 - 2011-07-31 15:06 - 00000000 ____D C:\Users\Magnall\AppData\Local\FLVService 2013-05-11 23:34 - 2010-03-07 08:40 - 00000000 ____D C:\Users\Magnall\AppData\Roaming\ArcSoft 2013-05-11 23:34 - 2009-12-22 13:01 - 00000000 ____D C:\Users\Magnall\AppData\Roaming\ICAClient 2013-05-11 23:34 - 2009-12-21 05:09 - 00000000 ____D C:\Users\Magnall\AppData\Local\Hewlett-Packard 2013-05-11 23:34 - 2009-12-21 05:02 - 00000000 ____D C:\users\Magnall 2013-05-11 23:33 - 2010-08-12 23:15 - 00000000 ____D C:\Windows\Minidump 2013-05-11 12:00 - 2009-10-19 02:49 - 01262773 ____A C:\Windows\WindowsUpdate.log 2013-05-11 11:59 - 2013-05-01 14:54 - 00000000 ____A C:\end 2013-05-11 11:58 - 2009-12-23 14:31 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-11 11:57 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-11 11:57 - 2009-07-13 20:51 - 00069462 ____A C:\Windows\setupact.log 2013-05-11 11:06 - 2013-05-11 11:06 - 01038447 ____A C:\Users\Magnall\AppData\Roaming\2433f433 2013-05-11 11:06 - 2013-05-11 11:06 - 01038410 ____A C:\ProgramData\2433f433 2013-05-11 11:06 - 2013-05-11 11:06 - 01038392 ____A C:\Users\Magnall\AppData\Local\2433f433 2013-05-11 11:06 - 2013-05-11 11:06 - 00030208 ____A C:\Users\Magnall\Documents\79bf9f2f.exe 2013-05-11 11:03 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-11 11:03 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-11 10:55 - 2009-12-23 14:31 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-11 10:52 - 2012-06-27 09:44 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForMagnall.job 2013-05-11 04:16 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-11 01:45 - 2009-12-22 02:39 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2013-05-11 01:44 - 2011-11-12 00:26 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-05-11 01:40 - 2009-12-22 02:38 - 00000000 ____D C:\Users\Magnall\AppData\Roaming\HpUpdate 2013-05-11 01:40 - 2009-12-22 02:38 - 00000000 ____D C:\Users\Magnall\AppData\Roaming\HP Support Assistant 2013-05-10 11:27 - 2010-10-04 13:13 - 00000000 ____D C:\Users\Magnall\AppData\Local\Windows Live 2013-05-09 05:48 - 2013-05-09 05:48 - 00276232 ____A C:\Windows\Minidump\050913-74381-01.dmp 2013-05-09 05:48 - 2010-08-12 23:15 - 414128006 ____A C:\Windows\MEMORY.DMP 2013-05-07 23:13 - 2010-01-25 09:56 - 00000362 ____A C:\Windows\Tasks\File Helper.job 2013-05-05 05:03 - 2012-07-30 09:16 - 00000000 ____D C:\Users\Magnall\Desktop\Courses 2013-05-02 14:50 - 2010-02-21 08:25 - 00000000 ____D C:\Users\Magnall\AppData\Roaming\Skype 2013-05-01 14:58 - 2013-05-01 14:58 - 00000000 ____D C:\Users\Magnall\AppData\Roaming\Optimizer Pro 2013-05-01 14:54 - 2013-05-01 14:54 - 00000000 ____D C:\Users\Magnall\AppData\Local\Wajam 2013-05-01 14:52 - 2013-05-01 14:52 - 00001024 ____A C:\Users\Magnall\Desktop\Optimizer Pro.lnk 2013-05-01 14:52 - 2013-05-01 14:52 - 00000000 ____D C:\Users\Magnall\AppData\Roaming\Iminent 2013-05-01 14:51 - 2013-05-01 14:51 - 00000000 ____D C:\ProgramData\Iminent 2013-05-01 14:51 - 2013-05-01 14:50 - 00000620 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog 2013-05-01 14:45 - 2009-12-22 11:45 - 00000000 ____D C:\Program Files (x86)\Windows Live 2013-05-01 14:38 - 2010-03-30 07:38 - 00000000 ____D C:\Users\Magnall\AppData\Local\CrashDumps 2013-05-01 14:16 - 2010-02-21 08:24 - 00000000 ____D C:\ProgramData\Skype 2013-05-01 14:15 - 2010-02-21 08:24 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-05-01 14:12 - 2009-12-22 12:49 - 00000000 ____D C:\Users\Magnall\Tracing 2013-04-30 10:37 - 2009-12-22 13:31 - 00000552 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job 2013-04-23 13:53 - 2013-04-23 13:53 - 00219575 ____A C:\Users\Magnall\Desktop\ACL reco_ hamstring graft results is hamstring tendonitis.htm 2013-04-23 13:53 - 2013-04-23 13:53 - 00000000 ____D C:\Users\Magnall\Desktop\ACL reco_ hamstring graft results is hamstring tendonitis_files 2013-04-20 08:16 - 2013-04-20 08:16 - 00276232 ____A C:\Windows\Minidump\042013-80012-01.dmp 2013-04-18 14:45 - 2010-03-12 13:42 - 00002481 ____A C:\Users\Magnall\Desktop\Norton Internet Security.lnk 2013-04-18 14:45 - 2009-08-26 10:03 - 00000000 ____D C:\Windows\System32\Drivers\NISx64 2013-04-12 07:31 - 2013-04-12 07:31 - 00276232 ____A C:\Windows\Minidump\041213-55005-01.dmp 2013-04-12 06:45 - 2013-04-23 11:08 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys Other Malware: =========== C:\Users\Magnall\GoToAssistDownloadHelper.exe C:\ProgramData\6874135.pad ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-04-23 23:15:10 Restore point made on: 2013-05-01 14:43:06 Restore point made on: 2013-05-01 14:44:35 ==================== Memory info =========================== Percentage of memory in use: 37% Total physical RAM: 1790.43 MB Available physical RAM: 1124.47 MB Total Pagefile: 1790.43 MB Available Pagefile: 1146.16 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:285.06 GB) (Free:69.86 GB) NTFS (Disk=0 Partition=2) Drive e: (FACTORY_IMAGE) (Fixed) (Total:12.93 GB) (Free:2.3 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)] Drive g: (FRONT USB R) (Removable) (Total:1.92 GB) (Free:0.06 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=285 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 2099962C) Partition 1: (Not Active) - (Size=2 GB) - (Type=0E) Last Boot: 2013-05-11 20:31 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top
