Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

cannot boot, only safe mode with promt

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

cannot boot, only safe mode with promt

Unread postby Olliver » May 25th, 2012, 1:17 pm

have this log from FRST64, need help, I have tried AVG rescue USB without success, the scan stops before finish:

Scan result of Farbar Recovery Scan Tool Version: 25-05-2012
Ran by 5136 at 25-05-2012 19:02:23
Running from E:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: Registry editing has been disabled by your administrator.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

========================== Registry (Whitelisted) =============

HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell]
HKLM-x32\...\Winlogon: [Shell] [x ] ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk
ShortcutTarget: BankID säkerhetsprogram.lnk -> C:\Program Files (x86)\Personal\bin\Personal.exe (Technology Nexus AB)

==================== Services (Whitelisted) ======


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-25 19:02 - 2012-05-25 19:02 - 0000000 ____D C:\FRST
2012-05-25 18:45 - 2012-05-25 18:45 - 0003472 ____N C:\bootsqm.dat
2012-05-25 18:14 - 2012-05-25 18:14 - 0000000 __SHD C:\found.000
2012-05-25 16:44 - 2012-05-25 16:43 - 0208384 __ASH C:\Users\5136\AppData\Roaming\WinArchiver.exe
2012-05-25 13:28 - 2012-05-25 13:34 - 0000000 ____D C:\sn0wbreeze
2012-05-24 23:25 - 2012-03-31 08:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-24 23:25 - 2012-03-31 06:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-24 23:25 - 2012-03-31 06:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-24 23:25 - 2012-03-31 05:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-24 23:25 - 2012-03-17 09:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-24 23:25 - 2012-03-03 08:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-24 23:25 - 2012-03-03 07:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-24 23:24 - 2012-03-30 13:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-23 11:53 - 2012-05-23 11:53 - 0099321 ____A C:\Users\5136\Documents\Boardingpass FRAPMI 24may2012.pdf
2012-05-21 05:18 - 2012-05-21 05:18 - 0558080 ____N C:\Users\5136\Documents\Accommodation report - present season.xls
2012-05-21 05:18 - 2012-05-21 05:18 - 0500224 ____N C:\Users\5136\Documents\Accommodation report - next season.xls
2012-05-21 05:18 - 2012-05-21 05:18 - 0315392 ____N C:\Users\5136\Documents\Accommodation report - third season.xls
2012-05-21 04:54 - 2012-05-21 04:54 - 1129984 ____N C:\Users\5136\Documents\Destination report - present season.xls
2012-05-21 04:54 - 2012-05-21 04:54 - 0896000 ____N C:\Users\5136\Documents\Destination report - next season.xls
2012-05-21 04:54 - 2012-05-21 04:54 - 0492544 ____N C:\Users\5136\Documents\Destination report - third season.xls
2012-05-18 18:05 - 2012-05-18 18:05 - 0004096 ___AH C:\Users\5136\AppData\Local\keyfile3.drm
2012-05-17 09:53 - 2012-05-17 09:53 - 0081440 ____A C:\Users\5136\Documents\HKT SUBA SUKA w1112.xlsx
2012-05-17 09:20 - 2012-05-17 09:33 - 0029520 ____A C:\Users\5136\Documents\HKT SUBA w1112 RoomNight Cap.xlsx
2012-05-16 20:29 - 2012-05-17 09:35 - 0121351 ____A C:\Users\5136\Documents\Test.xlsx
2012-05-15 12:21 - 2012-05-15 20:08 - 4056441 ____A C:\Users\5136\Documents\Agenda Produkt möte 120516.docx
2012-05-15 10:31 - 2012-05-15 10:31 - 0056231 ____A C:\Users\5136\Documents\Beedneed AYT s12.xlsx
2012-05-14 15:52 - 2012-05-14 15:52 - 0000000 ____D C:\Users\5136\Lync Recordings
2012-05-14 15:43 - 2012-05-14 15:44 - 0027235 ____A C:\Users\5136\Documents\TCNE Product Matrix s12 w1213.xlsx
2012-05-14 04:57 - 2012-05-14 04:57 - 0536064 ____N C:\Users\5136\Documents\Overview report - TCNE.xls
2012-05-11 14:29 - 2012-05-11 14:29 - 0195003 ____A C:\Users\5136\Documents\IKEA TCNE letter.dotx
2012-05-11 14:28 - 2012-05-11 14:28 - 7626867 ____A C:\Users\5136\Documents\TCNE presentation.pptx
2012-05-11 14:13 - 2012-05-11 14:13 - 3386804 ____A C:\Users\5136\Documents\TCNE Resort & Hotel division.pptx
2012-05-11 13:24 - 2012-05-11 13:27 - 0000000 ____D C:\Users\5136\Documents\DVDFab
2012-05-11 13:24 - 2012-05-11 13:25 - 0000000 ____D C:\Users\5136\AppData\Roaming\Vso
2012-05-11 13:24 - 2012-05-11 13:24 - 0099384 ____A C:\Users\5136\AppData\Roaming\inst.exe
2012-05-11 13:24 - 2012-05-11 13:24 - 0082816 ____A (VSO Software) C:\Windows\System32\Drivers\pcouffin.sys
2012-05-11 13:24 - 2012-05-11 13:24 - 0082816 ____A (VSO Software) C:\Users\5136\AppData\Roaming\pcouffin.sys
2012-05-11 13:24 - 2012-05-11 13:24 - 0007859 ____A C:\Users\5136\AppData\Roaming\pcouffin.cat
2012-05-11 13:24 - 2012-05-11 13:24 - 0001167 ____A C:\Users\5136\AppData\Roaming\pcouffin.inf
2012-05-11 13:24 - 2012-05-11 13:24 - 0000034 ____A C:\Users\5136\AppData\Roaming\pcouffin.log
2012-05-11 13:24 - 2012-05-11 13:24 - 0000000 ____D C:\Program Files (x86)\DVDFab 5
2012-05-11 09:49 - 2012-05-14 15:18 - 0043714 ____A C:\Users\5136\Documents\AYT SURO SUSB s12 Occ Follow-up Aug-Oct.xlsx
2012-05-10 14:46 - 2012-05-10 14:46 - 0015872 ____A C:\Windows\System32\results.xml
2012-05-10 14:45 - 2012-05-10 14:45 - 0000000 ____D C:\Program Files\Common Files\Intel
2012-05-10 14:45 - 2012-05-10 14:45 - 0000000 ____D C:\Program Files (x86)\Intel
2012-05-10 14:27 - 2012-05-10 14:44 - 90242800 ____A (Hewlett Packard ) C:\Users\5136\Desktop\sp56282.exe
2012-05-10 14:24 - 2012-05-10 14:24 - 0000000 ____D C:\Users\5136\AppData\Roaming\Hewlett-Packard
2012-05-10 14:21 - 2012-05-10 14:21 - 0000000 ____D C:\Program Files\Hewlett-Packard
2012-05-10 11:20 - 2012-05-10 12:31 - 0043519 ____A C:\Users\5136\Documents\AYT SURO SUSB s12 Occ Follow-up.xlsx
2012-05-08 15:52 - 2012-05-08 15:52 - 0591879 ____A C:\Users\5136\Desktop\TT_InterimResults2012_PressRelease_08May2012.pdf
2012-05-04 21:25 - 2012-05-04 21:40 - 0000000 ____D C:\Users\5136\AppData\Roaming\vlc
2012-05-04 21:25 - 2012-05-04 21:25 - 0001072 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-05-04 21:25 - 2012-05-04 21:25 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-05-04 18:29 - 2012-05-04 18:29 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-05-03 15:45 - 2012-05-03 15:45 - 0085947 ____A C:\Users\5136\Desktop\ScreenHunter_01 May. 03 15.45.jpg
2012-05-03 11:07 - 2012-05-03 11:42 - 0030747 ____A C:\Users\5136\Documents\Combi - Destination report.xlsx
2012-05-03 11:06 - 2012-05-03 11:46 - 0029710 ____A C:\Users\5136\Documents\Combi - Departure report.xlsx
2012-05-03 11:05 - 2012-05-15 09:42 - 0033551 ____A C:\Users\5136\Documents\Combi - Accomodation report.xlsx
2012-05-03 11:02 - 2012-05-03 11:02 - 0043658 ____A C:\Users\5136\Downloads\Destination report.xlsx
2012-05-03 11:02 - 2012-05-03 11:01 - 0045576 ____A C:\Users\5136\Downloads\Departure report.xlsx
2012-05-03 11:01 - 2012-05-03 11:01 - 0055675 ____A C:\Users\5136\Downloads\Accomodation report.xlsx
2012-04-30 14:54 - 2012-04-30 14:54 - 0004378 ____A C:\Windows\DPINST.LOG
2012-04-30 14:47 - 2012-04-30 14:47 - 0000000 ____D C:\Users\5136\Documents\Fax
2012-04-29 16:47 - 2012-04-29 16:51 - 22258985 ____A C:\Users\5136\Downloads\Steve Carell & Ricky Gervais at the 2008 Primetime Emmy Awar[1].flv
2012-04-29 16:28 - 2012-04-29 16:32 - 22258985 ____A C:\Users\5136\Downloads\Steve Carell & Ricky Gervais at the 2008 Primetime Emmy Awar.flv
2012-04-29 15:45 - 2012-04-29 15:47 - 99784360 ____A C:\Users\5136\Downloads\Golden Globes 2012 - Ricky Gervais Opening Monologue.mp4
2012-04-29 15:29 - 2012-05-11 15:38 - 0000000 ____D C:\Users\All Users\YTD YouTube Downloader & Converter
2012-04-29 15:29 - 2012-04-29 15:33 - 36509349 ____A C:\Users\5136\Downloads\Golden Globes 2011 - Ricky Gervais Opening Monologue.flv
2012-04-29 15:29 - 2012-04-29 15:29 - 0001052 ____A C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
2012-04-28 13:24 - 2012-04-28 20:45 - 0000000 ____D C:\Users\5136\Documents\Vistumbler
2012-04-28 13:24 - 2012-04-28 13:25 - 0000000 ____D C:\Program Files (x86)\Vistumbler
2012-04-28 13:24 - 2012-04-28 13:24 - 0000969 ____A C:\Users\5136\Desktop\Vistumbler.lnk
2012-04-28 13:23 - 2012-04-28 13:23 - 0000000 ____D C:\Users\5136\Downloads\Vistumbler v10-11
2012-04-28 13:17 - 2012-04-28 13:17 - 0001084 ____A C:\Users\5136\Desktop\Network Stumbler.lnk
2012-04-28 13:17 - 2012-04-28 13:17 - 0000000 ____D C:\Program Files (x86)\Network Stumbler
2012-04-27 18:30 - 2012-04-28 18:03 - 0905699 ____A C:\Users\5136\Documents\LCA problematiken.pptx
2012-04-27 15:38 - 2012-05-11 14:29 - 0014929 ____A C:\Users\5136\Documents\IKEA eng.docx
2012-04-25 17:36 - 2012-04-27 15:40 - 0015878 ____A C:\Users\5136\Documents\IKEA.docx
2012-04-25 10:14 - 2012-04-25 10:16 - 0037931 ____A C:\Users\5136\Documents\CHQ 2012.xlsx

============ 3 Months Modified Files and Folders =============

2012-05-25 19:02 - 2012-05-25 19:02 - 0000000 ____D C:\FRST
2012-05-25 19:02 - 2012-02-25 22:01 - 0595774 ____A C:\Windows\ntbtlog.txt
2012-05-25 18:58 - 2009-07-14 07:13 - 0738460 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-25 18:54 - 2012-01-03 12:30 - 2076987392 __ASH C:\hiberfil.sys
2012-05-25 18:53 - 2009-07-14 06:51 - 0072570 ____A C:\Windows\setupact.log
2012-05-25 18:46 - 2012-01-03 12:32 - 0000405 ____A C:\Windows\SMSCFG.INI
2012-05-25 18:45 - 2012-05-25 18:45 - 0003472 ____N C:\bootsqm.dat
2012-05-25 18:45 - 2009-07-14 07:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-25 18:14 - 2012-05-25 18:14 - 0000000 __SHD C:\found.000
2012-05-25 17:42 - 2012-04-07 14:07 - 0000986 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-25 17:18 - 2012-01-03 12:32 - 2036179 ____A C:\Windows\WindowsUpdate.log
2012-05-25 16:59 - 2009-07-14 06:45 - 0015360 _____ C:\Windows\System32\umstartup.etl
2012-05-25 16:43 - 2012-05-25 16:44 - 0208384 __ASH C:\Users\5136\AppData\Roaming\WinArchiver.exe
2012-05-25 16:23 - 2012-04-19 08:41 - 0872448 ___AH C:\Users\5136\Desktop\filesync.metadata
2012-05-25 16:23 - 2012-04-07 12:46 - 40062976 ___AH C:\Users\5136\Documents\filesync.metadata
2012-05-25 16:12 - 2012-04-07 14:07 - 0000990 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-25 15:22 - 2012-01-12 15:04 - 0000135 ____A C:\Users\Public\Desktop\Java-VITS.url
2012-05-25 15:22 - 2012-01-11 11:25 - 0006070 _RASH C:\Users\5136\ntuser.pol
2012-05-25 15:22 - 2012-01-11 11:25 - 0000000 ____D C:\users\5136
2012-05-25 15:22 - 2012-01-03 12:37 - 0194209 _RASH C:\Users\All Users\ntuser.pol
2012-05-25 15:20 - 2012-01-03 12:31 - 0000992 ____A C:\Windows\System32\config\netlogon.ftl
2012-05-25 15:16 - 2009-07-14 06:45 - 0023808 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-25 15:16 - 2009-07-14 06:45 - 0023808 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-25 15:10 - 2012-01-11 11:25 - 0000000 ____D C:\Users\5136\Tracing
2012-05-25 14:36 - 2012-04-13 10:27 - 0000000 ____D C:\Users\5136\Documents\Templates
2012-05-25 13:34 - 2012-05-25 13:28 - 0000000 ____D C:\sn0wbreeze
2012-05-25 10:47 - 2010-04-22 11:01 - 0000000 ____D C:\Users\5136\Documents\3 BJS
2012-05-25 08:44 - 2010-11-21 05:47 - 0045462 ____A C:\Windows\PFRO.log
2012-05-25 08:44 - 2009-07-14 06:45 - 0420688 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-24 23:25 - 2011-07-04 10:26 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-24 23:24 - 2010-11-21 08:30 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-24 22:09 - 2012-02-05 16:26 - 0000000 ____D C:\Users\5136\AppData\Roaming\redsn0w
2012-05-24 13:47 - 2012-01-11 14:47 - 3690496 ___AH C:\Users\5136\Downloads\filesync.metadata
2012-05-24 07:01 - 2012-02-08 13:23 - 0000000 ____D C:\Users\5136\AppData\Local\Xobni
2012-05-23 13:34 - 2011-01-11 14:01 - 0270040 ____A C:\Users\5136\Documents\Diet.xlsx
2012-05-23 11:53 - 2012-05-23 11:53 - 0099321 ____A C:\Users\5136\Documents\Boardingpass FRAPMI 24may2012.pdf
2012-05-22 07:06 - 2009-07-14 07:08 - 0032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-21 12:00 - 2011-10-26 11:29 - 0046402 ____N C:\Users\5136\Documents\Sales budget S12.xlsx
2012-05-21 06:32 - 2011-09-19 14:23 - 0436572 ____A C:\Users\5136\Documents\Websearch NoMerge Jul12.xlsx
2012-05-21 06:32 - 2011-09-08 11:53 - 2888136 ____A C:\Users\5136\Documents\Websearch Hotel s12.xlsx
2012-05-21 06:30 - 2012-02-03 12:07 - 2799274 ____A C:\Users\5136\Documents\Websearch Hotel w1213.xlsx
2012-05-21 05:18 - 2012-05-21 05:18 - 0558080 ____N C:\Users\5136\Documents\Accommodation report - present season.xls
2012-05-21 05:18 - 2012-05-21 05:18 - 0500224 ____N C:\Users\5136\Documents\Accommodation report - next season.xls
2012-05-21 05:18 - 2012-05-21 05:18 - 0315392 ____N C:\Users\5136\Documents\Accommodation report - third season.xls
2012-05-21 04:54 - 2012-05-21 04:54 - 1129984 ____N C:\Users\5136\Documents\Destination report - present season.xls
2012-05-21 04:54 - 2012-05-21 04:54 - 0896000 ____N C:\Users\5136\Documents\Destination report - next season.xls
2012-05-21 04:54 - 2012-05-21 04:54 - 0492544 ____N C:\Users\5136\Documents\Destination report - third season.xls
2012-05-18 18:05 - 2012-05-18 18:05 - 0004096 ___AH C:\Users\5136\AppData\Local\keyfile3.drm
2012-05-17 20:48 - 2012-01-03 13:43 - 0000000 ____D C:\Users\All Users\Hewlett-Packard
2012-05-17 10:58 - 2012-01-16 10:34 - 0000000 ____D C:\Users\5136\AppData\Local\ElevatedDiagnostics
2012-05-17 09:53 - 2012-05-17 09:53 - 0081440 ____A C:\Users\5136\Documents\HKT SUBA SUKA w1112.xlsx
2012-05-17 09:35 - 2012-05-16 20:29 - 0121351 ____A C:\Users\5136\Documents\Test.xlsx
2012-05-17 09:33 - 2012-05-17 09:20 - 0029520 ____A C:\Users\5136\Documents\HKT SUBA w1112 RoomNight Cap.xlsx
2012-05-16 16:47 - 2010-04-22 10:50 - 0000000 ____D C:\Users\5136\Documents\0 Yield
2012-05-16 14:48 - 2010-04-22 10:50 - 1562624 ____A C:\Users\5136\Documents\Travelplan BjS.xls
2012-05-15 20:08 - 2012-05-15 12:21 - 4056441 ____A C:\Users\5136\Documents\Agenda Produkt möte 120516.docx
2012-05-15 10:31 - 2012-05-15 10:31 - 0056231 ____A C:\Users\5136\Documents\Beedneed AYT s12.xlsx
2012-05-15 09:42 - 2012-05-03 11:05 - 0033551 ____A C:\Users\5136\Documents\Combi - Accomodation report.xlsx
2012-05-14 15:52 - 2012-05-14 15:52 - 0000000 ____D C:\Users\5136\Lync Recordings
2012-05-14 15:44 - 2012-05-14 15:43 - 0027235 ____A C:\Users\5136\Documents\TCNE Product Matrix s12 w1213.xlsx
2012-05-14 15:18 - 2012-05-11 09:49 - 0043714 ____A C:\Users\5136\Documents\AYT SURO SUSB s12 Occ Follow-up Aug-Oct.xlsx
2012-05-14 04:57 - 2012-05-14 04:57 - 0536064 ____N C:\Users\5136\Documents\Overview report - TCNE.xls
2012-05-11 15:38 - 2012-04-29 15:29 - 0000000 ____D C:\Users\All Users\YTD YouTube Downloader & Converter
2012-05-11 14:29 - 2012-05-11 14:29 - 0195003 ____A C:\Users\5136\Documents\IKEA TCNE letter.dotx
2012-05-11 14:29 - 2012-04-27 15:38 - 0014929 ____A C:\Users\5136\Documents\IKEA eng.docx
2012-05-11 14:28 - 2012-05-11 14:28 - 7626867 ____A C:\Users\5136\Documents\TCNE presentation.pptx
2012-05-11 14:13 - 2012-05-11 14:13 - 3386804 ____A C:\Users\5136\Documents\TCNE Resort & Hotel division.pptx
2012-05-11 13:27 - 2012-05-11 13:24 - 0000000 ____D C:\Users\5136\Documents\DVDFab
2012-05-11 13:25 - 2012-05-11 13:24 - 0000000 ____D C:\Users\5136\AppData\Roaming\Vso
2012-05-11 13:24 - 2012-05-11 13:24 - 0099384 ____A C:\Users\5136\AppData\Roaming\inst.exe
2012-05-11 13:24 - 2012-05-11 13:24 - 0082816 ____A (VSO Software) C:\Windows\System32\Drivers\pcouffin.sys
2012-05-11 13:24 - 2012-05-11 13:24 - 0082816 ____A (VSO Software) C:\Users\5136\AppData\Roaming\pcouffin.sys
2012-05-11 13:24 - 2012-05-11 13:24 - 0007859 ____A C:\Users\5136\AppData\Roaming\pcouffin.cat
2012-05-11 13:24 - 2012-05-11 13:24 - 0001167 ____A C:\Users\5136\AppData\Roaming\pcouffin.inf
2012-05-11 13:24 - 2012-05-11 13:24 - 0000034 ____A C:\Users\5136\AppData\Roaming\pcouffin.log
2012-05-11 13:24 - 2012-05-11 13:24 - 0000000 ____D C:\Program Files (x86)\DVDFab 5
2012-05-11 13:24 - 2011-02-27 18:04 - 0000937 ____A C:\Users\5136\Desktop\DVDFab 5.lnk
2012-05-10 14:46 - 2012-05-10 14:46 - 0015872 ____A C:\Windows\System32\results.xml
2012-05-10 14:45 - 2012-05-10 14:45 - 0000000 ____D C:\Program Files\Common Files\Intel
2012-05-10 14:45 - 2012-05-10 14:45 - 0000000 ____D C:\Program Files (x86)\Intel
2012-05-10 14:45 - 2012-01-03 13:42 - 0000000 ____D C:\SWSETUP
2012-05-10 14:45 - 2012-01-03 12:31 - 0000000 ____D C:\Intel
2012-05-10 14:44 - 2012-05-10 14:27 - 90242800 ____A (Hewlett Packard ) C:\Users\5136\Desktop\sp56282.exe
2012-05-10 14:24 - 2012-05-10 14:24 - 0000000 ____D C:\Users\5136\AppData\Roaming\Hewlett-Packard
2012-05-10 14:24 - 2012-01-11 11:25 - 0000000 ____D C:\Users\5136\AppData\Roaming\hpqLog
2012-05-10 14:21 - 2012-05-10 14:21 - 0000000 ____D C:\Program Files\Hewlett-Packard
2012-05-10 14:21 - 2012-01-03 13:42 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-05-10 12:31 - 2012-05-10 11:20 - 0043519 ____A C:\Users\5136\Documents\AYT SURO SUSB s12 Occ Follow-up.xlsx
2012-05-08 15:52 - 2012-05-08 15:52 - 0591879 ____A C:\Users\5136\Desktop\TT_InterimResults2012_PressRelease_08May2012.pdf
2012-05-06 20:45 - 2009-07-14 05:20 - 0000000 ____D C:\Windows\System32\NDF
2012-05-04 21:40 - 2012-05-04 21:25 - 0000000 ____D C:\Users\5136\AppData\Roaming\vlc
2012-05-04 21:25 - 2012-05-04 21:25 - 0001072 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-05-04 21:25 - 2012-05-04 21:25 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-05-04 18:30 - 2009-07-14 05:18 - 0000000 __SHD C:\$Recycle.Bin
2012-05-04 18:29 - 2012-05-04 18:29 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-05-03 15:45 - 2012-05-03 15:45 - 0085947 ____A C:\Users\5136\Desktop\ScreenHunter_01 May. 03 15.45.jpg
2012-05-03 11:46 - 2012-05-03 11:06 - 0029710 ____A C:\Users\5136\Documents\Combi - Departure report.xlsx
2012-05-03 11:42 - 2012-05-03 11:07 - 0030747 ____A C:\Users\5136\Documents\Combi - Destination report.xlsx
2012-05-03 11:02 - 2012-05-03 11:02 - 0043658 ____A C:\Users\5136\Downloads\Destination report.xlsx
2012-05-03 11:01 - 2012-05-03 11:02 - 0045576 ____A C:\Users\5136\Downloads\Departure report.xlsx
2012-05-03 11:01 - 2012-05-03 11:01 - 0055675 ____A C:\Users\5136\Downloads\Accomodation report.xlsx
2012-05-02 09:11 - 2011-05-01 21:31 - 0010425 ____A C:\Users\5136\Documents\Monthly reports schedule.xlsx
2012-04-30 14:55 - 2010-04-22 10:10 - 0000000 ___RD C:\Users\5136\Documents\Scanned Documents
2012-04-30 14:54 - 2012-04-30 14:54 - 0004378 ____A C:\Windows\DPINST.LOG
2012-04-30 14:47 - 2012-04-30 14:47 - 0000000 ____D C:\Users\5136\Documents\Fax
2012-04-30 14:47 - 2009-07-14 05:20 - 0000000 ____D C:\Windows\ModemLogs
2012-04-29 16:51 - 2012-04-29 16:47 - 22258985 ____A C:\Users\5136\Downloads\Steve Carell & Ricky Gervais at the 2008 Primetime Emmy Awar[1].flv
2012-04-29 16:32 - 2012-04-29 16:28 - 22258985 ____A C:\Users\5136\Downloads\Steve Carell & Ricky Gervais at the 2008 Primetime Emmy Awar.flv
2012-04-29 15:47 - 2012-04-29 15:45 - 99784360 ____A C:\Users\5136\Downloads\Golden Globes 2012 - Ricky Gervais Opening Monologue.mp4
2012-04-29 15:33 - 2012-04-29 15:29 - 36509349 ____A C:\Users\5136\Downloads\Golden Globes 2011 - Ricky Gervais Opening Monologue.flv
2012-04-29 15:29 - 2012-04-29 15:29 - 0001052 ____A C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
2012-04-29 15:29 - 2012-03-16 20:49 - 0000000 ____D C:\Users\All Users\YouTube Downloader
2012-04-29 15:29 - 2012-03-16 20:49 - 0000000 ____D C:\Program Files (x86)\YouTube Downloader
2012-04-28 20:45 - 2012-04-28 13:24 - 0000000 ____D C:\Users\5136\Documents\Vistumbler
2012-04-28 18:03 - 2012-04-27 18:30 - 0905699 ____A C:\Users\5136\Documents\LCA problematiken.pptx
2012-04-28 13:25 - 2012-04-28 13:24 - 0000000 ____D C:\Program Files (x86)\Vistumbler
2012-04-28 13:24 - 2012-04-28 13:24 - 0000969 ____A C:\Users\5136\Desktop\Vistumbler.lnk
2012-04-28 13:23 - 2012-04-28 13:23 - 0000000 ____D C:\Users\5136\Downloads\Vistumbler v10-11
2012-04-28 13:17 - 2012-04-28 13:17 - 0001084 ____A C:\Users\5136\Desktop\Network Stumbler.lnk
2012-04-28 13:17 - 2012-04-28 13:17 - 0000000 ____D C:\Program Files (x86)\Network Stumbler
2012-04-27 21:57 - 2012-04-02 00:55 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-27 15:40 - 2012-04-25 17:36 - 0015878 ____A C:\Users\5136\Documents\IKEA.docx
2012-04-25 10:16 - 2012-04-25 10:14 - 0037931 ____A C:\Users\5136\Documents\CHQ 2012.xlsx
2012-04-23 13:59 - 2012-04-16 22:33 - 0000000 ____D C:\Users\5136\Documents\UK Shit
2012-04-21 00:25 - 2012-01-11 11:25 - 0000000 ____D C:\Users\5136\AppData\LocalLow
2012-04-19 16:05 - 2009-07-14 04:34 - 0000540 ____A C:\Windows\win.ini
2012-04-17 08:05 - 2012-04-12 15:56 - 0000863 ____A C:\Windows\System32\Drivers\etc\hosts.umbrella
2012-04-17 08:05 - 2009-07-14 04:34 - 0000864 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-17 08:04 - 2012-04-12 15:56 - 0005708 ____A C:\Users\5136\umbrella0.log
2012-04-16 01:37 - 2009-07-14 04:34 - 0000878 ____A C:\Windows\System32\Drivers\etc\hosts.old
2012-04-16 01:14 - 2012-04-12 15:56 - 0000000 ____D C:\Users\5136\.shsh
2012-04-15 11:47 - 2012-04-15 11:47 - 0001519 ____A C:\MAKEMSI_VBSCA-Kaspersky Security Scan(1.0.0.500)-söndag.log
2012-04-15 11:47 - 2012-04-14 12:44 - 0000000 ____D C:\Windows\System32\appmgmt
2012-04-12 17:06 - 2012-04-12 16:55 - 32937288 ____A C:\Users\5136\Downloads\winzip16-64.exe
2012-04-12 16:46 - 2012-01-11 11:25 - 0000000 ____D C:\Users\5136\AppData\Local\VirtualStore
2012-04-12 15:48 - 2012-04-12 15:48 - 2139656 ____A (Conduit) C:\Users\5136\Downloads\WiseConvert_2.1.exe
2012-04-12 15:02 - 2012-01-03 12:36 - 0001800 ____A C:\Windows\NPTSOPN.mif
2012-04-12 15:02 - 2011-07-04 10:26 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-11 21:51 - 2012-04-02 00:22 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-11 15:27 - 2012-04-02 00:22 - 0001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-10 10:42 - 2012-04-10 10:42 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2012-04-10 10:42 - 2012-01-03 14:19 - 0000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2012-04-07 16:09 - 2012-04-07 14:09 - 0000000 ____D C:\Users\5136\AppData\Roaming\Google
2012-04-07 14:09 - 2012-04-07 14:07 - 0000000 ____D C:\Users\5136\AppData\Local\Google
2012-04-07 14:08 - 2012-04-07 14:08 - 0000000 ____D C:\Users\All Users\Google
2012-04-07 14:08 - 2012-04-07 14:08 - 0000000 ____D C:\Program Files\Google
2012-04-07 14:08 - 2012-04-07 14:07 - 0000000 ____D C:\Program Files (x86)\Google
2012-04-07 14:07 - 2012-04-07 14:07 - 0000000 ____D C:\Users\5136\AppData\Local\Deployment
2012-04-07 14:07 - 2012-04-07 14:07 - 0000000 ____D C:\Users\5136\AppData\Local\Apps\2.0
2012-04-04 15:56 - 2012-04-02 00:22 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 08:59 - 2012-04-04 08:59 - 0001789 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-04 08:59 - 2012-04-04 08:59 - 0000000 ____D C:\Program Files\iTunes
2012-04-04 08:59 - 2012-04-04 08:59 - 0000000 ____D C:\Program Files\iPod
2012-04-04 08:59 - 2012-04-04 08:59 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-03 13:44 - 2012-04-03 13:44 - 0000000 ____D C:\Program Files (x86)\Microsoft Lync
2012-04-03 13:44 - 2012-01-03 14:12 - 0000000 ____D C:\Users\All Users\Downloaded Installations
2012-04-03 13:44 - 2012-01-03 12:36 - 0000000 ____D C:\Program Files (x86)\Microsoft Office Communicator
2012-04-02 00:58 - 2012-03-16 20:49 - 0000000 ____D C:\Program Files (x86)\Application Updater
2012-04-02 00:55 - 2012-04-02 00:55 - 0001774 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-04-02 00:55 - 2012-04-02 00:55 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-04-02 00:55 - 2012-04-02 00:55 - 0000000 ____D C:\Users\5136\AppData\Roaming\SUPERAntiSpyware.com
2012-04-02 00:27 - 2012-04-01 21:09 - 0000000 ____D C:\Users\All Users\AVG2012
2012-04-02 00:22 - 2012-04-02 00:22 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-02 00:22 - 2012-04-02 00:22 - 0000000 ____D C:\Users\5136\AppData\Roaming\Malwarebytes
2012-04-02 00:16 - 2012-04-01 20:55 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-02 00:15 - 2012-04-02 00:15 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-04-02 00:15 - 2012-04-01 21:09 - 0000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-04-01 23:57 - 2012-04-01 23:57 - 0000000 ____D C:\Windows\pss
2012-04-01 23:30 - 2012-04-01 23:30 - 0000162 ___AH C:\Users\5136\Documents\~$rolinska.docx
2012-04-01 22:44 - 2012-04-01 22:34 - 0005761 ____A C:\Windows\System32\avgrep.txt
2012-04-01 21:22 - 2011-01-12 17:32 - 0000000 ____D C:\Users\5136\Downloads\Xilisoft.Video.Converter.Ultimate.v5.1.26.Build.0904.Multilingual-ENGiNE [BeLLBoY]
2012-04-01 21:10 - 2012-04-01 21:10 - 0000000 ____D C:\Users\5136\AppData\Roaming\AVG2012
2012-04-01 21:09 - 2012-04-01 21:09 - 0000000 ___HD C:\$AVG
2012-04-01 21:09 - 2012-04-01 21:09 - 0000000 ____D C:\Program Files (x86)\AVG
2012-04-01 21:07 - 2012-04-01 21:07 - 3869480 ____A (AVG Technologies) C:\Users\5136\Downloads\avg_free_stb_all_2012_2125_cnet (1).exe
2012-04-01 20:55 - 2012-04-01 20:55 - 3869480 ____A (AVG Technologies) C:\Users\5136\Downloads\avg_free_stb_all_2012_2125_cnet.exe
2012-03-31 08:05 - 2012-05-24 23:25 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-31 06:39 - 2012-05-24 23:25 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-31 06:39 - 2012-05-24 23:25 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-31 05:10 - 2012-05-24 23:25 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 13:35 - 2012-05-24 23:24 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 10:53 - 2012-03-28 10:53 - 0280729 ____A C:\Users\5136\Downloads\ZoomIt (2).zip
2012-03-26 08:46 - 2010-04-22 11:02 - 0000000 ____D C:\Users\5136\Documents\4 DEST
2012-03-22 13:14 - 2012-03-22 12:59 - 0000000 ____D C:\Users\5136\Documents\My Received Files
2012-03-20 10:40 - 2012-03-20 10:40 - 0000000 ____D C:\Users\5136\AppData\Local\SoftGrid Client
2012-03-17 09:58 - 2012-05-24 23:25 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-17 09:36 - 2012-03-17 09:22 - 0000000 ____D C:\Users\5136\AppData\Roaming\BitTorrent
2012-03-17 09:23 - 2012-03-17 09:23 - 0000969 ____A C:\Users\Public\Desktop\BitTorrent.lnk
2012-03-17 09:23 - 2012-03-17 09:23 - 0000000 ____D C:\Users\5136\AppData\Local\Conduit
2012-03-17 09:23 - 2012-03-17 09:23 - 0000000 ____D C:\Program Files (x86)\Conduit
2012-03-17 09:23 - 2012-03-17 09:23 - 0000000 ____D C:\Program Files (x86)\BitTorrentBar
2012-03-17 09:23 - 2012-03-17 09:23 - 0000000 ____D C:\Program Files (x86)\BitTorrent
2012-03-17 09:22 - 2012-03-17 09:22 - 5708144 ____A (BitTorrent, Inc.) C:\Users\5136\Downloads\BitTorrent.exe
2012-03-16 20:49 - 2012-03-16 20:49 - 0000000 ____D C:\Program Files (x86)\YouTube Downloader Toolbar
2012-03-11 14:33 - 2012-01-11 11:25 - 0000000 ____D C:\Users\5136\AppData\Roaming\Adobe
2012-03-04 17:19 - 2012-04-01 23:34 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-04 16:23 - 2012-04-01 23:33 - 54215544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-03-03 08:35 - 2012-05-24 23:25 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-03 07:31 - 2012-05-24 23:25 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-03 00:14 - 2012-03-03 00:14 - 0000000 ____D C:\Xobni
2012-03-01 08:46 - 2012-04-19 16:04 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-03-01 08:38 - 2012-04-19 16:04 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-03-01 08:33 - 2012-04-19 16:04 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-03-01 08:28 - 2012-04-19 16:04 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-03-01 07:37 - 2012-04-19 16:04 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-03-01 07:33 - 2012-04-19 16:04 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-03-01 07:29 - 2012-04-19 16:04 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 20:33 - 2012-02-29 20:33 - 0028672 ____A C:\Users\5136\Downloads\29022012_0159_0001004103.xls
2012-02-28 14:22 - 2012-01-03 12:36 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-28 09:34 - 2012-04-19 16:05 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-28 09:02 - 2012-04-19 16:05 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-28 08:56 - 2012-04-19 16:05 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-28 08:50 - 2012-04-19 16:05 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-28 08:49 - 2012-04-19 16:05 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-28 08:48 - 2012-04-19 16:05 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-28 08:48 - 2012-04-19 16:05 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-28 08:47 - 2012-04-19 16:05 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-28 08:45 - 2012-04-19 16:05 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-28 08:43 - 2012-04-19 16:05 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-28 08:43 - 2012-04-19 16:05 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-28 08:42 - 2012-04-19 16:05 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-28 08:39 - 2012-04-19 16:05 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-28 03:52 - 2012-04-19 16:05 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-28 03:27 - 2012-04-19 16:05 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-28 03:18 - 2012-04-19 16:05 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-28 03:12 - 2012-04-19 16:05 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-28 03:11 - 2012-04-19 16:05 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-28 03:11 - 2012-04-19 16:05 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-28 03:09 - 2012-04-19 16:05 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-28 03:08 - 2012-04-19 16:05 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-28 03:06 - 2012-04-19 16:05 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-28 03:04 - 2012-04-19 16:05 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-28 03:03 - 2012-04-19 16:05 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-28 03:03 - 2012-04-19 16:05 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-28 02:59 - 2012-04-19 16:05 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 8102.36 MB
Available physical RAM: 7414.75 MB
Total Pagefile: 16202.91 MB
Available Pagefile: 15527.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

======================= Partitions =========================

1 Drive c: (OSDisk) (Fixed) (Total:279.46 GB) (Free:13.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:30.03 GB) (Free:2.42 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 279 GB 0 B
Disk 1 Online 30 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 279 GB 1024 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OSDisk NTFS Partition 279 GB Healthy System (partition with boot components)

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 30 GB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT32 Removable 30 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-23 14:54
Olliver
Active Member
 
Posts: 2
Joined: May 25th, 2012, 1:13 pm
Advertisement
Register to Remove

Re: cannot boot, only safe mode with promt

Unread postby Gary R » May 28th, 2012, 11:11 am

Back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: cannot boot, only safe mode with promt

Unread postby Gary R » May 28th, 2012, 11:16 am

FRST needs to be run from Recovery Environment, and your log indicates that it wasn't .....

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


So I need you to run another scan for me using the instructions below ....

  • Download FRST64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Image

  • Select the Command Prompt option.
  • A command window will open.
    • Type notepad then hit Enter.
    • Notepad will open.
      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.
  • Back in the command window ....
    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.
  • Close the command window.
  • Boot back into normal mode and post me the FRST.txt log please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: cannot boot, only safe mode with promt

Unread postby Olliver » May 28th, 2012, 11:27 am

the problem is sorted, cannot run repair due to company policy settings

managed to open explorer with ctrl+O repetedly and then run cleaning program's

took a while to get there though

Thanks
Olliver
Active Member
 
Posts: 2
Joined: May 25th, 2012, 1:13 pm

Re: cannot boot, only safe mode with promt

Unread postby Gary R » May 28th, 2012, 11:43 am

No problem, glad to hear your machine is up and running again.

As your problems appear to have been resolved, this topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware