Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i think a 0Access has stolen my game account


  • Please log in to reply
26 replies to this topic

#1 fzzx

fzzx

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 15 September 2013 - 11:48 PM

it started when i tried to log into the yahoo mail account i use for star wars the old republic and it said the password was wrong when i tried the reset password the secret question was in polish or something i have installed a new anti virus and malwarebyte and scanned with it it only found some pups i have also done something that is making the read speed on the harddrive very slow possebly something to do with updating my chipset driver now when i try to scan with superantispyware and avast it is very slow i installed spybot to but it must have been a fake because the file i used to install it with is gone along with many of its files before i try to recover my account i have to get rid of the virus or viruses on my computer

 

win 7 64 bit on an acer 5742zg

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.40.2
Run by elhar at 6:12:26 on 2013-09-16
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Telenor Norway\ESUS_TNO\ESUS_TNO.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Telenor Norway\Telenorhjelpen\Service.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Telenor Norway\Telenorhjelpen\Telenorhjelpen.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&m=aspire_5742g&r=273603124135l0404z1j5v47l22813
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&m=aspire_5742g&r=273603124135l0404z1j5v47l22813
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Telenorhjelpen: {2EF1BAF9-1988-42a1-82BC-5CB6197AED28} - C:\Program Files (x86)\Telenor Norway\Telenorhjelpen\BHO\IEBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120311132854.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Påloggingshjelp for Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [ROC_ROC_JAN2013_AV] C:\Users\elhar\AppData\Roaming\AVG January 2013 Campaign\ROC_JAN2013_AV.exe /PROMPT --mid 0861099e5d8947d1a73fcd3c4ee3f582-20b395e0317f3fa7679dbfb62d6544ebfcac3c95
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Telenorhjelpen] "C:\Program Files (x86)\Telenor Norway\Telenorhjelpen\Telenorhjelpen.exe" -autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 193.213.112.4 130.67.15.198 10.0.0.138
TCP: Interfaces\{E97F0051-CD20-49CF-8F1A-0DDD338A5BDF} : DHCPNameServer = 193.213.112.4 130.67.15.198 10.0.0.138
TCP: Interfaces\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E} : DHCPNameServer = 193.213.112.4 130.67.15.198 10.0.0.138
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120311132854.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /RUNONCE
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\elhar\AppData\Roaming\Mozilla\Firefox\Profiles\wp8hd0ze.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.startsiden.no/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\elhar\AppData\Roaming\Mozilla\Firefox\Profiles\wp8hd0ze.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll
FF - plugin: C:\Users\elhar\AppData\Roaming\Mozilla\Firefox\Profiles\wp8hd0ze.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\elhar\AppData\Roaming\Mozilla\Firefox\Profiles\wp8hd0ze.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
: 4;1;4;1;1;1;1;1;4;4;1;1;1;4;1;1;4;4;1;1;1;4;1;1;4;4;1;1;1;4;4;4;4;4;4;4;4;4;1;4;1;4;4;4;4;1;1;1;1;4;4;4;4;4;4;1;1;4;1;1;1;1;1;1;4;4;1;1;1;4;4;1;1;1;1;4;4;4;4;4;1;4;4;4;4;1;1;4;4;4;1;4;4;4;4;4;1;4;1;4;4;4;1;1;1;1;1;4;1;4;4;4;1;1;1;1;1;4;4;1;1;1;4;4;1;1;4;1;4;4;4;4;1;1;1;1;1;4;4;1;1;1;4;4;1;1;1;1;4;4;4;4;4;1;4;1;1;4;4;4;1;4;1;1;4;1;1;4;1;1;1;4;4;1;4;4;4;4;1;4;4;4;1;4;4;1;1;1;1;4;1;1;1;1;1;1;1;1;1;1;1;1;4;4;4;4;4;1;4;1;4;4;1;4;4;4;4;1;4;4;1;4;4;4;1;1;1;4;1;4;1;1;1;1;1;1;1;4;1;1;4;4;4;4;1;1;4;4;1;4;4;4;4;4;4;1;4;4;1;1;4;4;4;4;4;4;4;4;1;1;1;1;1;1;1;1;1;4;1;4;4;1;1;4;4;1;1;4;1;1;4;4;4;1;4;1;4;1;1;1;1;1;4;1;4;1;4;4;4;1;4;4;4;1;4;1;1;4;1;4;4;1;1;4;4;4;1;1;1;4;1;1;4;1;4;1;1;1;1;1;1;1;1;1;4;4;4;4;4;4;1;4;1;1;1;1;4;4;4;1;1;4;4;4;4;1;4;1;4;4;1;4;4;1;1;1;4;1;4;1;1;4;4;4;1;4;1;4;1;1;1;4;4;1;1;4;4;1;1;4;1;4;4;4;1;4;1;4;4;1;1;1;1;1;4;1;4;1;1;4;1;1;4;4;4;1;1;1;4;1;1;1;4;1;1;1;1;1;1;4;4;4;1;1;1;1;4;1;4;4;4;1;1;4;4;1;4;1;1;1;4;4;4;1;1;1;1;4;4;4
.
=============== Created Last 30 ================
.
2013-09-16 04:07:07    --------    d--h--w-    C:\VTRoot
2013-09-16 04:01:26    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{485FF283-CEAE-4CD2-8845-0F1952181DBA}\offreg.dll
2013-09-16 03:49:35    9515512    ------w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{485FF283-CEAE-4CD2-8845-0F1952181DBA}\mpengine.dll
2013-09-15 20:58:25    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2013-09-15 20:56:55    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-15 19:47:26    --------    d-----w-    C:\Users\elhar\AppData\Roaming\SUPERAntiSpyware.com
2013-09-15 19:20:56    --------    d-----w-    C:\Users\elhar\AppData\Local\Razer
2013-09-15 18:52:56    --------    d-----w-    C:\Users\elhar\AppData\Roaming\JAM Software
2013-09-15 18:52:43    --------    d-----w-    C:\Program Files (x86)\JAM Software
2013-09-15 18:26:12    --------    d-----w-    C:\0268e2cd9a21bd075603af
2013-09-15 16:56:52    --------    d-----w-    C:\Program Files\CCleaner
2013-09-15 16:02:22    --------    d-----w-    C:\Users\elhar\AppData\Roaming\IDM
2013-09-15 16:02:22    --------    d-----w-    C:\ProgramData\IDM
2013-09-15 16:02:19    --------    d-----w-    C:\Users\elhar\AppData\Roaming\DMCache
2013-09-15 16:01:55    --------    d-----w-    C:\Program Files (x86)\Internet Download Manager
2013-09-15 15:58:28    --------    d-s---w-    C:\ProgramData\Shared Space
2013-09-15 15:57:35    --------    d-----w-    C:\Program Files\COMODO
2013-09-15 15:57:17    --------    d-----w-    C:\ProgramData\COMODO
2013-09-15 15:56:30    --------    d-----w-    C:\Program Files (x86)\COMODO
2013-09-15 15:56:28    --------    d-----w-    C:\Program Files (x86)\Common Files\COMODO
2013-09-15 15:55:01    --------    d-----w-    C:\ProgramData\Comodo Downloader
2013-09-15 15:07:55    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-09-15 15:07:55    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-09-15 14:39:55    72016    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-09-15 14:39:55    65336    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-09-15 14:39:55    22600    ----a-w-    C:\Windows\System32\drivers\aswKbd.sys
2013-09-15 14:39:55    204880    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-09-15 14:39:55    1030952    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-09-15 14:39:52    80816    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-09-15 14:39:21    69000    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{277F8281-5BF5-4171-9E0C-0603FD1D0698}\offreg.dll
2013-09-15 14:38:57    41664    ----a-w-    C:\Windows\avastSS.scr
2013-09-15 14:38:23    --------    d-----w-    C:\Program Files\AVAST Software
2013-09-15 14:37:19    --------    d-----w-    C:\ProgramData\AVAST Software
2013-09-15 14:31:09    --------    d-----w-    C:\ProgramData\AMD
2013-09-15 14:31:07    --------    d-----w-    C:\Program Files (x86)\AMD AVT
2013-09-15 14:30:58    --------    d-----w-    C:\Program Files\Common Files\ATI Technologies
2013-09-15 14:30:58    --------    d-----w-    C:\Program Files (x86)\Common Files\ATI Technologies
2013-09-15 14:20:50    --------    d-----w-    C:\Users\elhar\AppData\Local\ATI
2013-09-15 14:17:06    --------    d-----w-    C:\Users\elhar\AppData\Roaming\TuneUp Software
2013-09-15 13:59:26    --------    d-----w-    C:\Users\elhar\AppData\Roaming\Malwarebytes
2013-09-15 13:59:14    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-09-15 13:59:12    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-09-15 13:59:12    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-15 13:59:03    --------    d-----w-    C:\Users\elhar\AppData\Local\Programs
2013-09-15 13:46:49    --------    d-----w-    C:\Program Files\ATI Technologies
2013-09-15 13:45:25    --------    d-----w-    C:\AMD
2013-09-14 23:05:37    --------    d-----w-    C:\ProgramData\Oracle
2013-09-14 23:04:46    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-14 21:32:00    --------    dc----w-    C:\Users\elhar\AppData\Local\MigWiz
2013-09-13 14:33:49    --------    d-----w-    C:\Program Files (x86)\Common Files\Steam
2013-09-13 14:33:40    --------    d-----w-    C:\Program Files (x86)\Steam
2013-09-13 07:46:14    172920    ----a-w-    C:\Windows\System32\drivers\idmwfp.sys
2013-09-11 01:08:59    817664    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-09-11 01:08:59    1084928    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-09-11 01:08:58    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-09-11 01:08:57    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-09-08 01:11:37    0    ----a-w-    C:\Windows\SysWow64\shoE71F.tmp
2013-08-20 17:24:00    --------    d-----w-    C:\Users\elhar\AppData\Roaming\uTorrent
2013-08-20 17:20:32    --------    d-----w-    C:\Program Files\PeerBlock
.
==================== Find3M  ====================
.
2013-09-15 13:32:15    53248    ----a-w-    C:\Windows\SysWow64\CSVer.dll
2013-09-14 23:04:37    868264    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-09-14 23:04:37    790440    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-09-13 10:22:38    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 10:22:38    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-10 05:20:59    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-08-10 03:58:09    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43    3155456    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-07 02:22:02    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-08-05 02:25:45    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:23:53    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-02 02:15:03    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-08-02 00:59:09    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-08-02 00:45:37    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-27 11:56:26    0    ----a-w-    C:\Windows\SysWow64\sho790B.tmp
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-19 01:41:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-07-08 20:59:52    708632    ----a-w-    C:\Windows\System32\drivers\cmdguard.sys
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-26 17:21:50    23208    ----a-w-    C:\Windows\System32\drivers\Sftvollh.sys
2013-06-26 17:21:48    28840    ----a-w-    C:\Windows\System32\drivers\Sftredirlh.sys
2013-06-26 17:21:46    273576    ----a-w-    C:\Windows\System32\drivers\Sftplaylh.sys
2013-06-26 17:21:46    1777320    ----a-w-    C:\Windows\System32\sftldr.dll
2013-06-26 17:21:46    1130664    ----a-w-    C:\Windows\SysWow64\sftldr_wow64.dll
2013-06-26 17:21:44    767144    ----a-w-    C:\Windows\System32\drivers\Sftfslh.sys
2013-06-18 14:16:10    48360    ----a-w-    C:\Windows\System32\drivers\cmdhlp.sys
2013-06-18 14:16:08    23168    ----a-w-    C:\Windows\System32\drivers\cmderd.sys
2013-06-18 14:15:50    43216    ----a-w-    C:\Windows\System32\cmdcsr.dll
2013-06-18 14:15:48    437688    ----a-w-    C:\Windows\System32\guard64.dll
2013-06-18 14:15:48    348584    ----a-w-    C:\Windows\SysWow64\guard32.dll
2013-06-18 14:15:40    45784    ----a-w-    C:\Windows\System32\cmdkbd64.dll
2013-06-18 14:15:40    344792    ----a-w-    C:\Windows\System32\cmdvrt64.dll
2013-06-18 14:15:36    40664    ----a-w-    C:\Windows\SysWow64\cmdkbd32.dll
2013-06-18 14:15:36    278232    ----a-w-    C:\Windows\SysWow64\cmdvrt32.dll
.
============= FINISH:  6:20:46,17 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 16 September 2013 - 03:38 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 fzzx

fzzx
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 16 September 2013 - 05:22 AM

first yuo should be aware that there is something wrong with my computer which causes it to scan very slowly under 2mb per second when i saw your message which i saw immediatly because i use the check4change addon in firefox i was prefforming a quick scan with avast  ive been trying to complete a scan with avast since i installed it  hours ago it has taken 1 hour and 20 minutes to scan  and it has scanned 62 gb and it has found nothing which is amazing because before i installed it the antivirus installed was avg 2012 and it hadnt preformed a scan in over a year but i scanned with malwarebytes once all it found where some pups the scan  is at 96% complete i paused it when i saw your message and ran aswmbr it didnt need to update the virus definitions but i checked and it is the same one as in  my avast right before i started the aswmbr scan i used the analyse function in game booster it scanned hardware memory prosseses services in the event log it listed alot of problems like Windows Modules Installer cant start in about the last hour after the log the cpu usage has been increased alot sinse then i have installed game booster and i recently tried to use system restore to help with the slow read speed i did it twice and at the end it had an error and the problem wasent fixed the only thing that happenned with any significanse was that it reinnstalled a program called telenorhjelpen which is a legitimate program but avast picked up a rootkit as the program i think when i uninstalled it in avast settings i have set the fileshield to scan when any changes are made and i think when i use d system restore i put it back i tried to run a disc check with Scan for and attempt recovery of bad sectors but when i restarted al it said was something like theres no problem without even scanning

 

it just finished it took about an hour heres the log

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-16 11:25:22
-----------------------------
11:25:22.699    OS Version: Windows x64 6.1.7601 Service Pack 1
11:25:22.699    Number of processors: 2 586 0x2505
11:25:22.702    ComputerName: ELHAR-PC  UserName: elhar
11:25:44.024    Initialize success
11:26:01.010    AVAST engine defs: 13091500
11:27:48.406    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:27:48.409    Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
11:27:49.351    Disk 0 MBR read successfully
11:27:49.356    Disk 0 MBR scan
11:27:49.361    Disk 0 Windows 7 default MBR code
11:27:49.380    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13312 MB offset 2048
11:27:49.410    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 27265024
11:27:49.451    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       597066 MB offset 27469824
11:27:50.119    Disk 0 scanning C:\Windows\system32\drivers
11:29:19.951    Service scanning
11:31:22.444    Modules scanning
11:31:22.456    Disk 0 trace - called modules:
11:31:22.478    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:31:22.826    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005157700]
11:31:22.834    3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fe8050]
11:31:26.355    AVAST engine scan C:\Windows
11:31:45.733    AVAST engine scan C:\Windows\system32
11:43:03.668    AVAST engine scan C:\Windows\system32\drivers
11:44:05.236    AVAST engine scan C:\Users\elhar
12:13:35.072    AVAST engine scan C:\ProgramData
12:19:10.317    Scan finished successfully
12:19:48.219    Disk 0 MBR has been saved successfully to "C:\Users\fx\Desktop\MBR.dat"
12:19:48.258    The log file has been saved successfully to "C:\Users\fx\Desktop\aswMBR.txt"

 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 16 September 2013 - 05:28 AM

finish the malwarebytes scan and post the log, please.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 fzzx

fzzx
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 16 September 2013 - 05:36 AM

i wasent doing a malwarebyte scan now i havent done a malwerbyte scan since yesterday i can scan again but it will take some time heres the last log 

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.15.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
elhar :: ELHAR-PC [administrator]
 
Protection: Enabled
 
15.09.2013 16:01:30
mbam-log-2013-09-15 (16-01-30).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252905
Time elapsed: 10 minute(s), 30 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\elhar\Downloads\DTLite4471-0335.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
 
(end)


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 16 September 2013 - 05:42 AM

but avast picked up a rootkit

Please show me the avast log pointing out that avast found a rootkit.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 fzzx

fzzx
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 16 September 2013 - 05:45 AM

it wasent in a log it was  the file sheild wich reported it and it didnt have a log at the time



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 16 September 2013 - 05:57 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 fzzx

fzzx
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 16 September 2013 - 06:08 AM

i was looking to find the file sheild log but even thoug i  have turned on the log i cant see the file in the log folder and when looking through the log files i see that the virus has turned off my avast logs it did it 23 minutes after i started the aswmbr scan there is still alot of interesting stuff in the logs still there but the only mension of the telenor program was 02:41:44    AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of SVC: TelenorhjelpenSvc > C:\Program Files failed, C000003B.
16.09.2013    02:41:44    AAVM - scanning warning: x_AavmCheckFileDirectEx: SVC: TelenorhjelpenSvc > C:\Program Files (*RAW:SVC: TelenorhjelpenSvc > C:\Program Files) returning error, C000003B.
16.09.2013    02:43:01

 

and i dont think it was when it flagged it



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 16 September 2013 - 06:54 AM

Then go on with combofix, please.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 fzzx

fzzx
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 16 September 2013 - 06:57 AM

combofix has frosen at 95 prosent for over 30 minutes trying to extract out of a folder it has been 50 minutes since i started combofix isnt it suppose to take about 10 minutesi think i have had a internet connection the whole time during the beginning there was alot of cpu activity the biggest one was vuze remote at 40% but now during the last half hour it has been low  is there any point in waiting any longer should i try in safe mode insted or run rkill or something



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 16 September 2013 - 07:25 AM

If combofix doesn´t finish, reboot into safe mode and try again.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 fzzx

fzzx
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 16 September 2013 - 07:36 AM

im in safe mode but i was wondering where combofixs temp folder is so i can retreave what it has found and don up to when it stopped at 95 % theres got to be a way to find it if i run combofix again i think it all will be lost do you know some places i might look or should i just run it again



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 16 September 2013 - 07:52 AM

It won´t help us at this time. The problem is that there is either malware or serious damage to your system causing the tools to fail.

 

 

Let´s try something completely different:

 

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 fzzx

fzzx
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 16 September 2013 - 08:09 AM

i will try but when i have used the cmd in recovery before the windir is something like x/system32 and i diont think i can change to another letter like a usb i will try now and come back to you






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users