Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Vista Virus?


  • This topic is locked This topic is locked
8 replies to this topic

#1 acjax38

acjax38

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 20 October 2014 - 07:27 PM

My Hp Pavilion Dv5, windows vista home premium will no longer open windows. I can not access windows through the safe modes, I can only access the command prompt through the repair my computer option, using a recovery vista DVD.  

 
Using Command Prompt, I opened regedit.exe from there: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
 
Then noticed I didn't have Shell "Explorer.exe" Changed the shell value FROM "cmd.exe /k start cmd.exe" TO "Exporer.exe" 
 
Restarted and was back at square one. Black screen with the shell value being reset to "cmd.exe /k start cmd.exe"

Why can't I rename the shell? Is it because the explorer.exe file has been corrupted or deleted? Do I have a virus? If I do have a virus and attempt to restore my laptop will that solve the problem? Also I am unsure how to run the DDS tool through command prompt. Any advice would be greatly appreciated, thanks. 

 

Edited by acjax38, 21 October 2014 - 03:30 PM.


BC AdBot (Login to Remove)

 


#2 acjax38

acjax38
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 22 October 2014 - 01:18 PM

Any help would be great.


Edited by acjax38, 22 October 2014 - 05:33 PM.


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:05 AM

Posted 25 October 2014 - 07:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/552698 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 acjax38

acjax38
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 26 October 2014 - 12:00 PM

Hey,

I am having a problem with HP Pavilion Dv5 that is running Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English (United States). Just before the windows log in screen I get stuck at a black screen with only being able to see or use my mouse (some call it "Black Screen Of Death".) The problems started when I attempted to use my "Google Chrome" but for some reason it would not load, even in safe mode I would get "Google Chrome is no longer working." After a complete uninstall/re-install I figured there was no harm running a virus scan with (AVG antivirus free) but lost power in the middle. I do not have the original windows CD/DVD but I do have a USB with an .iso version.
 

Here are a few things I have tried already:
 
1) Booting up in safe mode: Stuck at a black screen with only being able to see or use my mouse 
 
2) System restore point: No system restore points could be found
 
3) Windows Memory Diagnostic Tool (in System Recovery Options): Everything checks out okay 
 
4) Startup Repair (in System Recovery Options): Could not detect a problem 
 
5) Pressing Ctrl+Alt+Del at the black screen does not seem to do anything

6) I ran this in command prompt: sfc /scannow /offbootdir=f:\ /offwindir=f:\windows

    Received this message: Windows Resource Protection found corrupt files but was unable to fix some of them. 
 
    Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example C:\windows\Logs\CBS\CBS.log

 

7)  Using Command Prompt, I typed regedit.exe from there: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

 
Then noticed I didn't have Shell "Explorer.exe" Changed the shell value FROM "cmd.exe /k start cmd.exe" TO "Exporer.exe" 
 
Restarted and was back at square one. Black screen with the shell value being reset to "cmd.exe /k start cmd.exe"

Lastly I am not sure how to get the DDS logs because I cannot access my desktop to be able to run it. Hopefully this was enough information to help begin the process to finding a cure. 

Thanks,
Arren 



 


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:05 AM

Posted 26 October 2014 - 06:43 PM

Greetings Arren and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar's Recovery Scan Tool

--------------------

For this step you will need a USB flash drive and start on a clean computer.
  • From a working computer please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool
----------

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:Option #2

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Option #3

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • FRST log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 acjax38

acjax38
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 26 October 2014 - 07:30 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01
Ran by SYSTEM on MINWINPC on 20-10-2014 13:41:35
Running from F:\
Platform: Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-03-14] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKU\Anton\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-01-19] (Hewlett-Packard Company)
HKU\Anton\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1653248 2009-12-29] (AWS Convergence Technologies, Inc.)
HKU\Anton\...\Run: [Epson Stylus NX330(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAA.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\Anton\...\Run: [Spotify Web Helper] => C:\Users\Anton\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-05] (Spotify Ltd)
HKU\Anton\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Anton\...\Run: [Google Update] => "C:\Users\Anton\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\Anton\...\Run: [MusicManager] => C:\Users\Anton\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-07-22] (Google Inc.)
HKU\Anton\...\Policies\system: [LogonHoursAction] 2
HKU\Anton\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Anton\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [ooVoo] => C\ooVoo.exe /minimized
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [ooVoo] => C\ooVoo.exe /minimized
HKU\TEMP\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\TEMP.USER-PC\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-17] (Lavasoft Limited)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S2 QPCapSvc; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292232 2008-04-23] ()
S2 QPSched; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [112008 2008-04-23] ()
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware)
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [97552 2012-02-07] (SANDBOXIE L.T.D)
S2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-20] (GFI Software)
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [9088 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\npf.sys [30336 2003-04-04] (Politecnico di Torino)
S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-09] (NVIDIA Corporation)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161432 2012-02-07] (SANDBOXIE L.T.D)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-04-02] ()
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263}; C:\Program Files (x86)\HP\QuickPlay\000.fcl [32240 2008-04-23] (Cyberlink Corp.)
S1 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 iSafeNetFilter; \??\C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-20 13:24 - 2014-10-20 13:25 - 00000000 ____D () C:\FRST
2014-10-20 09:00 - 2014-10-19 11:22 - 95535104 _____ () C:\Windows\System32\config\SOFTWARE.OLD
2014-10-20 09:00 - 2014-10-19 11:22 - 60968960 _____ () C:\Windows\System32\config\COMPONENTS.OLD
2014-10-20 09:00 - 2014-10-19 11:22 - 23298048 _____ () C:\Windows\System32\config\SYSTEM.OLD
2014-10-20 09:00 - 2014-10-19 11:22 - 01118208 _____ () C:\Windows\System32\config\DEFAULT.OLD
2014-10-20 09:00 - 2014-10-19 11:22 - 00094208 _____ () C:\Windows\System32\config\SAM.OLD
2014-10-20 09:00 - 2014-10-19 11:22 - 00024576 _____ () C:\Windows\System32\config\SECURITY.OLD
2014-10-19 19:09 - 2014-10-20 09:55 - 00024576 _____ () C:\bcd_backup
2014-10-19 19:09 - 2014-10-20 09:55 - 00021504 ____H () C:\bcd_backup.LOG
2014-10-18 10:43 - 2014-10-18 10:43 - 00002003 _____ () C:\Users\Anton\Desktop\Google Chrome (2).lnk
2014-10-17 21:23 - 2014-10-18 10:37 - 00002013 _____ () C:\Users\Anton\Desktop\Google Chrome.lnk
2014-10-17 18:42 - 2014-10-18 10:39 - 00000000 ____D () C:\Users\Anton\AppData\Local\Google
2014-10-17 17:52 - 2014-10-18 10:42 - 00003204 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1248127730-1873034875-153721851-1001
2014-10-17 17:51 - 2014-10-18 10:42 - 00003338 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1248127730-1873034875-153721851-1001
2014-10-17 17:27 - 2014-10-17 17:27 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\AVG2015
2014-10-17 17:21 - 2014-10-17 17:21 - 00000832 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-17 17:21 - 2014-10-17 17:21 - 00000832 _____ () C:\ProgramData\Desktop\AVG 2015.lnk
2014-10-17 17:11 - 2014-10-17 17:22 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-17 17:00 - 2014-10-17 19:01 - 00000000 ____D () C:\Users\Anton\AppData\Local\Avg2015
2014-10-17 11:05 - 2014-10-17 11:10 - 00000000 ____D () C:\Users\Anton\Desktop\User Data
2014-10-17 09:53 - 2014-10-17 09:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-17 09:50 - 2014-10-17 09:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-17 09:50 - 2014-10-17 09:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-17 09:50 - 2014-10-17 09:49 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-15 10:14 - 2014-09-16 22:57 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-10-15 10:14 - 2014-09-16 08:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 10:12 - 2014-09-27 15:41 - 02782208 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-10-15 09:41 - 2014-06-15 14:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2014-10-15 09:41 - 2014-06-15 14:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 09:41 - 2014-06-13 10:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 09:41 - 2014-06-13 10:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 09:41 - 2014-06-13 09:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\System32\mscorier.dll
2014-10-15 09:41 - 2014-06-13 09:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\System32\mscories.dll
2014-10-14 23:04 - 2014-09-04 15:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys
2014-10-14 16:51 - 2014-09-19 15:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-10-14 16:51 - 2014-09-19 15:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-10-14 16:51 - 2014-09-19 15:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-10-14 16:51 - 2014-09-19 15:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-10-14 16:51 - 2014-09-19 15:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-10-14 16:51 - 2014-09-19 15:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-10-14 16:51 - 2014-09-19 15:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-10-14 16:51 - 2014-09-19 15:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-10-14 16:51 - 2014-09-19 14:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 16:51 - 2014-09-19 14:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 16:51 - 2014-09-19 14:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 16:51 - 2014-09-19 14:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-14 16:51 - 2014-09-19 14:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 16:51 - 2014-09-19 14:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 16:51 - 2014-09-19 14:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 16:51 - 2014-09-19 14:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 16:51 - 2014-09-19 14:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 16:51 - 2014-09-19 14:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 16:50 - 2014-09-19 16:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-10-14 16:50 - 2014-09-19 15:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-10-14 16:50 - 2014-09-19 15:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-10-14 16:50 - 2014-09-19 15:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-10-14 16:50 - 2014-09-19 15:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-10-14 16:50 - 2014-09-19 15:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-10-14 16:50 - 2014-09-19 15:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-10-14 16:50 - 2014-09-19 15:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-10-14 16:50 - 2014-09-19 15:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-10-14 16:50 - 2014-09-19 15:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-10-14 16:50 - 2014-09-19 15:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2014-10-14 16:50 - 2014-09-19 15:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2014-10-14 16:50 - 2014-09-19 15:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2014-10-14 16:50 - 2014-09-19 14:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 16:50 - 2014-09-19 14:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 16:50 - 2014-09-19 14:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 16:50 - 2014-09-19 14:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-14 16:50 - 2014-09-19 14:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 16:50 - 2014-09-19 14:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 16:50 - 2014-09-19 14:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 16:50 - 2014-09-19 14:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 16:50 - 2014-09-19 14:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-14 16:50 - 2014-09-19 14:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-14 16:50 - 2014-09-19 14:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-08 09:58 - 2014-10-16 13:44 - 00000632 _____ () C:\Users\Anton\Desktop\links.txt
2014-09-23 23:08 - 2014-09-08 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-09-23 23:08 - 2014-09-08 22:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-21 19:00 - 2014-10-14 12:06 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-09-21 19:00 - 2014-06-14 06:03 - 00260696 _____ () C:\Windows\System32\unrar64.dll
2014-09-20 15:31 - 2014-09-20 15:31 - 00000000 ____D () C:\Users\Anton\Documents\PassMark
2014-09-20 15:28 - 2014-09-20 15:28 - 01000112 _____ (PassMark Software ) C:\Users\Anton\Downloads\batmon.exe
2014-09-20 06:59 - 2014-09-20 06:59 - 00000000 ____D () C:\Windows\Temp41E3C75F-47CC-D64A-C456-CCCB77E80860-Signatures
2014-09-20 06:57 - 2014-09-20 06:58 - 00000000 ____D () C:\6571002c204acf5db0412bd32df2
2014-09-20 04:49 - 2014-09-20 04:49 - 00796992 _____ (SlimWare Utilities, Inc.) C:\Users\Anton\Downloads\avg_dupt_stb_all_2015_1_otapfree1.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-20 05:02 - 2011-03-27 19:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-19 19:49 - 2006-11-02 05:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-19 08:09 - 2006-11-02 05:34 - 00000000 ____D () C:\Windows\System32\winevt
2014-10-18 13:21 - 2013-04-20 19:05 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-10-18 13:21 - 2010-12-17 21:38 - 00159195 _____ () C:\ProgramData\nvModes.001
2014-10-18 13:20 - 2011-07-02 16:01 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-18 13:20 - 2010-12-17 21:34 - 00159195 _____ () C:\ProgramData\nvModes.dat
2014-10-18 13:19 - 2006-11-02 07:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-18 13:19 - 2006-11-02 07:22 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-18 13:19 - 2006-11-02 07:22 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-18 10:51 - 2011-03-27 18:21 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1248127730-1873034875-153721851-1001UA.job
2014-10-18 10:51 - 2010-12-17 21:21 - 01112247 _____ () C:\Windows\WindowsUpdate.log
2014-10-18 10:51 - 2006-11-02 07:42 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-18 10:36 - 2013-05-29 09:11 - 10886768 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-10-18 10:20 - 2011-03-18 12:29 - 00103600 _____ () C:\Windows\PFRO.log
2014-10-18 09:59 - 2011-07-02 16:01 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-17 21:01 - 2011-03-27 18:20 - 00000000 ____D () C:\Users\Anton\AppData\Local\Deployment
2014-10-17 18:46 - 2011-07-02 16:00 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-17 17:51 - 2011-03-27 18:21 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1248127730-1873034875-153721851-1001Core.job
2014-10-17 17:42 - 2013-09-23 10:12 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-17 17:27 - 2014-07-17 09:54 - 00000000 ____D () C:\Users\Anton\AppData\Local\AVG
2014-10-17 17:22 - 2012-02-24 00:52 - 00001946 _____ () C:\Windows\Sandboxie.ini
2014-10-17 17:08 - 2011-03-27 19:12 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-17 17:06 - 2011-07-02 16:01 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 17:06 - 2011-07-02 16:01 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 16:45 - 2011-04-26 16:17 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-17 16:02 - 2013-12-18 16:35 - 00000095 _____ () C:\Users\Anton\AppData\Roaming\WB.CFG
2014-10-17 10:31 - 2011-09-20 15:44 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\Spotify
2014-10-17 10:26 - 2011-09-20 15:44 - 00000000 ____D () C:\Users\Anton\AppData\Local\Spotify
2014-10-17 10:10 - 2013-04-20 19:07 - 00001739 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-10-17 10:10 - 2013-04-20 19:07 - 00001739 _____ () C:\ProgramData\Desktop\Ad-Aware Antivirus.lnk
2014-10-17 09:28 - 2014-08-28 15:19 - 00000000 ____D () C:\Users\Anton\AppData\Local\Adobe
2014-10-16 10:19 - 2011-06-01 17:31 - 00000000 ____D () C:\Users\Anton\AppData\Local\WeatherBug
2014-10-15 13:19 - 2012-04-05 10:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-15 13:19 - 2011-05-17 12:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-15 10:12 - 2008-07-01 00:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 09:58 - 2006-11-02 04:46 - 00778132 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-10-09 19:18 - 2012-05-21 14:58 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\Mozilla
2014-10-08 09:29 - 2011-03-23 11:33 - 00007808 _____ () C:\Users\Anton\AppData\Local\d3d9caps.dat
2014-09-27 07:45 - 2006-11-02 05:33 - 00000000 ____D () C:\Windows\rescache
2014-09-21 22:42 - 2011-01-28 20:01 - 00278152 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-09-20 16:33 - 2011-03-17 15:58 - 00757978 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-20 16:23 - 2011-03-17 15:24 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-20 16:22 - 2012-08-08 19:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-20 16:22 - 2011-03-17 15:57 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-20 15:47 - 2013-09-07 11:38 - 00000000 ____D () C:\Users\Anton\Desktop\Txt files
 
Files to move or delete:
====================
C:\Users\Anton\jagex_cl_loginapplet_LIVE.dat
C:\Users\Anton\jagex_cl_runescape_LIVE.dat
C:\Users\Anton\jagex_cl_runescape_LIVE1.dat
C:\Users\Anton\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Anton\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Anton\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Anton\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Anton\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Anton\AppData\Local\Temp\lowproc.exe
C:\Users\Anton\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Anton\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Anton\AppData\Local\Temp\stubhelper.dll
C:\Users\Anton\AppData\Local\Temp\Uninstall.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 4062.27 MB
Available physical RAM: 3437.07 MB
Total Pagefile: 3792.19 MB
Available Pagefile: 3416.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:286.96 GB) (Free:145.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.13 GB) (Free:1.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:1.95 GB) (Free:1.95 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 61BEC753)
Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
 
 
LastRegBack: 2014-10-19 13:04
 
==================== End Of Log ============================


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:05 AM

Posted 26 October 2014 - 09:46 PM

Greetings Arren,

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S1 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 iSafeNetFilter; \??\C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\Anton\jagex_cl_loginapplet_LIVE.dat
C:\Users\Anton\jagex_cl_runescape_LIVE.dat
C:\Users\Anton\jagex_cl_runescape_LIVE1.dat
C:\Users\Anton\random.dat
C:\Users\Anton\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Anton\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Anton\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Anton\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Anton\AppData\Local\Temp\lowproc.exe
C:\Users\Anton\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Anton\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Anton\AppData\Local\Temp\stubhelper.dll
C:\Users\Anton\AppData\Local\Temp\Uninstall.exe
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Does your computer boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:05 AM

Posted 29 October 2014 - 02:24 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:05 AM

Posted 01 November 2014 - 11:01 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users