Jump to content

Infected with a Windows 7 Recovery Virus

Taizzz90

By Taizzz90
in Resolved Malware Removal Logs

 Share

Recommended Posts

Taizzz90

Taizzz90

Posted
Posted

Hi all!

 

I turned on my computer today, to find that the desktop background was black, many icons from the desktop were missing, the taskbar icons and programs in the start menu were missing, as well as not being able to open any programs due to not having enough permission.

 

I've booted the computer in Safe Mode with Networking, and made sure that I'm not connecting to the internet via a proxy which the virus may have installed.

 

I've followed a guide trying to remove this virus, but have failed along the way due to programs provided by the guide not working properly or as intended.

 

I'm not really sure where to start anymore, help would be appreciated.

 

Thanks!

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.....see if you can do this in regular or safe mode:

Please download Farbar Recovery Scan Tool and save it to a folder

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

Link to post
Share on other sites
Taizzz90

Taizzz90

Posted
  • Author
Posted

Welcome to the forum.....see if you can do this in regular or safe mode:

Please download Farbar Recovery Scan Tool and save it to a folder

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

Hi, thanks for the reply.

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-08-2013

Ran by Robbie (administrator) on 26-08-2013 09:36:35
Running from C:\Users\Robbie\AppData\Local\Google\Chrome\Application\29.0.1547.57
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(Google Inc.) C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - B:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2012-09-20] (Saitek)
HKLM\...\Run: [start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [CAHS1Sound] - C:\Windows\Syswow64\CAHS1.dll [8724480 2011-07-08] (C-Media Corporation)
HKLM\...\Run: [saiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2012-09-20] (Saitek)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [super-Charger] - C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [502328 2012-05-22] (MSI)
HKLM-x32\...\Run: [ControlCenterCount] - C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe [872448 2012-03-26] (MSI CO.,LTD.)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lycosa] - C:\Program Files (x86)\Razer\Lycosa\razerhid.exe [147456 2007-11-20] (Razer USA Ltd.)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2314416 2013-08-14] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Razer Mamba Elite Driver] - C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe [973720 2011-11-25] (Razer USA Ltd)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - B:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - B:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - B:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog9 01 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9 02 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9 03 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9 04 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9 15 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9-x64 01 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Winsock: Catalog9-x64 02 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Winsock: Catalog9-x64 03 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Winsock: Catalog9-x64 04 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Winsock: Catalog9-x64 15 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
==================== Services (Whitelisted) =================
 
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [142904 2012-05-22] (MSI)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-18] ()
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG)
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-14] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-14] (AVG Technologies)
S3 CorsairCAHS1; C:\Windows\System32\drivers\CAHS164.sys [1308160 2011-06-16] (C-Media Electronics Inc)
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [17936 2011-12-12] (Windows ® Win 7 DDK provider)
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [17936 2011-12-12] (Windows ® Win 7 DDK provider)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
S3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 SaiK0CD7; C:\Windows\System32\DRIVERS\SaiK0CD7.sys [180544 2012-09-20] (Saitek)
S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24680 2012-06-26] (Saitek)
S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52200 2012-09-20] (Saitek)
S3 SaiU0CD7; C:\Windows\System32\DRIVERS\SaiU0CD7.sys [47168 2012-09-20] (Saitek)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)
S3 ALSysIO; \??\C:\Users\Robbie\AppData\Local\Temp\ALSysIO64.sys [x]
S3 GPU-Z; \??\C:\Users\Robbie\AppData\Local\Temp\GPU-Z.sys [x]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-26 03:10 - 2013-08-26 03:10 - 00000000 ____D C:\Windows\system32\config\systemprofile\AppData\Roaming\Dual Monitor
2013-08-26 03:07 - 2013-08-26 01:38 - 00398752 _____ (Bleeping Computer, LLC) C:\Windows\system32\config\systemprofile\Desktop\unhide.exe
2013-08-26 03:06 - 2013-08-26 03:06 - 00003280 _____ C:\RKreport[0]_D_08262013_030633.txt
2013-08-26 03:06 - 2013-08-26 03:06 - 00003145 _____ C:\RKreport[0]_S_08262013_030631.txt
2013-08-26 03:06 - 2013-08-26 03:06 - 00001460 _____ C:\RKreport[0]_SC_08262013_030645.txt
2013-08-26 03:05 - 2013-08-26 03:06 - 00000000 ____D C:\RK_Quarantine
2013-08-26 03:03 - 2013-08-26 03:03 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-26 03:01 - 2013-08-26 03:01 - 00079408 _____ C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-26 03:01 - 2013-08-26 03:01 - 00000000 ____D C:\Windows\SysWOW64\cache
2013-08-26 03:01 - 2013-08-26 03:01 - 00000000 ____D C:\Windows\system32\config\systemprofile\AppData\Roaming\ATI
2013-08-26 03:01 - 2013-08-26 03:01 - 00000000 ____D C:\Windows\system32\config\systemprofile\AppData\Local\ATI
2013-08-26 03:00 - 2013-08-26 03:00 - 00001459 _____ C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-26 03:00 - 2013-08-26 03:00 - 00001425 _____ C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-08-26 03:00 - 2013-08-26 03:00 - 00000000 ____D C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-08-26 02:32 - 2013-08-26 02:32 - 01898112 _____ (Bleeping Computer, LLC) C:\Windows\system32\config\systemprofile\Desktop\WiNlOgOn.exe
2013-08-26 01:58 - 2013-08-26 09:36 - 00000026 _____ C:\Windows\Zone.Identifier
2013-08-26 01:19 - 2013-08-26 01:19 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2013-08-26 01:08 - 2013-08-26 03:00 - 00000000 ___RD C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-26 01:08 - 2013-08-26 03:00 - 00000000 ___RD C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-23 01:13 - 2013-08-23 01:13 - 00000000 ____D C:\Program Files (x86)\WTFast
2013-08-23 01:13 - 2012-07-11 13:12 - 00079464 _____ (Initex) C:\Windows\system32\WTFastDrv.dll
2013-08-23 01:13 - 2012-07-11 13:12 - 00072296 _____ (Initex) C:\Windows\SysWOW64\WTFastDrv.dll
2013-08-23 01:13 - 1997-06-06 15:52 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL
2013-08-17 13:08 - 2013-08-17 13:08 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-08-04 03:08 - 2013-08-04 03:08 - 00000000 ____D C:\$AVG
2013-07-27 23:54 - 2013-07-27 23:59 - 00000000 ____D C:\Program Files (x86)\Actual Multiple Monitors
 
==================== One Month Modified Files and Folders =======
 
2013-08-26 09:36 - 2013-08-26 01:58 - 00000026 _____ C:\Windows\Zone.Identifier
2013-08-26 03:31 - 2012-07-21 17:26 - 01848769 _____ C:\Windows\WindowsUpdate.log
2013-08-26 03:30 - 2012-10-24 18:15 - 00003028 _____ C:\Windows\System32\Tasks\MSIAfterburner
2013-08-26 03:30 - 2009-07-14 05:51 - 00243185 _____ C:\Windows\setupact.log
2013-08-26 03:10 - 2013-08-26 03:10 - 00000000 ____D C:\Windows\system32\config\systemprofile\AppData\Roaming\Dual Monitor
2013-08-26 03:10 - 2009-07-14 06:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-26 03:07 - 2009-07-14 05:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-26 03:07 - 2009-07-14 05:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-26 03:06 - 2013-08-26 03:06 - 00003280 _____ C:\RKreport[0]_D_08262013_030633.txt
2013-08-26 03:06 - 2013-08-26 03:06 - 00003145 _____ C:\RKreport[0]_S_08262013_030631.txt
2013-08-26 03:06 - 2013-08-26 03:06 - 00001460 _____ C:\RKreport[0]_SC_08262013_030645.txt
2013-08-26 03:06 - 2013-08-26 03:05 - 00000000 ____D C:\RK_Quarantine
2013-08-26 03:03 - 2013-08-26 03:03 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-26 03:01 - 2013-08-26 03:01 - 00079408 _____ C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-26 03:01 - 2013-08-26 03:01 - 00000000 ____D C:\Windows\SysWOW64\cache
2013-08-26 03:01 - 2013-08-26 03:01 - 00000000 ____D C:\Windows\system32\config\systemprofile\AppData\Roaming\ATI
2013-08-26 03:01 - 2013-08-26 03:01 - 00000000 ____D C:\Windows\system32\config\systemprofile\AppData\Local\ATI
2013-08-26 03:00 - 2013-08-26 03:00 - 00001459 _____ C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-26 03:00 - 2013-08-26 03:00 - 00001425 _____ C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-08-26 03:00 - 2013-08-26 03:00 - 00000000 ____D C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-08-26 03:00 - 2013-08-26 01:08 - 00000000 ___RD C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-26 03:00 - 2013-08-26 01:08 - 00000000 ___RD C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-26 03:00 - 2010-11-21 04:47 - 00027642 _____ C:\Windows\PFRO.log
2013-08-26 03:00 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-26 02:32 - 2013-08-26 02:32 - 01898112 _____ (Bleeping Computer, LLC) C:\Windows\system32\config\systemprofile\Desktop\WiNlOgOn.exe
2013-08-26 01:38 - 2013-08-26 03:07 - 00398752 _____ (Bleeping Computer, LLC) C:\Windows\system32\config\systemprofile\Desktop\unhide.exe
2013-08-26 01:27 - 2013-06-24 21:54 - 00000390 _____ C:\Windows\Tasks\update-S-1-5-21-2975226924-1097146262-4128622869-1000.job
2013-08-26 01:19 - 2013-08-26 01:19 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2013-08-25 21:54 - 2012-08-20 10:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-25 20:27 - 2012-07-21 20:21 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-25 18:27 - 2013-06-24 21:54 - 00000390 _____ C:\Windows\Tasks\update-sys.job
2013-08-25 14:27 - 2012-07-21 17:20 - 64663552 _____ C:\Windows\system32\config\RegBack\SOFTWARE
2013-08-25 14:27 - 2012-07-21 17:20 - 22249472 _____ C:\Windows\system32\config\RegBack\SYSTEM
2013-08-25 14:27 - 2012-07-21 17:20 - 00172032 _____ C:\Windows\system32\config\RegBack\DEFAULT
2013-08-25 14:27 - 2012-07-21 17:20 - 00098304 _____ C:\Windows\system32\config\RegBack\SAM
2013-08-25 14:27 - 2012-07-21 17:20 - 00028672 _____ C:\Windows\system32\config\RegBack\SECURITY
2013-08-23 01:13 - 2013-08-23 01:13 - 00000000 ____D C:\Program Files (x86)\WTFast
2013-08-21 12:24 - 2009-07-14 05:45 - 04954696 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-21 01:54 - 2012-08-20 10:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 01:54 - 2012-07-21 19:01 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 01:54 - 2012-07-21 19:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-18 11:26 - 2012-07-22 14:25 - 00000000 ____D C:\Program Files (x86)\Origin
2013-08-17 13:08 - 2013-08-17 13:08 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-08-17 02:04 - 2012-07-21 23:16 - 00357557 _____ C:\Windows\DirectX.log
2013-08-14 20:29 - 2013-04-27 13:20 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-08-14 20:29 - 2013-04-27 13:15 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-08-09 14:18 - 2013-02-12 18:38 - 00000000 ____D C:\Program Files (x86)\Razer
2013-08-04 03:08 - 2013-08-04 03:08 - 00000000 ____D C:\$AVG
2013-08-04 03:08 - 2013-03-02 18:29 - 00000000 ____D C:\Windows\system32\config\systemprofile\AppData\Local\Avg2013
2013-08-04 02:38 - 2013-03-06 23:32 - 00000000 ____D C:\Program Files (x86)\AVG
2013-07-27 23:59 - 2013-07-27 23:54 - 00000000 ____D C:\Program Files (x86)\Actual Multiple Monitors
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-08-25 14:27
 
==================== End Of Log ============================
 
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-08-2013
Ran by Robbie at 2013-08-26 09:36:51
Running from C:\Users\Robbie\AppData\Local\Google\Chrome\Application\29.0.1547.57
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Installed Programs =======================
 
   
 2013 (Version: 2013.0.3392)
Actual Multiple Monitors 5.1.1 (x32 Version: 5.1.1)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Reader X (10.1.6) (x32 Version: 10.1.6)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
AMD Steady Video Plug-In  (Version: 2.03.0000)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.0.0.59)
Audacity 2.0 (x32)
AVG 2013 (Version: 13.0.3211)
AVG 2013 (Version: 13.0.3392)
AVG PC TuneUp (x32 Version: 12.0.4000.108)
AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4000.108)
AVG Security Toolbar (x32 Version: 15.5.0.2)
Battlefield 3™ (x32 Version: 1.0.0.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225)
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225)
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225)
CCC Help Czech (x32 Version: 2013.0328.2217.38225)
CCC Help Danish (x32 Version: 2013.0328.2217.38225)
CCC Help Dutch (x32 Version: 2013.0328.2217.38225)
CCC Help English (x32 Version: 2013.0328.2217.38225)
CCC Help Finnish (x32 Version: 2013.0328.2217.38225)
CCC Help French (x32 Version: 2013.0328.2217.38225)
CCC Help German (x32 Version: 2013.0328.2217.38225)
CCC Help Greek (x32 Version: 2013.0328.2217.38225)
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225)
CCC Help Italian (x32 Version: 2013.0328.2217.38225)
CCC Help Japanese (x32 Version: 2013.0328.2217.38225)
CCC Help Korean (x32 Version: 2013.0328.2217.38225)
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225)
CCC Help Polish (x32 Version: 2013.0328.2217.38225)
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225)
CCC Help Russian (x32 Version: 2013.0328.2217.38225)
CCC Help Spanish (x32 Version: 2013.0328.2217.38225)
CCC Help Swedish (x32 Version: 2013.0328.2217.38225)
CCC Help Thai (x32 Version: 2013.0328.2217.38225)
CCC Help Turkish (x32 Version: 2013.0328.2217.38225)
ccc-utility64 (Version: 2013.0328.2218.38225)
CLICKBIOSII (x32 Version: 1.0.072)
ControlCenter (x32 Version: 2.2.091)
Core Temp 1.0 RC3 (Version: 1.0)
Corsair USB Headset (x32 Version: 1.00.0007)
Crysis® 2 (x32 Version: 1.9.0.0)
Cube World v0.1.0 (FIXED)(5 July 2013) (x32 Version: 0.1.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dual-Core Optimizer (x32 Version: 1.1.4.0169)
Dxtory version 2.0.119 (x32 Version: 2.0.119)
ESN Sonar (x32 Version: 0.70.4)
FFmpeg v0.6.2 for Audacity (x32)
FLV-Media-Player (x32 Version: 2.0.3.2532)
Geeks3D.com FurMark 1.10.4 (x32)
GTK2-Runtime (x32 Version: 2.22.0-2010-10-21-ash)
Gyazo 1.0 (x32)
Half-Life Dedicated Server Update Tool (x32)
HitmanPro 3.7 (Version: 3.7.7.203)
HydraVision (x32 Version: 4.2.228.0)
HyperCam 3 (x32 Version: 3.4.1205.23)
Intel® Management Engine Components (x32 Version: 8.0.10.1464)
Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.225)
Intel® Trusted Connect Service Client (Version: 1.23.943.1)
iTunes (Version: 10.7.0.21)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java SE Development Kit 7 Update 10 (64-bit) (Version: 1.7.0.100)
JavaFX 2.1.1 (x32 Version: 2.1.1)
K8100 (x32 Version: 1.02.0000)
Lagarith Lossless Codec (1.3.27) (x32)
LAME v3.99.3 (for Windows) (x32)
Live Update 5 (x32 Version: 5.0.101)
Logitech Gaming Software 5.10 (Version: 5.10.127)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MCSkin3D version 1.4 (x32 Version: 1.4)
Media Player Codec Pack 4.2.6 (x32 Version: 4.2.6)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Word 2010 (Version: 14.0.6029.1000)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mozilla Thunderbird 17.0.6 (x86 en-GB) (x32 Version: 17.0.6)
MSI Afterburner 2.2.4 (x32 Version: 2.2.4)
MSI Kombustor 2.4.2 (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML4 Parser (x32 Version: 1.0.0)
Notepad++ (x32 Version: 6.2)
NVIDIA PhysX (x32 Version: 9.11.1111)
OpenAL (x32)
Origin (x32 Version: 8.6.0.357)
PDF Settings CS6 (x32 Version: 11.0)
Photo Gallery (x32 Version: 16.4.3505.0912)
PowerISO (x32 Version: 5.3)
QuickTime (x32 Version: 7.74.80.86)
Rapture3D 2.4.11 Game (x32)
Razer Lycosa (x32 Version: 1.00.0000)
Razer Mamba (x32 Version: 2.01.05)
Realtek Ethernet Controller Driver (x32 Version: 7.53.216.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6631)
Rockstar Games Social Club (x32 Version: 1.00.0000)
RollerCoaster Tycoon 3 Platinum (x32 Version: 1.00.000)
RuneScape Launcher 1.2.2 (x32 Version: 1.2.2)
SimCity™ (x32 Version: 1.0.0.0)
Skype™ 6.6 (x32 Version: 6.6.106)
Smart Technology Programming Software 7.0.20.0 (Version: 7.0.20.0)
Steam (x32 Version: 1.0.0.0)
Super-Charger (x32 Version: 1.2.010)
System Requirements Lab CYRI (x32 Version: 5.0.6.0)
System Requirements Lab Test (x32 Version: 5.0.6.0)
TeamViewer 8 (x32 Version: 8.0.16642)
TechPowerUp GPU-Z (x32)
Terraria (x32)
The Elder Scrolls V: Skyrim (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Uplay (x32 Version: 2.0)
Vegas Pro 11.0 (64-bit) (Version: 11.0.511)
Virtual Audio Cable 4.10
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.7 (x32 Version: 2.0.7)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
WTFast 2.13 (x32)
XSplit Broadcaster (x32 Version: 1.3.1308.0202)
YTD Video Downloader 3.9.6 (x32 Version: 3.9.6)
 
==================== Restore Points  =========================
 
19-08-2013 11:34:12 Installed osu!
19-08-2013 11:54:59 Removed osu!
 
==================== Hosts content: ==========================
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {58236E3F-2B69-472E-991D-E7D3F45E39FC} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {629F6F79-D15B-41EB-A905-10B8A75822FE} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-02-23] ()
Task: {682E543F-57C4-4C26-BD2C-F4702C017474} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {6C67A0F3-729E-4F87-904C-16CC5EF58A65} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {74759C24-A98A-4FD1-B66F-0CE54E3CC26C} - System32\Tasks\update-S-1-5-21-2975226924-1097146262-4128622869-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-02-23] ()
Task: {8268D717-DB1F-4A2D-862D-D37981FDE707} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)
Task: {B0649B4E-2727-45E3-BC40-C580675CE96F} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2012-08-23] (AVG)
Task: {F3EA8EFF-F350-460A-9EA4-501C32DAE161} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2012-09-17] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\update-S-1-5-21-2975226924-1097146262-4128622869-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/26/2013 09:35:04 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Robbies-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (08/26/2013 03:30:45 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Robbies-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (08/26/2013 03:30:45 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Robbies-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (08/26/2013 03:30:45 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Robbies-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (08/26/2013 03:30:45 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Robbies-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (08/26/2013 03:02:35 AM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/26/2013 03:00:47 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Robbies-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (08/26/2013 03:00:47 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Robbies-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (08/26/2013 03:00:47 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Robbies-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (08/26/2013 03:00:47 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Robbies-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
 
System errors:
=============
Error: (08/26/2013 09:35:11 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
Error: (08/26/2013 09:35:10 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/26/2013 09:35:10 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/26/2013 09:35:10 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/26/2013 09:35:10 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/26/2013 09:35:10 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/26/2013 09:35:10 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/26/2013 09:35:09 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (08/26/2013 09:35:04 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/26/2013 09:35:02 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (08/26/2013 09:35:04 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Robbies-PC)
Description: Access is denied.
 
Error: (08/26/2013 03:30:45 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Robbies-PC)
Description: Access is denied.
 
Error: (08/26/2013 03:30:45 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Robbies-PC)
Description: Access is denied.
 
Error: (08/26/2013 03:30:45 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Robbies-PC)
Description: Access is denied.
 
Error: (08/26/2013 03:30:45 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Robbies-PC)
Description: Access is denied.
 
Error: (08/26/2013 03:02:35 AM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/26/2013 03:00:47 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Robbies-PC)
Description: Access is denied.
 
Error: (08/26/2013 03:00:47 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Robbies-PC)
Description: Access is denied.
 
Error: (08/26/2013 03:00:47 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Robbies-PC)
Description: Access is denied.
 
Error: (08/26/2013 03:00:47 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Robbies-PC)
Description: Access is denied.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 7%
Total physical RAM: 16337.56 MB
Available physical RAM: 15097.04 MB
Total Pagefile: 16335.74 MB
Available Pagefile: 15108.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive b: (Local Disk) (Fixed) (Total:931.51 GB) (Free:431.64 GB) NTFS
Drive c: () (Fixed) (Total:111.57 GB) (Free:10.31 GB) NTFS
Drive i: (ESD-USB) (Removable) (Total:14.73 GB) (Free:11.86 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 69912C42)
 
Partition: GPT Partition Type
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 4251ED4F)
 
Partition: GPT Partition Type
========================================================
Disk: 6 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
 
==================== End Of Log ============================
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

I'm not seeing anything, see if you can run ComboFix:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites
Taizzz90

Taizzz90

Posted
  • Author
Posted

I'm not seeing anything, see if you can run ComboFix:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

 

 

When I try to run ComboFix from my Desktop it comes up with an error message saying "Error installing launcher".

 

I've made sure that it's from the desktop, and that all windows are closed whilst running it.

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

They show in your log:

2013-08-26 03:06 - 2013-08-26 03:06 - 00003280 _____ C:\RKreport[0]_D_08262013_030633.txt

2013-08-26 03:06 - 2013-08-26 03:06 - 00003145 _____ C:\RKreport[0]_S_08262013_030631.txt

2013-08-26 03:06 - 2013-08-26 03:06 - 00001460 _____ C:\RKreport[0]_SC_08262013_030645.txt

2013-08-26 03:06 - 2013-08-26 03:05 - 00000000 ____D C:\RK_Quarantine

MrC

Link to post
Share on other sites
Taizzz90

Taizzz90

Posted
  • Author
Posted

Well there's 3 different logs, so I'll just paste them all to be on the safe-side.

 

RKreport[0]_D_08262013_030633

 

RogueKiller V8.6.6 [Aug 19 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Robbie [Admin rights]
Mode : Remove -- Date : 08/26/2013 03:06:33
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][sUSP PATH] HKUS\S-1-5-21-2975226924-1097146262-4128622869-1000.bak\[...]\Run : CoppyMe (C:\Users\Robbie\AppData\Roaming\CoppyMe\CoppyMe.exe [-]) -> DELETED
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 5 ¤¤¤
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2975226924-1097146262-4128622869-1000UA.job : C:\Users\Robbie\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> DELETED
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2975226924-1097146262-4128622869-1000Core.job : C:\Users\Robbie\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> DELETED
[V2][sUSP PATH] Google Updater and Installer : C:\Users\Robbie\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> DELETED
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2975226924-1097146262-4128622869-1000Core : C:\Users\Robbie\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> DELETED
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2975226924-1097146262-4128622869-1000UA : C:\Users\Robbie\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> DELETED
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST1000DM003-9YN162 +++++
--- User ---
[MBR] 2d92dde7baaa620c15fffef1de86cc26
[bSP] 1fb76fd5d388112a15c55b44d7771a6b : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: ST1000DM003-9YN162 +++++
--- User ---
[MBR] 06e083cefaa5c2f8612c7bd75746b0c3
[bSP] 3f173500e427f4733b31b9ade70f001b : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_08262013_030633.txt >>
RKreport[0]_S_08262013_030631.txt
 
 
 

 

RKreport[0]_S_08262013_030631

 

RogueKiller V8.6.6 [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Robbie [Admin rights]
Mode : Scan -- Date : 08/26/2013 03:06:31
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][sUSP PATH] HKUS\S-1-5-21-2975226924-1097146262-4128622869-1000.bak\[...]\Run : CoppyMe (C:\Users\Robbie\AppData\Roaming\CoppyMe\CoppyMe.exe [-]) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 5 ¤¤¤
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2975226924-1097146262-4128622869-1000UA.job : C:\Users\Robbie\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2975226924-1097146262-4128622869-1000Core.job : C:\Users\Robbie\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][sUSP PATH] Google Updater and Installer : C:\Users\Robbie\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2975226924-1097146262-4128622869-1000Core : C:\Users\Robbie\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2975226924-1097146262-4128622869-1000UA : C:\Users\Robbie\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST1000DM003-9YN162 +++++
--- User ---
[MBR] 2d92dde7baaa620c15fffef1de86cc26
[bSP] 1fb76fd5d388112a15c55b44d7771a6b : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: ST1000DM003-9YN162 +++++
--- User ---
[MBR] 06e083cefaa5c2f8612c7bd75746b0c3
[bSP] 3f173500e427f4733b31b9ade70f001b : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_08262013_030631.txt >>
 
 
 

 

 

 

RKreport[0]_SC_08262013_030645

 

RogueKiller V8.6.6 [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Robbie [Admin rights]
Mode : Shortcuts HJfix -- Date : 08/26/2013 03:06:45
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 0 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 0 / Fail 0
Backup: [NOT FOUND]
 
Drives:
[b:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[C:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[F:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume7 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume8 -- 0x2 --> Restored
 
¤¤¤ Infection :  ¤¤¤
 
Finished : << RKreport[0]_SC_08262013_030645.txt >>
RKreport[0]_D_08262013_030633.txt;RKreport[0]_S_08262013_030631.txt
 
 

 

Link to post
Share on other sites
Taizzz90

Taizzz90

Posted
  • Author
Posted

When did this all start, you have a couple of good restore points and a good back-up of the registry (note the date)

19-08-2013 11:34:12 Installed osu!

19-08-2013 11:54:59 Removed osu!

LastRegBack: 2013-08-25 14:27

MrC

 

Well at the moment it's 3PM, and this happened about 3AM, so roughly 12 hours ago.

 

If nothing else seems to work, then I'll revert to a restore point if it's necessary.

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

See if you can do this...you'll need a flash drive:

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:

      • Startup Repair

        System Restore

        Windows Complete PC Restore

        Windows Memory Diagnostic Tool

        Command Prompt

        Select Command Prompt

        Once in the Command Prompt:

    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

      Note: Replace letter e with the drive letter of your flash drive.

    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
MrC
Link to post
Share on other sites
Taizzz90

Taizzz90

Posted
  • Author
Posted

See if you can do this...you'll need a flash drive:

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
      •  
      • Startup Repair

        System Restore

        Windows Complete PC Restore

        Windows Memory Diagnostic Tool

        Command Prompt

        Select Command Prompt

        Once in the Command Prompt:

    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

      Note: Replace letter e with the drive letter of your flash drive.

    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
MrC

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-08-2013
Ran by SYSTEM on 26-08-2013 15:17:23
Running from J:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - B:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2012-09-20] (Saitek)
HKLM\...\Run: [start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [CAHS1Sound] - C:\Windows\Syswow64\CAHS1.dll [8724480 2011-07-08] (C-Media Corporation)
HKLM\...\Run: [saiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2012-09-20] (Saitek)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [super-Charger] - C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [502328 2012-05-22] (MSI)
HKLM-x32\...\Run: [ControlCenterCount] - C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe [872448 2012-03-26] (MSI CO.,LTD.)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lycosa] - C:\Program Files (x86)\Razer\Lycosa\razerhid.exe [147456 2007-11-20] (Razer USA Ltd.)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2314416 2013-08-14] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-06-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Razer Mamba Elite Driver] - C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe [973720 2011-11-25] (Razer USA Ltd)
HKU\Admin\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-01-31] (AMD)
HKU\Robbie\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1811880 2013-08-21] (Valve Corporation)
HKU\Robbie\...\Run: [RocketDock] - "C:\Program Files (x86)\RocketDock\RocketDock.exe" [x]
HKU\Robbie\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Robbie\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-01-31] (AMD)
HKU\Robbie\...\Run: [uTorrent] - "B:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED [x]
HKU\Robbie\...\Run: [Actual Multiple Monitors] - C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe [1735472 2013-04-15] (Actual Tools)
HKU\Robbie\...\Policies\system: [DisableLockWorkstation] 0
HKU\TEMP\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-01-31] (AMD)
 
==================== Services (Whitelisted) =================
 
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [142904 2012-05-22] (MSI)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-18] ()
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG)
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-14] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-19] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-19] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-19] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-19] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-06-30] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-09] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-20] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-14] (AVG Technologies)
S3 CorsairCAHS1; C:\Windows\System32\drivers\CAHS164.sys [1308160 2011-06-16] (C-Media Electronics Inc)
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [17936 2011-12-12] (Windows ® Win 7 DDK provider)
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [17936 2011-12-12] (Windows ® Win 7 DDK provider)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
S3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 SaiK0CD7; C:\Windows\System32\DRIVERS\SaiK0CD7.sys [180544 2012-09-20] (Saitek)
S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24680 2012-06-26] (Saitek)
S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52200 2012-09-20] (Saitek)
S3 SaiU0CD7; C:\Windows\System32\DRIVERS\SaiU0CD7.sys [47168 2012-09-20] (Saitek)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)
S3 ALSysIO; \??\C:\Users\Robbie\AppData\Local\Temp\ALSysIO64.sys [x]
S3 GPU-Z; \??\C:\Users\Robbie\AppData\Local\Temp\GPU-Z.sys [x]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-25 18:06 - 2013-08-25 18:06 - 00003280 _____ C:\RKreport[0]_D_08262013_030633.txt
2013-08-25 18:06 - 2013-08-25 18:06 - 00003145 _____ C:\RKreport[0]_S_08262013_030631.txt
2013-08-25 18:06 - 2013-08-25 18:06 - 00001460 _____ C:\RKreport[0]_SC_08262013_030645.txt
2013-08-25 18:05 - 2013-08-25 18:06 - 00000000 ____D C:\RK_Quarantine
2013-08-25 18:05 - 2013-08-25 18:05 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\AVG
2013-08-25 18:03 - 2013-08-25 18:03 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-25 18:03 - 2013-08-25 18:03 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-25 18:02 - 2013-08-25 18:04 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-25 18:01 - 2013-08-25 18:11 - 00000000 ____D C:\Users\TEMP\AppData\Local\Avg2013
2013-08-25 18:01 - 2013-08-25 18:01 - 00000000 ____D C:\Windows\SysWOW64\cache
2013-08-25 18:01 - 2013-08-25 18:01 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\AVG2013
2013-08-25 16:58 - 2013-08-26 06:10 - 00000026 _____ C:\Windows\Zone.Identifier
2013-08-25 16:27 - 2013-08-25 16:27 - 00000003 _____ C:\Users\Default\AppData\Local\updater.log
2013-08-25 16:27 - 2013-08-25 16:27 - 00000003 _____ C:\Users\Default User\AppData\Local\updater.log
2013-08-25 16:21 - 2013-08-25 16:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\AVG
2013-08-25 16:21 - 2013-08-25 16:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\AVG
2013-08-25 16:19 - 2013-08-26 01:02 - 00000000 ____D C:\Windows\System32\%LOCALAPPDATA%
2013-08-25 16:06 - 2013-03-07 13:05 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\TuneUp Software
2013-08-25 16:06 - 2012-09-09 10:12 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Macromedia
2013-08-22 16:13 - 2013-08-22 16:13 - 00000000 ____D C:\Program Files (x86)\WTFast
2013-08-22 16:13 - 2012-07-11 04:12 - 00079464 _____ (Initex) C:\Windows\System32\WTFastDrv.dll
2013-08-22 16:13 - 2012-07-11 04:12 - 00072296 _____ (Initex) C:\Windows\SysWOW64\WTFastDrv.dll
2013-08-22 16:13 - 1997-06-06 06:52 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL
2013-08-17 04:09 - 2013-08-17 04:09 - 00000000 ____D C:\Users\Robbie\AppData\Local\SplitMediaLabs
2013-08-17 04:08 - 2013-08-17 04:08 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-08-17 04:08 - 2013-08-17 04:08 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\SplitMediaLabs
2013-08-17 04:08 - 2013-08-17 04:08 - 00000000 ____D C:\ProgramData\SplitMediaLabs
2013-08-03 18:08 - 2013-08-03 18:08 - 00000965 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-08-03 18:08 - 2013-08-03 18:08 - 00000000 ____D C:\$AVG
2013-07-30 17:19 - 2013-08-25 11:27 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\CoppyMe
2013-07-27 14:54 - 2013-07-27 14:59 - 00000000 ____D C:\Program Files (x86)\Actual Multiple Monitors
2013-07-27 14:54 - 2013-07-27 14:54 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\Actual Tools
2013-07-27 09:35 - 2013-07-27 09:35 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\Realtime Soft
 
==================== One Month Modified Files and Folders =======
 
2013-08-26 06:10 - 2013-08-25 16:58 - 00000026 _____ C:\Windows\Zone.Identifier
2013-08-26 01:02 - 2013-08-25 16:19 - 00000000 ____D C:\Windows\System32\%LOCALAPPDATA%
2013-08-26 00:39 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-26 00:36 - 2013-08-26 00:36 - 00000000 ____D C:\FRST
2013-08-25 18:31 - 2012-07-21 08:26 - 01848769 _____ C:\Windows\WindowsUpdate.log
2013-08-25 18:30 - 2012-10-24 09:15 - 00003028 _____ C:\Windows\System32\Tasks\MSIAfterburner
2013-08-25 18:30 - 2009-07-13 20:51 - 00243185 _____ C:\Windows\setupact.log
2013-08-25 18:11 - 2013-08-25 18:01 - 00000000 ____D C:\Users\TEMP\AppData\Local\Avg2013
2013-08-25 18:07 - 2009-07-13 20:45 - 00022064 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-25 18:07 - 2009-07-13 20:45 - 00022064 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-25 18:06 - 2013-08-25 18:06 - 00003280 _____ C:\RKreport[0]_D_08262013_030633.txt
2013-08-25 18:06 - 2013-08-25 18:06 - 00003145 _____ C:\RKreport[0]_S_08262013_030631.txt
2013-08-25 18:06 - 2013-08-25 18:06 - 00001460 _____ C:\RKreport[0]_SC_08262013_030645.txt
2013-08-25 18:06 - 2013-08-25 18:05 - 00000000 ____D C:\RK_Quarantine
2013-08-25 18:05 - 2013-08-25 18:05 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\AVG
2013-08-25 18:04 - 2013-08-25 18:02 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-25 18:03 - 2013-08-25 18:03 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-25 18:03 - 2013-08-25 18:03 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-25 18:01 - 2013-08-25 18:01 - 00000000 ____D C:\Windows\SysWOW64\cache
2013-08-25 18:01 - 2013-08-25 18:01 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\AVG2013
2013-08-25 18:00 - 2010-11-20 19:47 - 00027642 _____ C:\Windows\PFRO.log
2013-08-25 18:00 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-25 16:27 - 2013-08-25 16:27 - 00000003 _____ C:\Users\Default\AppData\Local\updater.log
2013-08-25 16:27 - 2013-08-25 16:27 - 00000003 _____ C:\Users\Default User\AppData\Local\updater.log
2013-08-25 16:27 - 2013-06-24 12:54 - 00000390 _____ C:\Windows\Tasks\update-S-1-5-21-2975226924-1097146262-4128622869-1000.job
2013-08-25 16:21 - 2013-08-25 16:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\AVG
2013-08-25 16:21 - 2013-08-25 16:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\AVG
2013-08-25 16:17 - 2012-07-22 06:50 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-25 16:17 - 2012-07-22 06:50 - 00000000 ____D C:\ProgramData\Skype
2013-08-25 13:05 - 2013-02-23 06:22 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\.minecraft
2013-08-25 13:05 - 2012-07-22 06:50 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\Skype
2013-08-25 13:05 - 2012-07-21 11:18 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\uTorrent
2013-08-25 12:54 - 2012-08-20 01:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-25 12:08 - 2013-06-12 12:31 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\vlc
2013-08-25 11:27 - 2013-07-30 17:19 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\CoppyMe
2013-08-25 11:27 - 2012-07-21 11:21 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-25 09:27 - 2013-06-24 12:54 - 00000390 _____ C:\Windows\Tasks\update-sys.job
2013-08-25 08:56 - 2013-03-02 09:26 - 00000000 ____D C:\ProgramData\MFAData
2013-08-23 07:11 - 2013-06-17 11:54 - 00000000 ____D C:\Users\Robbie\AppData\Local\Eclipse
2013-08-22 20:32 - 2012-08-06 05:29 - 00000132 _____ C:\Users\Robbie\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-08-22 16:13 - 2013-08-22 16:13 - 00000000 ____D C:\Program Files (x86)\WTFast
2013-08-21 03:24 - 2009-07-13 20:45 - 04954696 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-20 16:54 - 2012-08-20 01:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 16:54 - 2012-07-21 10:01 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 16:54 - 2012-07-21 10:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 09:30 - 2012-07-21 08:51 - 00079408 _____ C:\Users\Robbie\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-20 03:43 - 2013-06-17 07:18 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\TS3Client
2013-08-18 21:16 - 2012-07-25 04:03 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\Audacity
2013-08-18 02:26 - 2012-07-22 05:25 - 00000000 ____D C:\Program Files (x86)\Origin
2013-08-17 04:09 - 2013-08-17 04:09 - 00000000 ____D C:\Users\Robbie\AppData\Local\SplitMediaLabs
2013-08-17 04:08 - 2013-08-17 04:08 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-08-17 04:08 - 2013-08-17 04:08 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\SplitMediaLabs
2013-08-17 04:08 - 2013-08-17 04:08 - 00000000 ____D C:\ProgramData\SplitMediaLabs
2013-08-16 17:04 - 2012-07-21 14:16 - 00357557 _____ C:\Windows\DirectX.log
2013-08-14 11:29 - 2013-04-27 04:20 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-08-14 11:29 - 2013-04-27 04:15 - 00045856 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-08-14 11:11 - 2012-07-22 05:26 - 00000000 ____D C:\Users\Robbie\AppData\Local\Origin
2013-08-14 11:11 - 2012-07-22 05:25 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\Origin
2013-08-10 08:08 - 2013-05-24 15:24 - 00000000 ____D C:\Users\Robbie\AppData\Local\Thunderbird
2013-08-09 05:18 - 2013-02-12 09:38 - 00000000 ____D C:\Program Files (x86)\Razer
2013-08-03 18:08 - 2013-08-03 18:08 - 00000965 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-08-03 18:08 - 2013-08-03 18:08 - 00000000 ____D C:\$AVG
2013-08-03 18:08 - 2013-03-02 09:29 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-03 17:38 - 2013-03-06 14:32 - 00000000 ____D C:\Program Files (x86)\AVG
2013-07-27 14:59 - 2013-07-27 14:54 - 00000000 ____D C:\Program Files (x86)\Actual Multiple Monitors
2013-07-27 14:54 - 2013-07-27 14:54 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\Actual Tools
2013-07-27 09:35 - 2013-07-27 09:35 - 00000000 ____D C:\Users\Robbie\AppData\Roaming\Realtime Soft
 
Files to move or delete:
====================
C:\Users\Robbie\jagex_cl_loginapplet_LIVE.dat
C:\Users\Robbie\jagex_cl_oldschool_LIVE.dat
C:\Users\Robbie\jagex_cl_runescape_LIVE.dat
C:\Users\Robbie\jagex_cl_runescape_LIVE1.dat
C:\Users\Robbie\random.dat
C:\Users\Robbie\AppData\Local\Temp\ammemb.dll
C:\Users\Robbie\AppData\Local\Temp\ammemb64.dll
C:\Users\Robbie\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.2-R1.0-20-g58c4152-b2810jnks.dll
C:\Users\Robbie\AppData\Local\Temp\7zS16B9.tmp\avgmfapx.exe
C:\Users\Robbie\AppData\Local\Temp\7zS16B9.tmp\avgmfarx.dll
C:\Users\Robbie\AppData\Local\Temp\7zS16B9.tmp\avgntdumpx.exe
C:\Users\Robbie\AppData\Local\Temp\7zS16B9.tmp\avgrdtesta.exe
C:\Users\Robbie\AppData\Local\Temp\7zS16B9.tmp\avgrdtestx.exe
C:\Users\Robbie\AppData\Local\Temp\7zS16B9.tmp\avgrunasx.exe
C:\Users\Robbie\AppData\Local\Temp\7zS16B9.tmp\htmlayout.dll
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-08-19 03:34:15
Restore point made on: 2013-08-19 03:55:03
 
==================== Memory info =========================== 
 
Percentage of memory in use: 6%
Total physical RAM: 16337.56 MB
Available physical RAM: 15207.45 MB
Total Pagefile: 16335.76 MB
Available Pagefile: 15194.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.57 GB) (Free:10.07 GB) NTFS
Drive j: (ESD-USB) (Removable) (Total:14.73 GB) (Free:11.86 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Local Disk) (Fixed) (Total:931.51 GB) (Free:431.64 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 69912C42)
 
Partition: GPT Partition Type
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 4251ED4F)
 
Partition: GPT Partition Type
========================================================
Disk: 6 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
 
 
LastRegBack: 2013-08-25 05:27
 
==================== End Of Log ============================
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Let me know if there's any difference....MrC

Link to post
Share on other sites
Taizzz90

Taizzz90

Posted
  • Author
Posted

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Let me know if there's any difference....MrC

 

 
Okay, so everything seems to be back to normal now, which is amazing! But I'm gonna keep booting in safe mode until you give me the all-clear.
 
So as requested, here's the log:
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-08-2013
Ran by SYSTEM at 2013-08-26 16:00:11 Run:1
Running from J:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
LastRegBack: 2013-08-25 05:27
*****************
 
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
 
==== End of Fixlog ====
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Yes, run ComboFix......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.