Windows 7 start-up White Screen in regular & safe mode

Christina123 · September 17, 2013

Help I have downloaded and run the frst64 frin farbar. Here is the log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03

Ran by SYSTEM on MININT-J271J01 on 17-09-2013 09:19:28

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet002

ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)

HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-05-22] ()

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [344872 2010-03-09] (Alps Electric Co., Ltd.)

HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)

HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2007-07-18] ()

HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM-x32\...\Run: [backupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-08] (NewTech Infosystems, Inc.)

HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-24] (Symantec Corporation)

HKLM-x32\...\Run: [suiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-24] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-24] (Egis Technology Inc.)

HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)

HKLM-x32\...\Run: [WordQ carat flag] - C:\Program Files (x86)\WordQ2\WordQcrs.exe [24576 2010-04-28] ()

HKLM-x32\...\Run: [updateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)

HKLM-x32\...\Run: [updateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)

HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)

HKLM-x32\...\Run: [updatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [uCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)

HKLM-x32\...\Run: [LGODDFU] - C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-26] (Bitleader)

HKLM-x32\...\Run: [updatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-09-29] (CyberLink Corp.)

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [887976 2011-08-23] (Ask)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)

HKU\Default\...\RunOnce: [scrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] ()

HKU\Default User\...\RunOnce: [scrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] ()

HKU\Tyler\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-14] (Google Inc.)

HKU\Tyler\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)

HKU\Tyler\...\Run: [Google Update] - [x]

HKU\Tyler\...\Run: [6FUbxx4jxy.exe] - C:\Users\Tyler\AppData\Local\rxgY3TaPS\6FUbxx4jxy.exe [125952 2013-09-16] ()

HKU\Tyler\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION

HKU\Tyler\...\Command Processor: "C:\Users\Tyler\AppData\Local\rxgY3TaPS\6FUbxx4jxy.exe" <===== ATTENTION!

==================== Services (Whitelisted) =================

S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)

S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [271760 2009-04-15] ()

==================== Drivers (Whitelisted) ====================

S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [29184 2012-03-01] (http://libusb-win32.sourceforge.net)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)

S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74240 2011-02-16] (Research In Motion Limited)

S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-17 09:19 - 2013-09-17 09:19 - 00000000 ____D C:\FRST

2013-09-16 08:54 - 2013-09-16 21:15 - 00000000 ____D C:\Users\Tyler\AppData\Local\rxgY3TaPS

2013-08-26 13:42 - 2013-08-26 13:42 - 00027156 _____ C:\Users\Tyler\Downloads\receipt20130826174158476.htm

==================== One Month Modified Files and Folders =======

2013-09-17 09:19 - 2013-09-17 09:19 - 00000000 ____D C:\FRST

2013-09-17 07:18 - 2010-08-30 01:30 - 00000000 __SHD C:\Recovery

2013-09-17 03:40 - 2013-07-23 17:49 - 00000435 _____ C:\Windows\System32\Drivers\etc\hosts.ics

2013-09-17 03:39 - 2010-09-02 06:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-17 03:39 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-09-17 03:39 - 2009-07-13 20:51 - 00085089 _____ C:\Windows\setupact.log

2013-09-17 03:12 - 2010-05-22 21:01 - 01430414 _____ C:\Windows\WindowsUpdate.log

2013-09-17 03:11 - 2009-07-13 20:45 - 00017600 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-17 03:11 - 2009-07-13 20:45 - 00017600 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-17 03:04 - 2010-09-02 06:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-17 01:12 - 2012-10-19 17:29 - 00000000 ____D C:\Windows\System32\Macromed

2013-09-17 01:12 - 2010-08-30 01:31 - 00000000 ____D C:\users\Tyler

2013-09-17 01:12 - 2010-04-14 22:55 - 00000000 ____D C:\Program Files\Windows Journal

2013-09-17 01:12 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages

2013-09-17 01:12 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-09-17 01:12 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2013-09-17 01:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-09-17 01:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-09-17 01:11 - 2010-10-14 13:44 - 00000000 ____D C:\ProgramData\Norton

2013-09-17 01:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2013-09-17 01:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat

2013-09-17 01:11 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-09-16 21:15 - 2013-09-16 08:54 - 00000000 ____D C:\Users\Tyler\AppData\Local\rxgY3TaPS

2013-09-16 08:21 - 2012-10-19 17:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-09-16 07:32 - 2010-10-14 13:44 - 00000402 ____H C:\Windows\Tasks\Norton Security Scan for Tyler.job

2013-09-15 10:30 - 2010-09-02 06:33 - 00000000 ____D C:\Users\Tyler\Tracing

2013-09-13 15:21 - 2012-10-19 17:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-09-13 15:21 - 2012-10-19 17:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-13 15:21 - 2012-10-19 17:29 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-09-06 02:07 - 2010-10-15 06:23 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\Skype

2013-09-02 16:52 - 2012-11-21 16:21 - 00000000 ____D C:\Program Files (x86)\WildTangent Games

2013-09-02 16:51 - 2012-11-21 16:22 - 00002626 ____N C:\Users\Public\Desktop\WildTangent Games App - acer.lnk

2013-09-02 16:51 - 2010-08-30 01:57 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\WildTangent

2013-09-02 16:51 - 2010-04-14 22:49 - 00000000 ____D C:\ProgramData\WildTangent

2013-08-26 13:42 - 2013-08-26 13:42 - 00027156 _____ C:\Users\Tyler\Downloads\receipt20130826174158476.htm

2013-08-19 13:22 - 2010-09-15 05:03 - 00000344 _____ C:\Windows\lgfwup.ini

2013-08-19 13:22 - 2010-09-15 05:03 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate

2013-08-18 06:06 - 2009-07-13 21:13 - 00726316 _____ C:\Windows\System32\PerfStringBackup.INI

Files to move or delete:

====================

C:\Users\Tyler\AppData\Local\rxgY3TaPS\6FUbxx4jxy.exe

ZeroAccess:

C:\Users\Tyler\AppData\Local\Google\Desktop\Install

Some content of TEMP:

====================

C:\Users\Tyler\AppData\Local\Temp\InstallFlashPlayer.exe

C:\Users\Tyler\AppData\Local\Temp\msimg32.dll

C:\Users\Tyler\AppData\Local\Temp\yhhjyasqsgdqqnyaivo.dll

C:\Users\Tyler\AppData\Local\Temp\yhhjyasqsgdqqnyaivo.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

5

Restore point made on: 2013-08-29 14:28:35

Restore point made on: 2013-09-02 07:40:31

Restore point made on: 2013-09-06 07:41:15

Restore point made on: 2013-09-12 03:55:17

Restore point made on: 2013-09-16 08:57:48

==================== Memory info ===========================

Percentage of memory in use: 19%

Total physical RAM: 3765.86 MB

Available physical RAM: 3041.6 MB

Total Pagefile: 3764.01 MB

Available Pagefile: 3028.35 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:285.3 GB) (Free:191.05 GB) NTFS

Drive e: (PQSERVICE) (Fixed) (Total:12.7 GB) (Free:1.57 GB) NTFS

Drive g: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 17FF17FE)

Partition 1: (Not Active) - (Size=13 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=2 GB) - (Type=06)

LastRegBack: 2013-09-10 20:49

==================== End Of Log ============================

kevinf80 · September 17, 2013

Checking log, back shortly

kevinf80 · September 17, 2013

Save the attached file fixlist.txt to your USB stick (g:\) same place as FRST.

Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot to normal windows and continue:

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

Download Malwarebytes from one of the following links and save it to your desktop.:

http://www.malwarebytes.org/mbam.php

]

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let me see those logs, also give an update on current issues/concerns...

Kevin

fixlist.txt

Christina123 · September 18, 2013

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013 03

Ran by SYSTEM at 2013-09-18 00:02:55 Run:1

Running from G:\

Boot Mode: Recovery

==============================================

Content of fixlist:

*****************

Start

HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [887976 2011-08-23] (Ask)

HKU\Tyler\...\Run: [6FUbxx4jxy.exe] - C:\Users\Tyler\AppData\Local\rxgY3TaPS\6FUbxx4jxy.exe [125952 2013-09-16] ()

HKU\Tyler\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION

HKU\Tyler\...\Command Processor: "C:\Users\Tyler\AppData\Local\rxgY3TaPS\6FUbxx4jxy.exe" <===== ATTENTION!

C:\Users\Tyler\AppData\Local\rxgY3TaPS\6FUbxx4jxy.exe

C:\Users\Tyler\AppData\Local\Google\Desktop\Install

C:\Users\Tyler\AppData\Local\rxgY3TaPS

C:\Users\Tyler\AppData\Local\Temp\InstallFlashPlayer.exe

C:\Users\Tyler\AppData\Local\Temp\msimg32.dll

C:\Users\Tyler\AppData\Local\Temp\yhhjyasqsgdqqnyaivo.dll

C:\Users\Tyler\AppData\Local\Temp\yhhjyasqsgdqqnyaivo.exe

End

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value deleted successfully.

HKU\Tyler\Software\Microsoft\Windows\CurrentVersion\Run\\6FUbxx4jxy.exe => Value deleted successfully.

HKU\Tyler\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

HKU\Tyler\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.

C:\Users\Tyler\AppData\Local\rxgY3TaPS\6FUbxx4jxy.exe => Moved successfully.

C:\Users\Tyler\AppData\Local\Google\Desktop\Install => Moved successfully.

C:\Users\Tyler\AppData\Local\rxgY3TaPS => Moved successfully.

C:\Users\Tyler\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.

C:\Users\Tyler\AppData\Local\Temp\msimg32.dll => Moved successfully.

C:\Users\Tyler\AppData\Local\Temp\yhhjyasqsgdqqnyaivo.dll => Moved successfully.

C:\Users\Tyler\AppData\Local\Temp\yhhjyasqsgdqqnyaivo.exe => Moved successfully.

==== End of Fixlog ====

Christina123 · September 18, 2013

thanks on desktop running scan. Sorry for the delay I work afternoons.

Christina123 · September 18, 2013

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.09.18.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Tyler :: TYLER-PC [administrator]

Protection: Enabled

18/09/2013 12:19:29 AM

mbam-log-2013-09-18 (00-19-29).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 201797

Time elapsed: 13 minute(s), 14 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

kevinf80 · September 18, 2013

OK continue:

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next,

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scan from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

When the scan is complete

If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

If threats were found

click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

close program

copy and paste the report here

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me see those logs...

Kevin

Christina123 · September 20, 2013

sorry after mal ware thought I was done now back to square 1 here is my file

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03

Ran by SYSTEM on MININT-HLDRP0N on 20-09-2013 00:00:31