Welcome to WindowsInstructed Forums

Welcome to the WindowsInstructed Forums

Sign-up for an account today to receive free malware removal help. Personal Windows help and much more. Or continue as a guest and ask any question you would like to ask us! Please do remember that being a member you get advantages like notifications of replies and faster replies from most members. Also members don't see ads ;) 

We hope to help you with your issues.

The WindowsInstructed Forums Staff

Kris

Forum Administrator
  • Content count

    2,244
  • Joined

  • Last visited

7 Followers

About Kris

  • Rank
    Site Admin

Profile Information

  • Gender Not Telling

Recent Profile Visitors

2,699 profile views
  1. Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [6450920 2016-09-15] (Box, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.) HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [852720 2016-09-23] (McAfee, Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.) HKLM-x32\...\Run: [ConnectionManager] => C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [164656 2014-08-11] (Sage) HKLM-x32\...\Run: [JFaxMailNTHelper] => C:\Windows\JFaxMailNTHelper.exe [45056 1999-03-05] () HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-16] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [doubleTwist] => C:\Program Files (x86)\doubleTwist\doubleTwist.Light.exe HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-03-31] (Oracle Corporation) Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2013-04-21] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SlingplayerForWebShortcut.lnk [2016-07-24] ShortcutTarget: SlingplayerForWebShortcut.lnk -> C:\Program Files (x86)\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe (Sling Media Inc.) C:\Program Files\McAfee.com C:\Program Files\Common Files\McAfee C:\Program Files\McAfee Security Scan C:\Windows\system32\mfevtps.exe S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-01] (McAfee, Inc.) S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.) S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.) S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-08-04] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 mfeaack01; \Device\mfeaack01.sys [X] S2 McAfee SiteAdvisor Service; C:\Program Files\McAfee Security Scan\SiteAdvisor\McSACore.exe [155368 2015-08-04] (McAfee, Inc.) S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.) S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [329480 2016-12-14] (McAfee, Inc.) S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.) S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.) S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.) C:\ProgramData\McAfee Security Scan C:\Windows\Tasks\Adobe Flash Player Updater.job C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-01-02 17:20 - 2013-01-02 17:20 - 0726016 _____ (Igor Pavlov) C:\Users\Roger\AppData\Local\Temp\7z.dll 2013-01-02 17:20 - 2013-01-02 17:20 - 0150016 _____ (Igor Pavlov) C:\Users\Roger\AppData\Local\Temp\7z.exe 2013-03-17 15:15 - 2013-03-17 15:16 - 35447368 _____ () C:\Users\Roger\AppData\Local\Temp\8673.exe 2015-04-05 13:23 - 2015-04-05 13:23 - 0663448 _____ (Ask Partner Network) C:\Users\Roger\AppData\Local\Temp\APNSetup.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BingSvc.exe 2012-03-13 05:47 - 2012-03-13 05:47 - 35084352 ____R (Research In Motion Ltd. ) C:\Users\Roger\AppData\Local\Temp\BlackBerryDeviceManager.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BSvcProcessor.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BSvcUpdater.exe 2015-07-01 19:10 - 2015-07-01 19:11 - 8104768 _____ () C:\Users\Roger\AppData\Local\Temp\converter.exe 2015-11-16 10:53 - 2015-11-16 10:57 - 2612880 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\DefaultPack.EXE 2013-01-02 17:20 - 2013-01-02 17:20 - 0023477 _____ () C:\Users\Roger\AppData\Local\Temp\dtkill.exe 2013-01-02 17:20 - 2013-01-02 17:20 - 0006656 _____ (doubleTwist Corperation) C:\Users\Roger\AppData\Local\Temp\Executor.exe 2014-08-29 09:10 - 2014-08-29 09:21 - 118744568 _____ () C:\Users\Roger\AppData\Local\Temp\HPInstaller.exe 2014-12-14 15:38 - 2014-12-14 15:38 - 0000000 _____ () C:\Users\Roger\AppData\Local\Temp\hukc9z10.dll 2014-01-19 14:45 - 2014-01-19 14:45 - 1070088 _____ (Solid State Networks) C:\Users\Roger\AppData\Local\Temp\install_flashplayer12x32axau_gtbd_chrd_dn_aaa_aih.exe 2013-02-15 21:00 - 2013-02-15 21:00 - 0897448 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe 2013-10-08 10:27 - 2013-10-08 10:27 - 0915368 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe 2013-12-19 09:06 - 2013-12-19 09:06 - 0921512 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe 2014-07-02 08:08 - 2014-07-02 08:08 - 0921512 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe 2015-10-24 19:24 - 2015-10-24 19:24 - 0585824 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u65-windows-au.exe 2016-02-06 08:14 - 2016-02-06 08:14 - 0736352 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u73-windows-au.exe 2016-04-22 05:58 - 2016-04-22 05:58 - 0739904 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u91-windows-au.exe 2013-02-16 12:38 - 2013-02-16 12:37 - 0558680 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\OfficeSetup.exe 2013-04-23 14:15 - 2013-04-23 14:15 - 4995416 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\vcredist_x86-2010.exe 2013-01-02 17:20 - 2013-01-02 17:20 - 6560088 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\vcredist_x86-2012.exe 2013-02-15 14:36 - 2013-02-15 14:36 - 0444056 _____ () C:\Users\Roger\AppData\Local\Temp\wajam_install.exe 2015-10-25 06:23 - 2015-10-25 06:23 - 0833864 _____ (Yahoo! Inc.) C:\Users\Roger\AppData\Local\Temp\ytb.exe NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system On Vista or Windows 7: Now please enter System Recovery Options. On Windows XP: Now please boot into the PE (Preinstallation Environment) disk. Run FRST/FRST64 and press the Fix button just once and wait. The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.
  2. Quick Diag Fix. First please create a restore point! Right click in Quick Diag Run as Admin. Copy the content of the code box below to your clipboard. Click on the S within the User Interface of the program. Then click on Script. Allow completion. Post the log created in your next reply. Key:: [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] [HKLM\Software\WOW6432Node\Google] File:: C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿerStore C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿ8 C:\WINDOWS\System32\gatherNetworkInfo.vbs C:\Users\John\AppData\Local\Tempzxpsign585867b071174feb C:\Users\John\AppData\Local\Tempzxpsignd49902c792104523 C:\Users\John\AppData\Roaming\Wise Uninstaller C:\WINDOWS\Tasks\Adobe Flash Player Updater.job C:\WINDOWS\Tasks\EPSON WF-3640 Series Invitation {FAEDF3DB-11CF-420C-8314-1B3775AEC002}.job C:\WINDOWS\Tasks\EPSON WF-3640 Series Update {FAEDF3DB-11CF-420C-8314-1B3775AEC002}.job C:\WINDOWS\System32\Tasks\2BrightSparks C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater C:\Users\John\Documents\Freemake C:\Program Files\UVK - Ultra Virus Killer CMD:: sc delete DiagTrack sc config DeviceAssociationService start= disabled sc config diagnosticshub.standardcollector.service start= disabled sc config DoSvc start= disabled sc config HomeGroupListener start= disabled sc config HomeGroupProvider start= disabled sc config icssvc start= disabled sc config lfsvc start= disabled sc config MapsBroker start= disabled sc config MpsSvc start= disabled sc config PcaSvc start= disabled sc config TabletInputService start= disabled sc config wcncsvc start= disabled sc config WMPNetworkSvc start= disabled sc config XblAuthManager start= disabled sc config XblGameSave start= disabled sc config XboxNetApiSvc start= disabled SetACL -silent -ot "reg" -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet" -actn setowner -ownr "n:Administrators" SetACL -silent -ot "reg" -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet" -actn ace -ace "n:Administrators;p:full" REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 >nul REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet" /f /v "SubmitSamplesConsent" /t REG_DWORD /d 0 >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\AppID\SmartScreenSpecific" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Application Experience\ProgramDataUpdater" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Application Experience\StartupAppTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\ApplicationData\CleanupTemporaryState" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\ApplicationData\DsSvcCleanup" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Autochk\Proxy" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\CloudExperienceHost\CreateObjectTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\DiskCleanup\SilentCleanup" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\DUSM\dusmtask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Feedback\Siuf\DmClient" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\FileHistory\File History (maintenance mode)" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\LanguageComponentsInstaller\Installation" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\License Manager\TempSignedLicenseExchange" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Location\Notifications" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Location\WindowsActionDialog" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Management\Provisioning\Logon" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Maps\MapsToastTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Maps\MapsUpdateTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\NetTrace\GatherNetworkInfo" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\NlaSvc\WiFiTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\PI\Secure-Boot-Update" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\PI\Sqm-Tasks" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Ras\MobilityManager" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\RetailDemo\CleanupOfflineContent" >nul ADS:: C:\ProgramData\Temp Clean:: yes
  3. Not seeing any real malware, lets take a deeper look to be sure. Quick Diag Scan. Download Quick Diag to your desktop. Disable your Antivirus/Antispyware prior to scanning. Right Click Run as Administrator. Select the Extended Scan. Post the log that is generated in your next post.
  4. 9-Lab Scan. Download 9-Lab Removal Tool. CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows. Install the program onto your computer, then right click the icon run as administrator. Update the program and then run a full scan! Make sure the program updates, might be better to install it update reboot and check for updates again. You need to make sure the database updates!!! Upon Scan Completion Click on Show Results. Then Click On Clean Then Click on Save Log. Save it to your desktop, copy and paste the contents of the log here in your next reply.
  5. Alright, I'd like you to run a check disk from the recovery console command prompt. run the following.. chkdsk /f /r After the checkdisk completes then see if you can boot into normal mode. If not then try a startup repair from the recovery console. If you are unable to boot after this, then please post a new FRST log. I will then write you a script to see if we can get this machine booting again.
  6. Are you able to boot into normal mode now?
  7. Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt LastRegBack: 2017-01-12 22:31 NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system On Vista or Windows 7: Now please enter System Recovery Options. On Windows XP: Now please boot into the PE (Preinstallation Environment) disk. Run FRST/FRST64 and press the Fix button just once and wait. The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.
  8. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017 Ran by SYSTEM on MININT-VQOFO8I (22-01-2017 16:06:53) Running from L:\ Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-08] (Realtek Semiconductor) HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [6450920 2016-09-15] (Box, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.) HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [852720 2016-09-23] (McAfee, Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.) HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] () HKLM-x32\...\Run: [ConnectionManager] => C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [164656 2014-08-11] (Sage) HKLM-x32\...\Run: [JFaxMailNTHelper] => C:\Windows\JFaxMailNTHelper.exe [45056 1999-03-05] () HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-16] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1934744 2015-01-30] (APN) HKLM-x32\...\Run: [doubleTwist] => C:\Program Files (x86)\doubleTwist\doubleTwist.Light.exe HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-03-31] (Oracle Corporation) HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2016-10-11] (Microsoft Corporation) Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2013-04-21] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SlingplayerForWebShortcut.lnk [2016-07-24] ShortcutTarget: SlingplayerForWebShortcut.lnk -> C:\Program Files (x86)\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe (Sling Media Inc.) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-30] (APN LLC.) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [37264 2016-07-29] (Box, Inc.) S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3040496 2016-10-04] (Microsoft Corporation) S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-03-03] (WildTangent) S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company) S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-08-04] (McAfee, Inc.) S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.) S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.469\McCHSvc.exe [329480 2016-12-02] (McAfee, Inc.) S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.) S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.) S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.) S3 Sage 50 Transaction Manager 2015 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2015 - CDN\Sage_SA.TransactionManager.exe [36144 2014-08-11] (Sage) S2 Simply Accounting Database Connection Manager; C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe [24880 2014-08-11] (Sage) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [167936 2008-06-26] () ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-01] (McAfee, Inc.) S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.) S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.) S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-08-04] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 mfeaack01; \Device\mfeaack01.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-22 16:06 - 2017-01-22 16:06 - 00000000 ____D C:\FRST 2017-01-20 13:56 - 2017-01-20 13:56 - 00578862 _____ C:\Users\Roger\Documents\GST form.pdf 2017-01-20 13:56 - 2017-01-20 13:56 - 00006954 _____ C:\Users\Roger\Documents\Request for a Business Number.pdf 2017-01-18 21:03 - 2017-01-18 21:03 - 00126417 _____ C:\Users\Roger\Desktop\Roxie Jan Visa.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-22 16:03 - 2012-11-07 17:30 - 00000000 ____D C:\Windows\System32\Macromed 2017-01-22 16:03 - 2012-11-01 18:53 - 00000000 ____D C:\users\Roger 2017-01-22 16:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2017-01-22 16:02 - 2015-11-19 08:36 - 00000000 ____D C:\Program Files\McAfee Security Scan 2017-01-22 16:02 - 2015-04-05 13:25 - 00000000 ____D C:\ProgramData\AskPartnerNetwork 2017-01-22 16:02 - 2015-04-05 13:25 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork 2017-01-22 16:02 - 2012-12-04 15:17 - 00000000 ____D C:\Users\Roger\AppData\Local\Simply 2017-01-22 16:02 - 2012-11-07 17:30 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2017-01-22 16:02 - 2012-11-01 19:07 - 00000000 ____D C:\ProgramData\clear.fi 2017-01-22 16:02 - 2012-11-01 18:53 - 00000000 ____D C:\Users\Roger\AppData\Local\PowerCinema 2017-01-22 16:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf 2017-01-22 16:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat 2017-01-22 16:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2017-01-22 16:00 - 2011-08-02 22:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-22 15:55 - 2013-02-16 12:38 - 00000000 ____D C:\Program Files\Microsoft Office 15 2017-01-21 10:02 - 2013-10-03 14:45 - 00000000 ____D C:\L&DCABLE 2017-01-20 13:59 - 2015-07-01 19:14 - 00000000 ____D C:\Users\Roger\AppData\Local\CutePDF Writer 2017-01-20 13:56 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2017-01-13 06:32 - 2013-01-17 15:36 - 00000000 ____D C:\Users\Roger\AppData\Local\Deployment 2017-01-10 06:13 - 2016-06-16 06:30 - 00013519 _____ C:\Users\Roger\Desktop\Splash Park.xlsx 2016-12-23 03:22 - 2013-02-16 12:44 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft Some files in TEMP: ==================== 2013-01-02 17:20 - 2013-01-02 17:20 - 0726016 _____ (Igor Pavlov) C:\Users\Roger\AppData\Local\Temp\7z.dll 2013-01-02 17:20 - 2013-01-02 17:20 - 0150016 _____ (Igor Pavlov) C:\Users\Roger\AppData\Local\Temp\7z.exe 2013-03-17 15:15 - 2013-03-17 15:16 - 35447368 _____ () C:\Users\Roger\AppData\Local\Temp\8673.exe 2015-04-05 13:23 - 2015-04-05 13:23 - 0663448 _____ (Ask Partner Network) C:\Users\Roger\AppData\Local\Temp\APNSetup.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BingSvc.exe 2012-03-13 05:47 - 2012-03-13 05:47 - 35084352 ____R (Research In Motion Ltd. ) C:\Users\Roger\AppData\Local\Temp\BlackBerryDeviceManager.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BSvcProcessor.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BSvcUpdater.exe 2015-07-01 19:10 - 2015-07-01 19:11 - 8104768 _____ () C:\Users\Roger\AppData\Local\Temp\converter.exe 2015-11-16 10:53 - 2015-11-16 10:57 - 2612880 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\DefaultPack.EXE 2013-01-02 17:20 - 2013-01-02 17:20 - 0023477 _____ () C:\Users\Roger\AppData\Local\Temp\dtkill.exe 2013-01-02 17:20 - 2013-01-02 17:20 - 0006656 _____ (doubleTwist Corperation) C:\Users\Roger\AppData\Local\Temp\Executor.exe 2014-08-29 09:10 - 2014-08-29 09:21 - 118744568 _____ () C:\Users\Roger\AppData\Local\Temp\HPInstaller.exe 2014-12-14 15:38 - 2014-12-14 15:38 - 0000000 _____ () C:\Users\Roger\AppData\Local\Temp\hukc9z10.dll 2014-01-19 14:45 - 2014-01-19 14:45 - 1070088 _____ (Solid State Networks) C:\Users\Roger\AppData\Local\Temp\install_flashplayer12x32axau_gtbd_chrd_dn_aaa_aih.exe 2013-02-15 21:00 - 2013-02-15 21:00 - 0897448 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe 2013-10-08 10:27 - 2013-10-08 10:27 - 0915368 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe 2013-12-19 09:06 - 2013-12-19 09:06 - 0921512 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe 2014-07-02 08:08 - 2014-07-02 08:08 - 0921512 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe 2015-10-24 19:24 - 2015-10-24 19:24 - 0585824 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u65-windows-au.exe 2016-02-06 08:14 - 2016-02-06 08:14 - 0736352 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u73-windows-au.exe 2016-04-22 05:58 - 2016-04-22 05:58 - 0739904 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u91-windows-au.exe 2013-02-16 12:38 - 2013-02-16 12:37 - 0558680 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\OfficeSetup.exe 2013-04-23 14:15 - 2013-04-23 14:15 - 4995416 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\vcredist_x86-2010.exe 2013-01-02 17:20 - 2013-01-02 17:20 - 6560088 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\vcredist_x86-2012.exe 2013-02-15 14:36 - 2013-02-15 14:36 - 0444056 _____ () C:\Users\Roger\AppData\Local\Temp\wajam_install.exe 2015-10-25 06:23 - 2015-10-25 06:23 - 0833864 _____ (Yahoo! Inc.) C:\Users\Roger\AppData\Local\Temp\ytb.exe ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2016-10-13 06:35] - [2016-08-29 07:04] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA C:\Windows\SysWOW64\explorer.exe [2016-10-13 06:35] - [2016-08-29 06:55] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2016-12-13 13:45] - [2016-11-10 08:32] - 1009152 ____A (Microsoft Corporation) 34BA256FBF83457F9D5E51A56DB54542 C:\Windows\SysWOW64\User32.dll [2016-12-13 13:45] - [2016-11-10 08:19] - 0833024 ____A (Microsoft Corporation) 3CB074875AC88A7C1010A2A7F9881A8C C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= Restore point date: 2016-12-29 22:00 Restore point date: 2017-01-05 22:00 Restore point date: 2017-01-11 01:00 Restore point date: 2017-01-18 22:00 Restore point date: 2017-01-21 09:47 ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 7892.94 MB Available physical RAM: 6942.49 MB Total Virtual: 7891.14 MB Available Virtual: 6928.98 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:1382.17 GB) (Free:1181.84 GB) NTFS Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:4.3 GB) NTFS Drive l: (KINGSTON) (Removable) (Total:3.65 GB) (Free:3.22 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: C3548EA8) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=1382.2 GB) - (Type=07 NTFS) ======================================================== Disk: 6 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=3.7 GB) - (Type=0C) LastRegBack: 2017-01-12 22:31 ==================== End of FRST.txt ============================
  9. You need to download it to a Disk.
  10. Run chkdsk /f /r from recovery console.
  11. Run chkdsk /f /r from recovery console.
  12. Run chkdsk /f /r from recovery console.
  13. Mr

    Sorry for the delay, you still having issues? Step 1: Speccy Scan. Please go here and download Speccy. Install and run the program. Upon Completion: Hit File Publish Snap Shot A link will appear, post that link. Step 2: MiniToolBox Scan Please download MINITOOLBOX and run it. Checkmark following boxes: Flush DNS Reset FF proxy Settings Reset Ie Proxy Settings Report IE Proxy Settings Report FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size List Devices (problems only) Click Go post the result.
  14. Sweet, glad you got it fixed and that you came back and told me.

WindowsInstructed Forums

Welcome on the WindowsInstructed Forums. If you have any Windows question or Malware related question then this is the place to be. All your connections are securely encrypted with our server so your privacy is protected as well!