Welcome to WindowsInstructed Forums

Welcome to the WindowsInstructed Forums

Sign-up for an account today to receive free malware removal help. Personal Windows help and much more. Or continue as a guest and ask any question you would like to ask us! Please do remember that being a member you get advantages like notifications of replies and faster replies from most members. Also members don't see ads ;) 

We hope to help you with your issues.

The WindowsInstructed Forums Staff

Kris

Forum Administrator
  • Content count

    2,244
  • Joined

  • Last visited

Everything posted by Kris

  1. Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [6450920 2016-09-15] (Box, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.) HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [852720 2016-09-23] (McAfee, Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.) HKLM-x32\...\Run: [ConnectionManager] => C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [164656 2014-08-11] (Sage) HKLM-x32\...\Run: [JFaxMailNTHelper] => C:\Windows\JFaxMailNTHelper.exe [45056 1999-03-05] () HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-16] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [doubleTwist] => C:\Program Files (x86)\doubleTwist\doubleTwist.Light.exe HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-03-31] (Oracle Corporation) Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2013-04-21] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SlingplayerForWebShortcut.lnk [2016-07-24] ShortcutTarget: SlingplayerForWebShortcut.lnk -> C:\Program Files (x86)\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe (Sling Media Inc.) C:\Program Files\McAfee.com C:\Program Files\Common Files\McAfee C:\Program Files\McAfee Security Scan C:\Windows\system32\mfevtps.exe S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-01] (McAfee, Inc.) S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.) S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.) S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-08-04] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 mfeaack01; \Device\mfeaack01.sys [X] S2 McAfee SiteAdvisor Service; C:\Program Files\McAfee Security Scan\SiteAdvisor\McSACore.exe [155368 2015-08-04] (McAfee, Inc.) S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.) S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [329480 2016-12-14] (McAfee, Inc.) S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.) S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.) S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.) C:\ProgramData\McAfee Security Scan C:\Windows\Tasks\Adobe Flash Player Updater.job C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-01-02 17:20 - 2013-01-02 17:20 - 0726016 _____ (Igor Pavlov) C:\Users\Roger\AppData\Local\Temp\7z.dll 2013-01-02 17:20 - 2013-01-02 17:20 - 0150016 _____ (Igor Pavlov) C:\Users\Roger\AppData\Local\Temp\7z.exe 2013-03-17 15:15 - 2013-03-17 15:16 - 35447368 _____ () C:\Users\Roger\AppData\Local\Temp\8673.exe 2015-04-05 13:23 - 2015-04-05 13:23 - 0663448 _____ (Ask Partner Network) C:\Users\Roger\AppData\Local\Temp\APNSetup.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BingSvc.exe 2012-03-13 05:47 - 2012-03-13 05:47 - 35084352 ____R (Research In Motion Ltd. ) C:\Users\Roger\AppData\Local\Temp\BlackBerryDeviceManager.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BSvcProcessor.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BSvcUpdater.exe 2015-07-01 19:10 - 2015-07-01 19:11 - 8104768 _____ () C:\Users\Roger\AppData\Local\Temp\converter.exe 2015-11-16 10:53 - 2015-11-16 10:57 - 2612880 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\DefaultPack.EXE 2013-01-02 17:20 - 2013-01-02 17:20 - 0023477 _____ () C:\Users\Roger\AppData\Local\Temp\dtkill.exe 2013-01-02 17:20 - 2013-01-02 17:20 - 0006656 _____ (doubleTwist Corperation) C:\Users\Roger\AppData\Local\Temp\Executor.exe 2014-08-29 09:10 - 2014-08-29 09:21 - 118744568 _____ () C:\Users\Roger\AppData\Local\Temp\HPInstaller.exe 2014-12-14 15:38 - 2014-12-14 15:38 - 0000000 _____ () C:\Users\Roger\AppData\Local\Temp\hukc9z10.dll 2014-01-19 14:45 - 2014-01-19 14:45 - 1070088 _____ (Solid State Networks) C:\Users\Roger\AppData\Local\Temp\install_flashplayer12x32axau_gtbd_chrd_dn_aaa_aih.exe 2013-02-15 21:00 - 2013-02-15 21:00 - 0897448 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe 2013-10-08 10:27 - 2013-10-08 10:27 - 0915368 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe 2013-12-19 09:06 - 2013-12-19 09:06 - 0921512 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe 2014-07-02 08:08 - 2014-07-02 08:08 - 0921512 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe 2015-10-24 19:24 - 2015-10-24 19:24 - 0585824 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u65-windows-au.exe 2016-02-06 08:14 - 2016-02-06 08:14 - 0736352 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u73-windows-au.exe 2016-04-22 05:58 - 2016-04-22 05:58 - 0739904 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u91-windows-au.exe 2013-02-16 12:38 - 2013-02-16 12:37 - 0558680 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\OfficeSetup.exe 2013-04-23 14:15 - 2013-04-23 14:15 - 4995416 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\vcredist_x86-2010.exe 2013-01-02 17:20 - 2013-01-02 17:20 - 6560088 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\vcredist_x86-2012.exe 2013-02-15 14:36 - 2013-02-15 14:36 - 0444056 _____ () C:\Users\Roger\AppData\Local\Temp\wajam_install.exe 2015-10-25 06:23 - 2015-10-25 06:23 - 0833864 _____ (Yahoo! Inc.) C:\Users\Roger\AppData\Local\Temp\ytb.exe NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system On Vista or Windows 7: Now please enter System Recovery Options. On Windows XP: Now please boot into the PE (Preinstallation Environment) disk. Run FRST/FRST64 and press the Fix button just once and wait. The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.
  2. Quick Diag Fix. First please create a restore point! Right click in Quick Diag Run as Admin. Copy the content of the code box below to your clipboard. Click on the S within the User Interface of the program. Then click on Script. Allow completion. Post the log created in your next reply. Key:: [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] [HKLM\Software\WOW6432Node\Google] File:: C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿerStore C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿ8 C:\WINDOWS\System32\gatherNetworkInfo.vbs C:\Users\John\AppData\Local\Tempzxpsign585867b071174feb C:\Users\John\AppData\Local\Tempzxpsignd49902c792104523 C:\Users\John\AppData\Roaming\Wise Uninstaller C:\WINDOWS\Tasks\Adobe Flash Player Updater.job C:\WINDOWS\Tasks\EPSON WF-3640 Series Invitation {FAEDF3DB-11CF-420C-8314-1B3775AEC002}.job C:\WINDOWS\Tasks\EPSON WF-3640 Series Update {FAEDF3DB-11CF-420C-8314-1B3775AEC002}.job C:\WINDOWS\System32\Tasks\2BrightSparks C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater C:\Users\John\Documents\Freemake C:\Program Files\UVK - Ultra Virus Killer CMD:: sc delete DiagTrack sc config DeviceAssociationService start= disabled sc config diagnosticshub.standardcollector.service start= disabled sc config DoSvc start= disabled sc config HomeGroupListener start= disabled sc config HomeGroupProvider start= disabled sc config icssvc start= disabled sc config lfsvc start= disabled sc config MapsBroker start= disabled sc config MpsSvc start= disabled sc config PcaSvc start= disabled sc config TabletInputService start= disabled sc config wcncsvc start= disabled sc config WMPNetworkSvc start= disabled sc config XblAuthManager start= disabled sc config XblGameSave start= disabled sc config XboxNetApiSvc start= disabled SetACL -silent -ot "reg" -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet" -actn setowner -ownr "n:Administrators" SetACL -silent -ot "reg" -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet" -actn ace -ace "n:Administrators;p:full" REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 >nul REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet" /f /v "SubmitSamplesConsent" /t REG_DWORD /d 0 >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\AppID\SmartScreenSpecific" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Application Experience\ProgramDataUpdater" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Application Experience\StartupAppTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\ApplicationData\CleanupTemporaryState" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\ApplicationData\DsSvcCleanup" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Autochk\Proxy" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\CloudExperienceHost\CreateObjectTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\DiskCleanup\SilentCleanup" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\DUSM\dusmtask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Feedback\Siuf\DmClient" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\FileHistory\File History (maintenance mode)" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\LanguageComponentsInstaller\Installation" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\License Manager\TempSignedLicenseExchange" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Location\Notifications" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Location\WindowsActionDialog" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Management\Provisioning\Logon" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Maps\MapsToastTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Maps\MapsUpdateTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\NetTrace\GatherNetworkInfo" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\NlaSvc\WiFiTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\PI\Secure-Boot-Update" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\PI\Sqm-Tasks" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Ras\MobilityManager" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\RetailDemo\CleanupOfflineContent" >nul ADS:: C:\ProgramData\Temp Clean:: yes
  3. Not seeing any real malware, lets take a deeper look to be sure. Quick Diag Scan. Download Quick Diag to your desktop. Disable your Antivirus/Antispyware prior to scanning. Right Click Run as Administrator. Select the Extended Scan. Post the log that is generated in your next post.
  4. 9-Lab Scan. Download 9-Lab Removal Tool. CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows. Install the program onto your computer, then right click the icon run as administrator. Update the program and then run a full scan! Make sure the program updates, might be better to install it update reboot and check for updates again. You need to make sure the database updates!!! Upon Scan Completion Click on Show Results. Then Click On Clean Then Click on Save Log. Save it to your desktop, copy and paste the contents of the log here in your next reply.
  5. Alright, I'd like you to run a check disk from the recovery console command prompt. run the following.. chkdsk /f /r After the checkdisk completes then see if you can boot into normal mode. If not then try a startup repair from the recovery console. If you are unable to boot after this, then please post a new FRST log. I will then write you a script to see if we can get this machine booting again.
  6. Are you able to boot into normal mode now?
  7. Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt LastRegBack: 2017-01-12 22:31 NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system On Vista or Windows 7: Now please enter System Recovery Options. On Windows XP: Now please boot into the PE (Preinstallation Environment) disk. Run FRST/FRST64 and press the Fix button just once and wait. The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.
  8. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017 Ran by SYSTEM on MININT-VQOFO8I (22-01-2017 16:06:53) Running from L:\ Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-08] (Realtek Semiconductor) HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [6450920 2016-09-15] (Box, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.) HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [852720 2016-09-23] (McAfee, Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.) HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] () HKLM-x32\...\Run: [ConnectionManager] => C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [164656 2014-08-11] (Sage) HKLM-x32\...\Run: [JFaxMailNTHelper] => C:\Windows\JFaxMailNTHelper.exe [45056 1999-03-05] () HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-16] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1934744 2015-01-30] (APN) HKLM-x32\...\Run: [doubleTwist] => C:\Program Files (x86)\doubleTwist\doubleTwist.Light.exe HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-03-31] (Oracle Corporation) HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2016-10-11] (Microsoft Corporation) Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2013-04-21] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SlingplayerForWebShortcut.lnk [2016-07-24] ShortcutTarget: SlingplayerForWebShortcut.lnk -> C:\Program Files (x86)\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe (Sling Media Inc.) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-30] (APN LLC.) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [37264 2016-07-29] (Box, Inc.) S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3040496 2016-10-04] (Microsoft Corporation) S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-03-03] (WildTangent) S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company) S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-08-04] (McAfee, Inc.) S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.) S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.469\McCHSvc.exe [329480 2016-12-02] (McAfee, Inc.) S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.) S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.) S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.) S3 Sage 50 Transaction Manager 2015 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2015 - CDN\Sage_SA.TransactionManager.exe [36144 2014-08-11] (Sage) S2 Simply Accounting Database Connection Manager; C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe [24880 2014-08-11] (Sage) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [167936 2008-06-26] () ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-01] (McAfee, Inc.) S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.) S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.) S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-08-04] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 mfeaack01; \Device\mfeaack01.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-22 16:06 - 2017-01-22 16:06 - 00000000 ____D C:\FRST 2017-01-20 13:56 - 2017-01-20 13:56 - 00578862 _____ C:\Users\Roger\Documents\GST form.pdf 2017-01-20 13:56 - 2017-01-20 13:56 - 00006954 _____ C:\Users\Roger\Documents\Request for a Business Number.pdf 2017-01-18 21:03 - 2017-01-18 21:03 - 00126417 _____ C:\Users\Roger\Desktop\Roxie Jan Visa.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-22 16:03 - 2012-11-07 17:30 - 00000000 ____D C:\Windows\System32\Macromed 2017-01-22 16:03 - 2012-11-01 18:53 - 00000000 ____D C:\users\Roger 2017-01-22 16:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2017-01-22 16:02 - 2015-11-19 08:36 - 00000000 ____D C:\Program Files\McAfee Security Scan 2017-01-22 16:02 - 2015-04-05 13:25 - 00000000 ____D C:\ProgramData\AskPartnerNetwork 2017-01-22 16:02 - 2015-04-05 13:25 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork 2017-01-22 16:02 - 2012-12-04 15:17 - 00000000 ____D C:\Users\Roger\AppData\Local\Simply 2017-01-22 16:02 - 2012-11-07 17:30 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2017-01-22 16:02 - 2012-11-01 19:07 - 00000000 ____D C:\ProgramData\clear.fi 2017-01-22 16:02 - 2012-11-01 18:53 - 00000000 ____D C:\Users\Roger\AppData\Local\PowerCinema 2017-01-22 16:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf 2017-01-22 16:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat 2017-01-22 16:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2017-01-22 16:00 - 2011-08-02 22:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-22 15:55 - 2013-02-16 12:38 - 00000000 ____D C:\Program Files\Microsoft Office 15 2017-01-21 10:02 - 2013-10-03 14:45 - 00000000 ____D C:\L&DCABLE 2017-01-20 13:59 - 2015-07-01 19:14 - 00000000 ____D C:\Users\Roger\AppData\Local\CutePDF Writer 2017-01-20 13:56 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2017-01-13 06:32 - 2013-01-17 15:36 - 00000000 ____D C:\Users\Roger\AppData\Local\Deployment 2017-01-10 06:13 - 2016-06-16 06:30 - 00013519 _____ C:\Users\Roger\Desktop\Splash Park.xlsx 2016-12-23 03:22 - 2013-02-16 12:44 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft Some files in TEMP: ==================== 2013-01-02 17:20 - 2013-01-02 17:20 - 0726016 _____ (Igor Pavlov) C:\Users\Roger\AppData\Local\Temp\7z.dll 2013-01-02 17:20 - 2013-01-02 17:20 - 0150016 _____ (Igor Pavlov) C:\Users\Roger\AppData\Local\Temp\7z.exe 2013-03-17 15:15 - 2013-03-17 15:16 - 35447368 _____ () C:\Users\Roger\AppData\Local\Temp\8673.exe 2015-04-05 13:23 - 2015-04-05 13:23 - 0663448 _____ (Ask Partner Network) C:\Users\Roger\AppData\Local\Temp\APNSetup.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BingSvc.exe 2012-03-13 05:47 - 2012-03-13 05:47 - 35084352 ____R (Research In Motion Ltd. ) C:\Users\Roger\AppData\Local\Temp\BlackBerryDeviceManager.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BSvcProcessor.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BSvcUpdater.exe 2015-07-01 19:10 - 2015-07-01 19:11 - 8104768 _____ () C:\Users\Roger\AppData\Local\Temp\converter.exe 2015-11-16 10:53 - 2015-11-16 10:57 - 2612880 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\DefaultPack.EXE 2013-01-02 17:20 - 2013-01-02 17:20 - 0023477 _____ () C:\Users\Roger\AppData\Local\Temp\dtkill.exe 2013-01-02 17:20 - 2013-01-02 17:20 - 0006656 _____ (doubleTwist Corperation) C:\Users\Roger\AppData\Local\Temp\Executor.exe 2014-08-29 09:10 - 2014-08-29 09:21 - 118744568 _____ () C:\Users\Roger\AppData\Local\Temp\HPInstaller.exe 2014-12-14 15:38 - 2014-12-14 15:38 - 0000000 _____ () C:\Users\Roger\AppData\Local\Temp\hukc9z10.dll 2014-01-19 14:45 - 2014-01-19 14:45 - 1070088 _____ (Solid State Networks) C:\Users\Roger\AppData\Local\Temp\install_flashplayer12x32axau_gtbd_chrd_dn_aaa_aih.exe 2013-02-15 21:00 - 2013-02-15 21:00 - 0897448 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe 2013-10-08 10:27 - 2013-10-08 10:27 - 0915368 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe 2013-12-19 09:06 - 2013-12-19 09:06 - 0921512 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe 2014-07-02 08:08 - 2014-07-02 08:08 - 0921512 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe 2015-10-24 19:24 - 2015-10-24 19:24 - 0585824 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u65-windows-au.exe 2016-02-06 08:14 - 2016-02-06 08:14 - 0736352 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u73-windows-au.exe 2016-04-22 05:58 - 2016-04-22 05:58 - 0739904 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u91-windows-au.exe 2013-02-16 12:38 - 2013-02-16 12:37 - 0558680 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\OfficeSetup.exe 2013-04-23 14:15 - 2013-04-23 14:15 - 4995416 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\vcredist_x86-2010.exe 2013-01-02 17:20 - 2013-01-02 17:20 - 6560088 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\vcredist_x86-2012.exe 2013-02-15 14:36 - 2013-02-15 14:36 - 0444056 _____ () C:\Users\Roger\AppData\Local\Temp\wajam_install.exe 2015-10-25 06:23 - 2015-10-25 06:23 - 0833864 _____ (Yahoo! Inc.) C:\Users\Roger\AppData\Local\Temp\ytb.exe ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2016-10-13 06:35] - [2016-08-29 07:04] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA C:\Windows\SysWOW64\explorer.exe [2016-10-13 06:35] - [2016-08-29 06:55] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2016-12-13 13:45] - [2016-11-10 08:32] - 1009152 ____A (Microsoft Corporation) 34BA256FBF83457F9D5E51A56DB54542 C:\Windows\SysWOW64\User32.dll [2016-12-13 13:45] - [2016-11-10 08:19] - 0833024 ____A (Microsoft Corporation) 3CB074875AC88A7C1010A2A7F9881A8C C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= Restore point date: 2016-12-29 22:00 Restore point date: 2017-01-05 22:00 Restore point date: 2017-01-11 01:00 Restore point date: 2017-01-18 22:00 Restore point date: 2017-01-21 09:47 ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 7892.94 MB Available physical RAM: 6942.49 MB Total Virtual: 7891.14 MB Available Virtual: 6928.98 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:1382.17 GB) (Free:1181.84 GB) NTFS Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:4.3 GB) NTFS Drive l: (KINGSTON) (Removable) (Total:3.65 GB) (Free:3.22 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: C3548EA8) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=1382.2 GB) - (Type=07 NTFS) ======================================================== Disk: 6 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=3.7 GB) - (Type=0C) LastRegBack: 2017-01-12 22:31 ==================== End of FRST.txt ============================
  9. You need to download it to a Disk.
  10. Anti-MalwareCrystal Security is an easy to use application that was created in order to help you quickly detect and remove malware that might affect your computer. Cloud BasedThe cloud based Crystal Security gathers data from millions of participating users systems around the world to help defend you from the very latest viruses and malware attacks. FreewareCloud based malware detection, easy to use, user-friendly interface, automatic/manual updates, no installations, supports multiple languages and many other features. DownloadsCrystal Security 3.5.0.142 Installer and portable versions available Language: English only Version status: stable Download [installer]Download [Portable]CompatibilityMicrosoft Windows XP, Vista, 7, 8, 8.1, 10, Server 2003, 2008 32/64-bit Requires .NET Framework 3.5
  11. DECIDE FOR YOURSELF WHICH TRACKERS EARN YOUR TRUST.A personalized digital experience is great, but shouldn’t you be in control of who’s tracking you? With the free Ghostery Add-on, you decide which companies to trust and which to block. We have the largest database of companies that are tracking you — more than 2,000. Ghostery gives you control for a faster, more private, and more satisfying digital experience. http://www.ghostery.com/our-solutions/ghostery-add-on/
  12. Run chkdsk /f /r from recovery console.
  13. Run chkdsk /f /r from recovery console.
  14. Run chkdsk /f /r from recovery console.
  15. Mr

    Sorry for the delay, you still having issues? Step 1: Speccy Scan. Please go here and download Speccy. Install and run the program. Upon Completion: Hit File Publish Snap Shot A link will appear, post that link. Step 2: MiniToolBox Scan Please download MINITOOLBOX and run it. Checkmark following boxes: Flush DNS Reset FF proxy Settings Reset Ie Proxy Settings Report IE Proxy Settings Report FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size List Devices (problems only) Click Go post the result.
  16. Sweet, glad you got it fixed and that you came back and told me.
  17. Hello, Can you boot into the recovery console and perform a checkdisk on the machine via command prompt. Run chkdsk /f /r from with in the command prompt.
  18. How are you coming along with the instructions? Any change in the issue?
  19. Please download and save FRST 64bit or FRST 32 bit to your DESKTOP. CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows. Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Make sure that Addition option is checked. Press Scan button. It will produce a log called FRST.txt in the same directory the tool is run from. Please copy and paste contents of the log back here. The first time the tool is run, or Additions.txt is selected in the options it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste contents of that log along with the FRST.txt into your reply. Adware Cleaner Scan. Please download AdwCleaner by Xplode onto your desktop. Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Scan button. When the scan has finished click on Clean button. Your computer will be rebooted automatically. A text file will open after the restart. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[S1].txt as well. JRT Scan. Please download Junkware Removal Tool and save it on your desktop. Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator. The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log is saved to your desktop and will automatically open. Please post the JRT log. Adware Removal Tool Scan. Download Adware removal tool to your desktop, right click the icon and select Run as Administrator. Hit Ok. Hit next make sure to leave all items checked, for removal. The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool. ZHP Scan. Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator. 2. Once you have started the program, you will need to click the scanner button. The program will close all open browsers! 3. Once the scan is completed, the you will want to click the Repair button. At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop. Copy and paste the report here in your next reply.
  20. Are there any errors in device manager? Open your device manager. hit the start button then copy and paste devmgmt.msc into the start search box hit enter. Left click the + next to network adapters, right click and un-install your wireless driver. Then your ethernet driver, make sure and do not tick the box that says delete driver. Reboot your machine after... Does the computer work in Safe Mode With Networking? Download the Net Adapter Repair All In One Please use this direct link Save the application to your desktop, right click and run as administrator. Note: Your ethernet cable must be plugged in during this process!! Click the Advanced repair. Click OK at the prompt to continue. The program will need to reboot your machine, allow it to do so. Check your issue. If the issue still persist re-open (as administrator) the tool, check all boxes in the picture below. Click Run All Selected. Any prompts like the one below, select All Network Adapters. Once you are prompted to restart the do so. Check your issue. report back.
  21. @Rgant Welcome to WI. Step 1: Speccy Scan. Please go here and download Speccy. Install and run the program. Upon Completion: Hit File Publish Snap Shot A link will appear, post that link. Step 2: MiniToolBox Scan Please download MINITOOLBOX and run it. Checkmark following boxes: Flush DNS Reset FF proxy Settings Reset Ie Proxy Settings Report IE Proxy Settings Report FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size List Devices (problems only) Click Go post the result. Step 3: Autoruns Scan. Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option. in other words make sure it is a .txt file instead of .arn Attach the text in your next reply. Step 4: Security Check Scan. Download Security Check to your desktop. Right click it run as administrator. When the program completes, the tool will automatically open a log file. Please post that log here in your next post. Please copy and paste this log, do not attach it.
  22. Step 1: Speccy Scan. Please go here and download Speccy. Install and run the program. Upon Completion: Hit File Publish Snap Shot A link will appear, post that link. Step 2: MiniToolBox Scan Please download MINITOOLBOX and run it. Checkmark following boxes: Flush DNS Reset FF proxy Settings Reset Ie Proxy Settings Report IE Proxy Settings Report FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size List Devices (problems only) Click Go post the result. Step 3: Autoruns Scan. Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option. in other words make sure it is a .txt file instead of .arn Attach the text in your next reply. Step 4: Upload your MiniDump Files. Please upload your minidump files. How to compress and upload Minidump files If you are unable to upload them here, then upload them to SendSpace or FileDropper send me the link.
  23. On a clean machine, please download FRST 64bit or FRST 32 bit and save it to a flash drive. Note: You need to run the version compatible with your system. Plug the flashdrive into the infected PC. If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. If you are using Vista or Windows 7 enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options: Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Use the arrow keys to select the Repair your computer menu item. Select US as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account an click Next. Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used. To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html To enter System Recovery Options by using Windows installation disc: Insert the installation disc. Restart your computer. If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings. Click Repair your computer. Select US as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account and click Next. On the System Recovery Options menu you will get the following options: Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt Select Command Prompt Once in the Command Prompt: In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

WindowsInstructed Forums

Welcome on the WindowsInstructed Forums. If you have any Windows question or Malware related question then this is the place to be. All your connections are securely encrypted with our server so your privacy is protected as well!