So I have this Sony Vaio from a friend. he said he got the dirty decrypter virus and tried to remove it herself. I have ran a bunch of scans on it and removed a few things. what I am left with now is a black screen with just the mouse pointer which can be moved around but nothing else works or at least I cannot see it. no version of safe mode works either. I can boot in to it with a boot disc though. Anyone have any tricks up their sleeves before I rebuild it?
Inactive Last ditch effort before rebuild
- Thread starter kwspony
- Start date
Broni
Posts: 56,041 +516
Welcome aboard
Please, observe following rules:
==============================
What Windows version is it?
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
==============================
What Windows version is it?
Broni
Posts: 56,041 +516
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.
Plug the flashdrive into the infected PC.
If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
If you are using Vista or Windows 7 enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
To enter System Recovery Options by using Windows installation disc:
On the System Recovery Options menu you will get the following options:
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.
Plug the flashdrive into the infected PC.
If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
If you are using Vista or Windows 7 enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
- Insert the installation disc.
- Restart your computer.
- If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
- Click Repair your computer.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
- Startup Repair
- System Restore
- Windows Complete PC Restore
- Windows Memory Diagnostic Tool
- Command Prompt
- Select Command Prompt
- In the command window type in notepad and press Enter.
- The notepad opens. Under File menu select Open.
- Select "Computer" and find your flash drive letter and close the notepad.
- In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive. - The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
FRST scan results:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013
Ran by SYSTEM on 02-08-2013 13:02:38
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2023936 2009-08-03] (Eastman Kodak Company)
HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKU\Shelly\...\Run: [AdobeBridge] - [x]
HKU\Shelly\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-08] (Google Inc.)
HKU\Shelly\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [19676256 2013-06-06] (Google)
HKU\Shelly\...\Run: [UpdaeteServer] - C:\Users\Shelly\AppData\Roaming\Media Center Programs\WINF4D0.exe [119296 2013-05-15] ()
HKU\Shelly\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe [814472 2013-06-11] (Adobe Systems Incorporated)
IMEO\OLT.exe: [Debugger] svchost.exe
Startup: C:\Users\Shelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk
ShortcutTarget: RCA Detective.lnk -> (No File)
==================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [527728 2012-11-15] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78072 2012-11-14] ()
S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [389488 2012-11-14] ()
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-16] (Intel Corporation)
S2 SBAMSvc; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2763080 2010-08-20] (Sunbelt Software)
S2 SBPIMSvc; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [181584 2010-08-20] (Sunbelt Software)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-10-15] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-10-15] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-09-14] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642416 2009-09-14] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1165680 2009-10-30] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-09-14] (Sony Corporation)
==================== Drivers (Whitelisted) ====================
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29696 2011-06-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2011-06-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [90624 2011-06-03] (LG Electronics Inc.)
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [42248 2012-11-14] (AnchorFree Inc.)
S2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [64600 2010-06-14] (Sunbelt Software)
S1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2010-07-27] (Sunbelt Software, Inc.)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84056 2010-04-15] (Sunbelt Software, Inc.)
S3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84056 2010-04-15] (Sunbelt Software, Inc.)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [60504 2010-07-27] (Sunbelt Software, Inc.)
S1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [49752 2010-03-22] (Sunbelt Software)
S1 SbTis; C:\Windows\System32\drivers\sbtis.sys [94296 2010-07-27] (Sunbelt Software, Inc.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-14] (Anchorfree Inc.)
S3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [13344 2012-04-09] (Rsupport Corporation)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S2 MSSQL$DDNI;
S2 Oasis2Service;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-02 13:02 - 2013-08-02 13:02 - 00000000 ____D C:\FRST
2013-08-01 18:12 - 2013-08-01 18:12 - 00000000 ____D C:\NBRT
2013-07-23 16:44 - 2013-07-29 08:55 - 00000000 ____D C:\Users\Shelly\AppData\Roaming\Dirty
2013-07-23 12:48 - 2013-07-23 16:52 - 00000000 ____D C:\Users\Shelly\AppData\Local\Facebook
2013-07-20 23:21 - 2013-07-23 20:29 - 00000000 ____D C:\Users\Shelly\Desktop\Cheer Motions
2013-07-20 21:39 - 2013-07-20 21:39 - 00000491 _____ C:\Users\Shelly\Desktop\cheer7.htm
2013-07-14 02:00 - 2013-07-14 02:00 - 00000000 _____ C:\Windows\setuperr.log
2013-07-14 02:00 - 2013-07-14 02:00 - 00000000 _____ C:\Windows\setupact.log
2013-07-03 15:04 - 2013-08-02 07:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-08-02 08:40 - 2009-07-13 20:45 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-02 08:40 - 2009-07-13 20:45 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-02 08:35 - 2013-02-10 20:48 - 01080303 _____ C:\Windows\WindowsUpdate.log
2013-08-02 08:33 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-02 08:00 - 2010-07-15 18:20 - 00000000 ____D C:\users\Shelly
2013-08-02 08:00 - 2010-04-26 17:01 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\addins
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\ras
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\th-TH
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sl-SI
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sk-SK
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ro-RO
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ras
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Msdtc
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\manifeststore
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\lv-LV
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\lt-LT
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\icsxml
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ias
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\hr-HR
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\he-IL
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\et-EE
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\com
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\bg-BG
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ar-SA
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\L2Schemas
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Services
2013-08-02 07:55 - 2013-05-23 17:33 - 00000000 ____D C:\Windows\System32\SPReview
2013-08-02 07:55 - 2013-05-23 17:33 - 00000000 ____D C:\Windows\System32\EventProviders
2013-08-02 07:55 - 2013-04-22 20:02 - 00000000 ____D C:\Windows\SysWOW64\syncdb
2013-08-02 07:55 - 2011-10-15 00:38 - 00000000 ____D C:\Windows\System32\Macromed
2013-08-02 07:55 - 2010-07-31 18:20 - 00000000 ____D C:\Windows\System32\kodak
2013-08-02 07:55 - 2010-07-13 08:44 - 00000000 ____D C:\Windows\System32\Tasks\SONY
2013-08-02 07:55 - 2010-07-13 08:37 - 00000000 ____D C:\Windows\SysWOW64\winrm
2013-08-02 07:55 - 2010-07-13 08:37 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2013-08-02 07:55 - 2010-07-13 08:36 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2013-08-02 07:55 - 2010-07-13 08:36 - 00000000 ____D C:\Windows\System32\WCN
2013-08-02 07:55 - 2010-07-13 08:36 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2013-08-02 07:55 - 2010-07-13 08:06 - 00000000 ____D C:\Windows\Sonysys
2013-08-02 07:55 - 2010-07-13 07:45 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-08-02 07:55 - 2010-04-26 17:01 - 00000000 ____D C:\Windows\ShellNew
2013-08-02 07:55 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Speech
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\NetworkList
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spp
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Speech
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\SMI
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\IME
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Speech
2013-08-02 07:54 - 2012-03-26 12:30 - 00000000 ____D C:\Windows\pss
2013-08-02 07:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\security
2013-08-02 07:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\schemas
2013-08-02 07:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources
2013-08-02 07:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Globalization
2013-08-02 07:53 - 2013-07-03 15:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-02 07:53 - 2013-05-23 18:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-08-02 07:53 - 2013-03-29 18:13 - 00000000 ____D C:\Program Files (x86)\Audacity
2013-08-02 07:53 - 2013-03-13 22:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-02 07:53 - 2013-03-13 22:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-02 07:53 - 2013-03-03 21:33 - 00000000 ____D C:\Users\Shelly\Documents\RCA Digital Voice Manager
2013-08-02 07:53 - 2013-03-03 21:33 - 00000000 ____D C:\Users\Shelly\Documents\RCA Detective
2013-08-02 07:53 - 2013-02-21 17:43 - 00000000 ____D C:\ProgramData\WebEx
2013-08-02 07:53 - 2012-12-18 22:05 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2013-08-02 07:53 - 2012-10-16 19:22 - 00000000 ___SD C:\Users\Shelly\Google Drive
2013-08-02 07:53 - 2012-10-03 18:02 - 00000000 ____D C:\Users\Shelly\AppData\Roaming\Elluminate
2013-08-02 07:53 - 2012-09-06 18:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-02 07:53 - 2012-09-02 14:43 - 00000000 ____D C:\Users\Shelly\AppData\Local\Unity
2013-08-02 07:53 - 2012-07-31 13:44 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-08-02 07:53 - 2012-07-31 13:43 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-08-02 07:53 - 2012-07-31 13:43 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-08-02 07:53 - 2012-07-31 13:43 - 00000000 ____D C:\Program Files (x86)\Coupons
2013-08-02 07:53 - 2012-07-31 13:42 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-02 07:53 - 2012-07-31 13:39 - 00000000 ____D C:\Users\Shelly\AppData\Local\HP
2013-08-02 07:53 - 2012-06-10 18:41 - 00000000 ____D C:\Program Files (x86)\Free Offers from Freeze.com
2013-08-02 07:53 - 2012-02-07 20:49 - 00000000 ____D C:\Users\Shelly\Desktop\Misc
2013-08-02 07:53 - 2011-12-01 18:30 - 00000000 ____D C:\Users\Shelly\AppData\Roaming\Audacity
2013-08-02 07:53 - 2011-12-01 18:26 - 00000000 ____D C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2013-08-02 07:53 - 2011-11-19 18:25 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-08-02 07:53 - 2011-09-14 20:34 - 00000000 ____D C:\Program Files\Google
2013-08-02 07:53 - 2011-09-14 20:21 - 00000000 ____D C:\Users\Shelly\AppData\Roaming\ArcSoft
2013-08-02 07:53 - 2011-09-14 20:17 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-02 07:53 - 2011-09-14 20:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-02 07:53 - 2011-09-14 20:16 - 00000000 ____D C:\ProgramData\Skype
2013-08-02 07:53 - 2011-02-04 18:38 - 00000000 ____D C:\ProgramData\Real
2013-08-02 07:53 - 2011-02-04 18:38 - 00000000 ____D C:\Program Files (x86)\Real
2013-08-02 07:53 - 2011-01-08 10:05 - 00000000 ____D C:\Users\Shelly\AppData\Roaming\Juniper Networks
2013-08-02 07:53 - 2010-08-31 16:12 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-08-02 07:53 - 2010-07-16 06:55 - 00000000 ____D C:\Program Files (x86)\SureThing Express Labeler
2013-08-02 07:53 - 2010-07-16 06:04 - 00000000 ____D C:\Users\Shelly\AppData\Local\Downloaded Installations
2013-08-02 07:53 - 2010-07-16 05:59 - 00000000 ____D C:\Users\Public\Documents\Pinnacle
2013-08-02 07:53 - 2010-07-15 18:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-08-02 07:53 - 2010-07-15 18:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-02 07:53 - 2010-07-15 18:30 - 00000000 ____D C:\ProgramData\FLEXnet
2013-08-02 07:53 - 2010-07-13 09:07 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2013-08-02 07:53 - 2010-07-13 09:06 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-08-02 07:53 - 2010-07-13 08:18 - 00000000 ____D C:\Program Files\Shutterfly
2013-08-02 07:53 - 2010-07-13 08:18 - 00000000 ____D C:\Program Files\PlayReady
2013-08-02 07:53 - 2010-07-13 08:16 - 00000000 ____D C:\ProgramData\Norton
2013-08-02 07:53 - 2010-07-13 07:47 - 00000000 ____D C:\Program Files\Apoint
2013-08-02 07:53 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-02 07:52 - 2010-12-17 10:53 - 00000000 ____D C:\8acfb9046ac15f220fbb64
2013-08-02 07:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-08-02 06:50 - 2011-02-05 14:42 - 00000000 ____D C:\Users\Shelly\Documents\School
2013-08-02 06:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-02 06:47 - 2010-07-13 07:49 - 00000000 ____D C:\Program Files\Sony
2013-08-01 18:12 - 2013-08-01 18:12 - 00000000 ____D C:\NBRT
2013-07-29 08:55 - 2013-07-23 16:44 - 00000000 ____D C:\Users\Shelly\AppData\Roaming\Dirty
2013-07-29 08:55 - 2011-01-18 17:33 - 00000000 ____D C:\Windows\Minidump
2013-07-29 06:51 - 2010-07-15 18:30 - 00000000 ____D C:\Users\Shelly\AppData\Local\Adobe
2013-07-23 20:29 - 2013-07-20 23:21 - 00000000 ____D C:\Users\Shelly\Desktop\Cheer Motions
2013-07-23 16:52 - 2013-07-23 12:48 - 00000000 ____D C:\Users\Shelly\AppData\Local\Facebook
2013-07-23 07:04 - 2011-03-11 19:40 - 00000000 ____D C:\Users\Shelly\AppData\Local\CrashDumps
2013-07-20 21:39 - 2013-07-20 21:39 - 00000491 _____ C:\Users\Shelly\Desktop\cheer7.htm
2013-07-14 20:35 - 2012-07-20 18:32 - 00000000 ____D C:\Users\Shelly\Documents\Paul
2013-07-14 02:01 - 2012-09-09 09:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-14 02:01 - 2012-07-31 13:43 - 00000258 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2013-07-14 02:01 - 2010-07-13 08:07 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-14 02:00 - 2013-07-14 02:00 - 00000000 _____ C:\Windows\setuperr.log
2013-07-14 02:00 - 2013-07-14 02:00 - 00000000 _____ C:\Windows\setupact.log
2013-07-13 11:27 - 2010-07-13 08:07 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-13 11:22 - 2010-07-13 08:07 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 11:22 - 2010-07-13 08:07 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 11:09 - 2009-07-13 21:13 - 00005168 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-09 16:02 - 2011-06-26 21:31 - 00198462 _____ C:\test.xml
2013-07-09 15:02 - 2012-05-23 19:39 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{084A3F5B-E5D1-4557-BE40-75CB207E2AC1}
2013-07-04 09:22 - 2011-05-09 20:49 - 00001108 _____ C:\Windows\SysWOW64\ServiceConfig.xml
2013-07-04 09:22 - 2011-05-09 20:49 - 00000810 _____ C:\Windows\SysWOW64\RegistrationConfig.xml
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!
==================== Restore Points =========================
Restore point made on: 2013-07-14 02:01:58
Restore point made on: 2013-07-21 18:12:01
Restore point made on: 2013-07-23 19:52:25
Restore point made on: 2013-07-29 07:32:51
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 3950.1 MB
Available physical RAM: 3324.24 MB
Total Pagefile: 3948.25 MB
Available Pagefile: 3313.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:284.36 GB) (Free:175.68 GB) NTFS (Disk=0 Partition=3)
Drive e: (Recovery) (Fixed) (Total:13.64 GB) (Free:0.8 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive g: (KARL 3) (Removable) (Total:30.08 GB) (Free:25.99 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 67F2CEB1)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)
LastRegBack: 2013-07-24 13:13
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013
Ran by SYSTEM on 02-08-2013 13:02:38
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2023936 2009-08-03] (Eastman Kodak Company)
HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKU\Shelly\...\Run: [AdobeBridge] - [x]
HKU\Shelly\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-08] (Google Inc.)
HKU\Shelly\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [19676256 2013-06-06] (Google)
HKU\Shelly\...\Run: [UpdaeteServer] - C:\Users\Shelly\AppData\Roaming\Media Center Programs\WINF4D0.exe [119296 2013-05-15] ()
HKU\Shelly\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe [814472 2013-06-11] (Adobe Systems Incorporated)
IMEO\OLT.exe: [Debugger] svchost.exe
Startup: C:\Users\Shelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk
ShortcutTarget: RCA Detective.lnk -> (No File)
==================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [527728 2012-11-15] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78072 2012-11-14] ()
S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [389488 2012-11-14] ()
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-16] (Intel Corporation)
S2 SBAMSvc; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2763080 2010-08-20] (Sunbelt Software)
S2 SBPIMSvc; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [181584 2010-08-20] (Sunbelt Software)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-10-15] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-10-15] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-09-14] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642416 2009-09-14] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1165680 2009-10-30] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-09-14] (Sony Corporation)
==================== Drivers (Whitelisted) ====================
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29696 2011-06-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2011-06-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [90624 2011-06-03] (LG Electronics Inc.)
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [42248 2012-11-14] (AnchorFree Inc.)
S2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [64600 2010-06-14] (Sunbelt Software)
S1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2010-07-27] (Sunbelt Software, Inc.)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84056 2010-04-15] (Sunbelt Software, Inc.)
S3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84056 2010-04-15] (Sunbelt Software, Inc.)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [60504 2010-07-27] (Sunbelt Software, Inc.)
S1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [49752 2010-03-22] (Sunbelt Software)
S1 SbTis; C:\Windows\System32\drivers\sbtis.sys [94296 2010-07-27] (Sunbelt Software, Inc.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-14] (Anchorfree Inc.)
S3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [13344 2012-04-09] (Rsupport Corporation)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S2 MSSQL$DDNI;
S2 Oasis2Service;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-02 13:02 - 2013-08-02 13:02 - 00000000 ____D C:\FRST
2013-08-01 18:12 - 2013-08-01 18:12 - 00000000 ____D C:\NBRT
2013-07-23 16:44 - 2013-07-29 08:55 - 00000000 ____D C:\Users\Shelly\AppData\Roaming\Dirty
2013-07-23 12:48 - 2013-07-23 16:52 - 00000000 ____D C:\Users\Shelly\AppData\Local\Facebook
2013-07-20 23:21 - 2013-07-23 20:29 - 00000000 ____D C:\Users\Shelly\Desktop\Cheer Motions
2013-07-20 21:39 - 2013-07-20 21:39 - 00000491 _____ C:\Users\Shelly\Desktop\cheer7.htm
2013-07-14 02:00 - 2013-07-14 02:00 - 00000000 _____ C:\Windows\setuperr.log
2013-07-14 02:00 - 2013-07-14 02:00 - 00000000 _____ C:\Windows\setupact.log
2013-07-03 15:04 - 2013-08-02 07:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-08-02 08:40 - 2009-07-13 20:45 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-02 08:40 - 2009-07-13 20:45 - 00014144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-02 08:35 - 2013-02-10 20:48 - 01080303 _____ C:\Windows\WindowsUpdate.log
2013-08-02 08:33 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-02 08:00 - 2010-07-15 18:20 - 00000000 ____D C:\users\Shelly
2013-08-02 08:00 - 2010-04-26 17:01 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\addins
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-08-02 08:00 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\ras
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\th-TH
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sl-SI
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sk-SK
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ro-RO
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ras
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Msdtc
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\manifeststore
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\lv-LV
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\lt-LT
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\icsxml
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ias
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\hr-HR
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\he-IL
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\et-EE
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\com
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\bg-BG
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ar-SA
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\L2Schemas
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-08-02 08:00 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Services
2013-08-02 07:55 - 2013-05-23 17:33 - 00000000 ____D C:\Windows\System32\SPReview
2013-08-02 07:55 - 2013-05-23 17:33 - 00000000 ____D C:\Windows\System32\EventProviders
2013-08-02 07:55 - 2013-04-22 20:02 - 00000000 ____D C:\Windows\SysWOW64\syncdb
2013-08-02 07:55 - 2011-10-15 00:38 - 00000000 ____D C:\Windows\System32\Macromed
2013-08-02 07:55 - 2010-07-31 18:20 - 00000000 ____D C:\Windows\System32\kodak
2013-08-02 07:55 - 2010-07-13 08:44 - 00000000 ____D C:\Windows\System32\Tasks\SONY
2013-08-02 07:55 - 2010-07-13 08:37 - 00000000 ____D C:\Windows\SysWOW64\winrm
2013-08-02 07:55 - 2010-07-13 08:37 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2013-08-02 07:55 - 2010-07-13 08:36 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2013-08-02 07:55 - 2010-07-13 08:36 - 00000000 ____D C:\Windows\System32\WCN
2013-08-02 07:55 - 2010-07-13 08:36 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2013-08-02 07:55 - 2010-07-13 08:06 - 00000000 ____D C:\Windows\Sonysys
2013-08-02 07:55 - 2010-07-13 07:45 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-08-02 07:55 - 2010-04-26 17:01 - 00000000 ____D C:\Windows\ShellNew
2013-08-02 07:55 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Speech
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\NetworkList
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spp
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Speech
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\SMI
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\IME
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system
2013-08-02 07:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Speech
2013-08-02 07:54 - 2012-03-26 12:30 - 00000000 ____D C:\Windows\pss
2013-08-02 07:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\security
2013-08-02 07:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\schemas
2013-08-02 07:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources
2013-08-02 07:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Globalization
2013-08-02 07:53 - 2013-07-03 15:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-02 07:53 - 2013-05-23 18:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-08-02 07:53 - 2013-03-29 18:13 - 00000000 ____D C:\Program Files (x86)\Audacity
2013-08-02 07:53 - 2013-03-13 22:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-02 07:53 - 2013-03-13 22:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-02 07:53 - 2013-03-03 21:33 - 00000000 ____D C:\Users\Shelly\Documents\RCA Digital Voice Manager
2013-08-02 07:53 - 2013-03-03 21:33 - 00000000 ____D C:\Users\Shelly\Documents\RCA Detective
2013-08-02 07:53 - 2013-02-21 17:43 - 00000000 ____D C:\ProgramData\WebEx
2013-08-02 07:53 - 2012-12-18 22:05 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2013-08-02 07:53 - 2012-10-16 19:22 - 00000000 ___SD C:\Users\Shelly\Google Drive
2013-08-02 07:53 - 2012-10-03 18:02 - 00000000 ____D C:\Users\Shelly\AppData\Roaming\Elluminate
2013-08-02 07:53 - 2012-09-06 18:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-02 07:53 - 2012-09-02 14:43 - 00000000 ____D C:\Users\Shelly\AppData\Local\Unity
2013-08-02 07:53 - 2012-07-31 13:44 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-08-02 07:53 - 2012-07-31 13:43 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-08-02 07:53 - 2012-07-31 13:43 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-08-02 07:53 - 2012-07-31 13:43 - 00000000 ____D C:\Program Files (x86)\Coupons
2013-08-02 07:53 - 2012-07-31 13:42 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-02 07:53 - 2012-07-31 13:39 - 00000000 ____D C:\Users\Shelly\AppData\Local\HP
2013-08-02 07:53 - 2012-06-10 18:41 - 00000000 ____D C:\Program Files (x86)\Free Offers from Freeze.com
2013-08-02 07:53 - 2012-02-07 20:49 - 00000000 ____D C:\Users\Shelly\Desktop\Misc
2013-08-02 07:53 - 2011-12-01 18:30 - 00000000 ____D C:\Users\Shelly\AppData\Roaming\Audacity
2013-08-02 07:53 - 2011-12-01 18:26 - 00000000 ____D C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2013-08-02 07:53 - 2011-11-19 18:25 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-08-02 07:53 - 2011-09-14 20:34 - 00000000 ____D C:\Program Files\Google
2013-08-02 07:53 - 2011-09-14 20:21 - 00000000 ____D C:\Users\Shelly\AppData\Roaming\ArcSoft
2013-08-02 07:53 - 2011-09-14 20:17 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-02 07:53 - 2011-09-14 20:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-02 07:53 - 2011-09-14 20:16 - 00000000 ____D C:\ProgramData\Skype
2013-08-02 07:53 - 2011-02-04 18:38 - 00000000 ____D C:\ProgramData\Real
2013-08-02 07:53 - 2011-02-04 18:38 - 00000000 ____D C:\Program Files (x86)\Real
2013-08-02 07:53 - 2011-01-08 10:05 - 00000000 ____D C:\Users\Shelly\AppData\Roaming\Juniper Networks
2013-08-02 07:53 - 2010-08-31 16:12 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-08-02 07:53 - 2010-07-16 06:55 - 00000000 ____D C:\Program Files (x86)\SureThing Express Labeler
2013-08-02 07:53 - 2010-07-16 06:04 - 00000000 ____D C:\Users\Shelly\AppData\Local\Downloaded Installations
2013-08-02 07:53 - 2010-07-16 05:59 - 00000000 ____D C:\Users\Public\Documents\Pinnacle
2013-08-02 07:53 - 2010-07-15 18:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-08-02 07:53 - 2010-07-15 18:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-02 07:53 - 2010-07-15 18:30 - 00000000 ____D C:\ProgramData\FLEXnet
2013-08-02 07:53 - 2010-07-13 09:07 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2013-08-02 07:53 - 2010-07-13 09:06 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-08-02 07:53 - 2010-07-13 08:18 - 00000000 ____D C:\Program Files\Shutterfly
2013-08-02 07:53 - 2010-07-13 08:18 - 00000000 ____D C:\Program Files\PlayReady
2013-08-02 07:53 - 2010-07-13 08:16 - 00000000 ____D C:\ProgramData\Norton
2013-08-02 07:53 - 2010-07-13 07:47 - 00000000 ____D C:\Program Files\Apoint
2013-08-02 07:53 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-02 07:52 - 2010-12-17 10:53 - 00000000 ____D C:\8acfb9046ac15f220fbb64
2013-08-02 07:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-08-02 06:50 - 2011-02-05 14:42 - 00000000 ____D C:\Users\Shelly\Documents\School
2013-08-02 06:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-02 06:47 - 2010-07-13 07:49 - 00000000 ____D C:\Program Files\Sony
2013-08-01 18:12 - 2013-08-01 18:12 - 00000000 ____D C:\NBRT
2013-07-29 08:55 - 2013-07-23 16:44 - 00000000 ____D C:\Users\Shelly\AppData\Roaming\Dirty
2013-07-29 08:55 - 2011-01-18 17:33 - 00000000 ____D C:\Windows\Minidump
2013-07-29 06:51 - 2010-07-15 18:30 - 00000000 ____D C:\Users\Shelly\AppData\Local\Adobe
2013-07-23 20:29 - 2013-07-20 23:21 - 00000000 ____D C:\Users\Shelly\Desktop\Cheer Motions
2013-07-23 16:52 - 2013-07-23 12:48 - 00000000 ____D C:\Users\Shelly\AppData\Local\Facebook
2013-07-23 07:04 - 2011-03-11 19:40 - 00000000 ____D C:\Users\Shelly\AppData\Local\CrashDumps
2013-07-20 21:39 - 2013-07-20 21:39 - 00000491 _____ C:\Users\Shelly\Desktop\cheer7.htm
2013-07-14 20:35 - 2012-07-20 18:32 - 00000000 ____D C:\Users\Shelly\Documents\Paul
2013-07-14 02:01 - 2012-09-09 09:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-14 02:01 - 2012-07-31 13:43 - 00000258 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2013-07-14 02:01 - 2010-07-13 08:07 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-14 02:00 - 2013-07-14 02:00 - 00000000 _____ C:\Windows\setuperr.log
2013-07-14 02:00 - 2013-07-14 02:00 - 00000000 _____ C:\Windows\setupact.log
2013-07-13 11:27 - 2010-07-13 08:07 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-13 11:22 - 2010-07-13 08:07 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 11:22 - 2010-07-13 08:07 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 11:09 - 2009-07-13 21:13 - 00005168 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-09 16:02 - 2011-06-26 21:31 - 00198462 _____ C:\test.xml
2013-07-09 15:02 - 2012-05-23 19:39 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{084A3F5B-E5D1-4557-BE40-75CB207E2AC1}
2013-07-04 09:22 - 2011-05-09 20:49 - 00001108 _____ C:\Windows\SysWOW64\ServiceConfig.xml
2013-07-04 09:22 - 2011-05-09 20:49 - 00000810 _____ C:\Windows\SysWOW64\RegistrationConfig.xml
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!
==================== Restore Points =========================
Restore point made on: 2013-07-14 02:01:58
Restore point made on: 2013-07-21 18:12:01
Restore point made on: 2013-07-23 19:52:25
Restore point made on: 2013-07-29 07:32:51
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 3950.1 MB
Available physical RAM: 3324.24 MB
Total Pagefile: 3948.25 MB
Available Pagefile: 3313.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:284.36 GB) (Free:175.68 GB) NTFS (Disk=0 Partition=3)
Drive e: (Recovery) (Fixed) (Total:13.64 GB) (Free:0.8 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive g: (KARL 3) (Removable) (Total:30.08 GB) (Free:25.99 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 67F2CEB1)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)
LastRegBack: 2013-07-24 13:13
==================== End Of Log ============================
Broni
Posts: 56,041 +516
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
See if you can boot now.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
See if you can boot now.
Fix Log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-08-2013
Ran by SYSTEM at 2013-08-02 13:10:42 Run:1
Running from G:\
Boot Mode: Recovery
==============================================
HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\Shelly\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\OLT.exe => Key deleted successfully.
ShortcutTarget: RCA Detective.lnk -> (No File) not found.
HKLM\Software\Classes\.exe\\Default => Value was restored successfully.
HKLM\Software\Classes\exefile\DefaultIcon\\Default => Value was restored successfully.
HKLM\Software\Classes\exefile\shell\open\command\\Default => Value was restored successfully.
==== End of Fixlog ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-08-2013
Ran by SYSTEM at 2013-08-02 13:10:42 Run:1
Running from G:\
Boot Mode: Recovery
==============================================
HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\Shelly\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\OLT.exe => Key deleted successfully.
ShortcutTarget: RCA Detective.lnk -> (No File) not found.
HKLM\Software\Classes\.exe\\Default => Value was restored successfully.
HKLM\Software\Classes\exefile\DefaultIcon\\Default => Value was restored successfully.
HKLM\Software\Classes\exefile\shell\open\command\\Default => Value was restored successfully.
==== End of Fixlog ====
Broni
Posts: 56,041 +516
Delete existing "fixlist.txt" file from your USB drive and....
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
Next log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-08-2013
Ran by SYSTEM at 2013-08-02 13:21:17 Run:2
Running from G:\
Boot Mode: Recovery
==============================================
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
==== End of Fixlog ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-08-2013
Ran by SYSTEM at 2013-08-02 13:21:17 Run:2
Running from G:\
Boot Mode: Recovery
==============================================
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
==== End of Fixlog ====
Broni
Posts: 56,041 +516
Unfortunately there is not much more I can do here.
There was some ZeroAccess rootkit infection but it's gone by now.
We also restored your computer to the state from last successful boot but it didn't help either.
Hopefully this is not some hardware issue but the only thing I can advice at this point is to reinstall Windows.
I'm sorry
There was some ZeroAccess rootkit infection but it's gone by now.
We also restored your computer to the state from last successful boot but it didn't help either.
Hopefully this is not some hardware issue but the only thing I can advice at this point is to reinstall Windows.
I'm sorry
Similar threads
Latest posts
-
Bending metal: The changing server business- Arbie replied
-
Ryzen 7 5800X3D vs. Ryzen 7 7800X3D, Ryzen 9 7900X3D and 7950X3D- Q Wales replied
