Inactive Windows shuts down in 1 minute - Virus?

How far does the computer boot?
How much time do you have before restart happens?

Check the above in safe mode as well.
 
NORMAL MODE:

Makes me think it's all going to load up and be fine . . . . . .
Boots to desktop with all icons, spinning circle on LAN connection icon in taskbar and Kaspersky doesn't load.
Seems like, as soon as kaspersky loads, it will run, like it usually does but instead, the "Windows will restart . . ." message comes.

I can access my computer, control panel etc etc between the desktop appearing and when it disappears.

Time from input password and hit enter to Desktop with icons appearing = 20 seconds
Time from Desktop appearing to "Restart Warning" appearing = 17 seconds
Time from "Warning" appearing to desktop closing on restart = 60 seconds
[CENTER] [/CENTER]
[CENTER] - - - - - - - - - - - - - - - - - - - - - - - - - -[/CENTER]

SAFE MODE:

Boots to black desktop (No icons & no warning dialogue box about safe mode) with "Safe Mode" in all 4 screen corners then switches to blue windows background desktop with message saying "Windows is restarting"

No icons appear so can't do anything in Safe Mode.

Time from input password and hit enter to Black Desktop appearing = 33 seconds
Time from Desktop appearing to "Restart Warning" appearing = 33 seconds
Time from "Warning" appearing to desktop closing on restart = 4 seconds



Hope this helps?

thanks again for your continued support
 
Hi.

Method 1 prevented the shutdown (But only once the warning had appeared on screen - before the warning, it reported "No shutdown is scheduled") - a box flashed up by the taskbar claiming "Shutdown prevented"

however, the spinning timer circle is constantly on the LAN icon in the taskbar. When checking in control Panel, there are no items listed in Device Manager and in System Information, the version of Windows etc is not displayed.

Windows Mail would not start, reporting "Unable t ocreate the spooler object. Your computer may be out of memory or your Disk is full (ox80040153,2)"

Excel wouldn't run correctly and Genie Backup Manager wouldn't run (To backup Winmail)

So, I guess the shutdown was prevented buut the PC isn't working - which is probably why it wants to restart?

Feels like we may be getting somewhere :p
 
DOH!

I guess that Method 1 works as a one-time-fix, so I followed Method 2, however, despite the "Auto restart on error" being unchecked, the system still shuts down when restarted manually (and every time after)

seems the only way to keep it on is to use Method 1. (Ecxel & Word report that they are unable to "Link or embed" if I open them)

there are no device manager items . . . . could this be due to the "plug & play" error that the shutdown dialogue box is reporting?
 
Let's go back to method 1 and see if you can do this....
(download Combofix on working computer and use USB flash drive to transfer it to this computer)

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Tried Combofix and it brought up a Window with a plain dark blue background with no writing. (Title of the window is simply "Administrator")
this window stays there for over 30 mins with no results. The clock is still running ok. Has CF stalled? Is this how it should work?

I downloaded rkill but I see it needs to be run in Safe Mode. I can't use Safe Mode, I have no icons on the screen in SM and it shuts right down from this.

I'll try Combofix again and leave it for an hour but it really seems like it's not doing anything once the CF window runs through it's stuff and then presents the blue window.
 
You can run rKill in normal mode before Combofix as well.

If Combofix still stalls try this...

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
  • Press Scan button.[/*]
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.[/*]
 
OK, ran rkill successfully, here's the LOG:

Rkill 2.5.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 05/29/2013 06:04:34 PM in x64 mode.
Windows Version: Windows 7 Ultimate
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\Explorer.EXE (PID: 2012) [WD-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\FRAZ\Desktop\rkill\rkill-05-29-2013-06-04-38.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic
* Plug and Play (PlugPlay) is not Running.
Startup Type set to: Automatic
* Plug and Play (RpcSs) is not Running.
Startup Type set to: Automatic
* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)
* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)
* Ancillary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System
Searching for Missing Digital Signatures:
* C:\Windows\System32\d3d9.dll [NoSig]
+-> C:\Windows\SysWOW64\d3d9.dll : 1,826,816 : 07/14/2009 00:15 AM : 7459301d21c2e21468823f73042d9f87 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_1e425e4c7a773ca0\d3d9.dll : 2,065,920 : 07/14/2009 00:40 AM : c186c9b2015ea03bffc25fbcb06e429c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_c223c2c8c219cb6a\d3d9.dll : 1,826,816 : 07/14/2009 00:15 AM : 7459301d21c2e21468823f73042d9f87 [Pos Repl]
* C:\Windows\System32\drivers\afd.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys : 499,200 : 12/28/2011 00:59 AM : db9d6c6b2cd95a9ca414d045b627422e [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys : 499,200 : 12/28/2011 00:01 AM : cca39961e76b491ddf44b1e90fc8971d [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys : 498,688 : 12/28/2011 00:59 AM : 1c7857b62de5994a75b054a9fd4c3825 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys : 498,176 : 12/28/2011 00:01 AM : 36a14fd1a23f57046361733b792ca8db [Pos Repl]
* C:\Windows\System32\drivers\usbhub.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_e2b28ecac19a29af\usbhub.sys : 343,040 : 07/14/2009 00:07 AM : 4c9042b8df86c1e8e6240c218b99b39b [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_5a41ca742f7973cc\usbhub.sys : 343,040 : 07/14/2009 00:07 AM : 4c9042b8df86c1e8e6240c218b99b39b [Pos Repl]
+-> C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7600.16385_none_26ed589d28235a16\usbhub.sys : 343,040 : 07/14/2009 00:07 AM : 4c9042b8df86c1e8e6240c218b99b39b [Pos Repl]
+-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7600.16385_none_19b7511a1d3ea7fd\usbhub.sys : 343,040 : 07/14/2009 00:07 AM : 4c9042b8df86c1e8e6240c218b99b39b [Pos Repl]
* C:\Windows\System32\mshtml.dll [NoSig]
+-> C:\Windows\SysWOW64\mshtml.dll : 12,321,280 : 03/08/2013 01:22 PM : c97434c851c4821bd92d2831fdf1ecbe [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_89f24b7ab2dc7a40\mshtml.dll : 9,271,296 : 07/14/2009 00:41 AM : 12c3f25ea578daa752024e1918d59313 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.17209_none_8a4cb354b2981c8e\mshtml.dll : 9,376,768 : 01/08/2013 00:29 AM : c22e44747dac8caacce00f0722d708e2 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21419_none_8acb8219cbbdd570\mshtml.dll : 9,374,720 : 01/08/2013 00:56 AM : 98c377e8f22a61e0759bd371d4ee3709 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.18035_none_8c0e9f6eafda76f1\mshtml.dll : 9,058,304 : 12/20/2012 01:56 PM : c0206725adc0e788921fb462d6edea98 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.22199_none_8c5b5dd9c92523bd\mshtml.dll : 9,060,864 : 12/20/2012 01:56 PM : 4197d46e0d23e746ef414e87c6f79e82 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16464_none_87b9120bf4eaf990\mshtml.dll : 17,812,992 : 03/08/2013 01:22 PM : 7909b006d5e6d214d85b2cad5d0f2d39 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_9446f5cce73d3c3b\mshtml.dll : 5,957,632 : 07/14/2009 01:15 AM : 43592d31aff84dd957199248898d9430 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.17209_none_94a15da6e6f8de89\mshtml.dll : 6,031,872 : 01/08/2013 01:44 AM : 49928b5d30c5924bb3a385204030c7b9 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21419_none_95202c6c001e976b\mshtml.dll : 6,032,384 : 01/08/2013 01:44 AM : 3f9ae52fa4c469fbde42cf0a386cdcc9 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.18035_none_966349c0e43b38ec\mshtml.dll : 6,030,336 : 12/20/2012 01:50 AM : bb2afaa76fcb29cf9293e27d2c6f6176 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.22199_none_96b0082bfd85e5b8\mshtml.dll : 6,030,848 : 12/20/2012 01:03 PM : e58e0407aec39a3f236964aaa978b9f7 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16464_none_920dbc5e294bbb8b\mshtml.dll : 12,321,280 : 03/08/2013 01:22 PM : c97434c851c4821bd92d2831fdf1ecbe [Pos Repl]
* C:\Windows\System32\qmgr.dll [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll : 848,384 : 07/14/2009 01:41 AM : a61d1262cb20fc60a68ebe3d10ba145a [Pos Repl]
* C:\Windows\explorer.exe [NoSig]
+-> C:\Windows\SysWOW64\explorer.exe : 2,613,248 : 07/14/2009 01:14 AM : 15bc38a7492befe831966adb477cf76f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe : 2,868,224 : 07/14/2009 01:39 AM : 22424ae68280d6fde95cd40f2d238049 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe : 2,868,224 : 08/03/2009 01:17 AM : f170b4a061c9e026437b193b4d571799 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe : 2,870,272 : 10/31/2009 01:34 AM : 9aaaec8dac27aa17b053e6352ad233ae [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe : 2,870,272 : 02/26/2011 01:23 AM : 0862495e0c825893db75ef44faea8e93 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe : 2,868,224 : 08/03/2009 01:19 AM : 700073016dac1c3d2e7e2ce4223334b6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe : 2,870,272 : 10/31/2009 01:38 AM : b8ec4bd49ce8f6fc457721bfc210b67f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe : 2,870,784 : 02/26/2011 01:26 AM : e38899074d4951d31b4040e994dd7c8d [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe : 2,871,808 : 02/25/2011 01:19 AM : 332feab1435662fc6c672e25beb37be3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe : 2,871,808 : 02/26/2011 01:14 AM : 3b69712041f3d63605529bd66dc00c48 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe : 2,613,248 : 07/14/2009 01:14 AM : 15bc38a7492befe831966adb477cf76f [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe : 2,613,248 : 08/03/2009 01:35 AM : b95eeb0f4e5efbf1038a35b3351cf047 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe : 2,614,272 : 10/31/2009 01:45 AM : 2626fc9755be22f805d3cfa0ce3ee727 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe : 2,614,784 : 02/26/2011 01:33 AM : 2af58d15edc06ec6fdacce1f19482bbf [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe : 2,613,248 : 08/03/2009 01:49 AM : 9ff6c4c91a3711c0a3b18f87b08b518d [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe : 2,614,272 : 10/31/2009 01:00 AM : c76153c7eca00fa852bb0c193378f917 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe : 2,614,784 : 02/26/2011 01:51 AM : 255cf508d7cfb10e0794d6ac93280bd8 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe : 2,616,320 : 02/25/2011 01:30 AM : 8b88ebbb05a0e56b7dcc708498c02b3e [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe : 2,616,320 : 02/26/2011 01:19 AM : 0fb9c74046656d1579a64660ad67b746 [Pos Repl]
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 activate.adobe.com
Program finished at: 05/29/2013 06:05:59 PM
Execution time: 0 hours(s), 1 minute(s), and 24 seconds(s)
Combofix WOULD NOT RUN (Even when deleted and a fresh version called fraz was run)

Continued in next post . . . . .
 
. . continued from last post . . .

FRST64 ran ok and here are the LOG Files:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-05-2013 01
Ran by FRAZ (administrator) on 29-05-2013 18:10:59
Running from C:\Users\FRAZ\Desktop
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ACPW06EN] "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" /pid ACPW06EN [1231992 2012-08-31] (ACD Systems)
HKCU\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" [267056 2011-10-09] (BitTorrent, Inc.)
HKCU\...\Run: [EPSON Stylus Photo R220 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAIA.EXE /FU "C:\Windows\TEMP\E_S6681.tmp" /EF "HKCU" [148 2012-12-16] ()
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2012-11-13] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [ACPW05EN] "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN [822384 2011-09-20] (ACD Systems)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Start Menu\Programs\Startup\iReboot 1.1.1.lnk
ShortcutTarget: iReboot 1.1.1.lnk -> C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe (NeoSmart Technologies)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU SearchScopes: DefaultScope {829EA780-935C-4A2F-92FC-73E858B5C6E1} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=DE81BCAEC53EDB5B
SearchScopes: HKCU - {7AAAD6F0-67E7-4FCD-872C-C967C82C2AC2} URL = http://www.mysearchresults.com/search?&c=4001&t=10&q={searchTerms}
SearchScopes: HKCU - {829EA780-935C-4A2F-92FC-73E858B5C6E1} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
PDF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\FRAZ\AppData\Roaming\Mozilla\Firefox\Profiles\usfkuo0s.default
FF Homepage: user_pref("browser.startup.homepage", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin-x32: google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
==================== Services (Whitelisted) =================
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [891432 2009-09-12] (Acronis)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2012-09-15] ()
S2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2011-10-09] (Acronis)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-13] (Kaspersky Lab ZAO)
S3 BITS; C:\Windows\System32\qmgr.dll [848384 2009-07-14] ()
S2 iReboot; C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe [17408 2009-09-15] ()
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2012-09-15] ()
S2 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-09-17] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-09-17] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55056 2013-04-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 WimFltr; C:\Windows\SysWow64\DRIVERS\wimfltr.sys [128104 2006-11-02] (Microsoft Corporation)
S4 Gpstetexysm; No ImagePath
R0 snapman; system32\DRIVERS\snapman.sys [x]
R0 tdrpman251; system32\DRIVERS\tdrpm251.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-05-29 18:08 - 2013-05-29 18:08 - 00000000 ___SD C:\fraz
2013-05-29 18:04 - 2013-05-29 18:05 - 00021322 ____A C:\Users\FRAZ\Desktop\Rkill.txt
2013-05-29 18:04 - 2013-05-29 18:04 - 00000000 ____D C:\Users\FRAZ\Desktop\rkill
2013-05-29 18:00 - 2013-05-29 17:31 - 05073804 ____R (Swearware) C:\Users\FRAZ\Desktop\fraz.exe
2013-05-29 17:37 - 2013-05-29 17:13 - 00004602 ____A C:\Users\FRAZ\Desktop\combo fix - how to run etc.txt
2013-05-29 17:18 - 2013-05-29 17:18 - 01796736 ____A (Bleeping Computer, LLC) C:\Users\FRAZ\Desktop\rkill.exe
2013-05-29 01:25 - 2013-05-29 01:25 - 00000000 ____D C:\_OTL
2013-05-28 22:41 - 2013-05-28 22:41 - 00111160 ____A C:\OTL.Txt
2013-05-28 12:29 - 2013-05-27 23:21 - 00003946 ____A C:\Z - WINDOWS RECOVERY.txt
2013-05-28 04:18 - 2013-05-28 04:18 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-05-25 07:58 - 2013-05-23 11:17 - 01878472 ____A (Farbar) C:\Users\FRAZ\Desktop\FRST64.exe
2013-05-23 19:40 - 2013-05-25 17:15 - 00000000 ____D C:\FRST
2013-05-23 14:40 - 2013-05-23 14:40 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\FRAZ\Desktop\tdsskiller.exe
2013-05-23 14:24 - 2013-05-23 14:24 - 00000000 ____D C:\Windows\erdnt
2013-05-23 14:24 - 2013-05-23 14:24 - 00000000 ____D C:\Qoobox
2013-05-23 14:20 - 2013-05-23 14:12 - 00321416 ____A (ESET) C:\ESETSirefefCleaner.exe
2013-05-17 19:11 - 2013-05-17 19:11 - 00000000 __SHD C:\found.000
2013-05-16 14:21 - 2013-05-16 19:10 - 00000000 ____D C:\Users\FRAZ\Desktop\family photos spain
2013-05-15 07:28 - 2013-05-15 07:28 - 00300768 ____A C:\Windows\Minidump\051513-27908-01.dmp
2013-05-13 00:03 - 2013-05-13 00:04 - 00000000 ____D C:\Users\FRAZ\Desktop\Panasonic Camcorder photo test
2013-05-12 23:54 - 2013-05-12 23:55 - 00000000 ____D C:\Users\FRAZ\Desktop\FashionRingtones
2013-05-12 16:04 - 2013-05-12 16:04 - 00000952 ____A C:\Users\FRAZ\Desktop\HD Tune.lnk
2013-05-12 16:04 - 2013-05-12 16:04 - 00000000 ____D C:\Program Files (x86)\HD Tune
2013-05-11 12:29 - 2013-05-11 12:34 - 00000000 ____D C:\Users\FRAZ\Desktop\moby northern
2013-05-11 12:29 - 2013-05-03 23:58 - 09093237 ____N C:\Users\FRAZ\Desktop\20130503_235820.mp4
2013-05-11 12:29 - 2013-05-03 23:05 - 245591627 ____N C:\Users\FRAZ\Desktop\20130503_230306.mp4
2013-05-11 12:29 - 2013-05-03 23:02 - 71031828 ____N C:\Users\FRAZ\Desktop\20130503_230220.mp4
2013-05-11 10:16 - 2013-05-11 10:16 - 00000000 ___HD C:\Users\Public\[Originals]
2013-05-11 09:54 - 2013-05-11 09:54 - 00000000 ____D C:\Users\FRAZ\Documents\Adobe
2013-05-11 09:48 - 2013-05-11 09:48 - 00002077 ____A C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 09:48 - 2013-05-11 09:48 - 00002077 ____A C:\ProgramData\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 09:36 - 2013-05-11 09:36 - 00000000 ____D C:\Users\FRAZ\Desktop\Adobe
2013-05-09 08:17 - 2013-05-09 08:17 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-09 08:17 - 2013-05-09 08:17 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-07 14:30 - 2013-05-07 14:30 - 00001072 ____A C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 14:30 - 2013-05-07 14:30 - 00001072 ____A C:\ProgramData\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 14:30 - 2013-05-07 14:30 - 00000000 ____D C:\ProgramData\YTD YouTube Downloader & Converter
2013-05-07 14:30 - 2013-05-07 14:30 - 00000000 ____D C:\ProgramData\Application Data\YTD YouTube Downloader & Converter
2013-04-30 10:44 - 2013-04-30 10:44 - 00001388 ____A C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 10:44 - 2013-04-30 10:44 - 00001388 ____A C:\ProgramData\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 10:44 - 2013-04-30 10:44 - 00001265 ____A C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 10:44 - 2013-04-30 10:44 - 00001265 ____A C:\ProgramData\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 10:44 - 2013-04-30 10:44 - 00000000 ____D C:\Users\FRAZ\Application Data\DVDVideoSoft
2013-04-30 10:44 - 2013-04-30 10:44 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\DVDVideoSoft
2013-04-30 10:44 - 2013-04-30 10:44 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
==================== One Month Modified Files and Folders =======
2013-05-29 18:08 - 2013-05-29 18:08 - 00000000 ___SD C:\fraz
2013-05-29 18:05 - 2013-05-29 18:04 - 00021322 ____A C:\Users\FRAZ\Desktop\Rkill.txt
2013-05-29 18:05 - 2011-10-08 22:41 - 02067158 ____A C:\Windows\WindowsUpdate.log
2013-05-29 18:04 - 2013-05-29 18:04 - 00000000 ____D C:\Users\FRAZ\Desktop\rkill
2013-05-29 18:03 - 2012-09-15 09:17 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-05-29 18:03 - 2012-09-15 09:17 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab
2013-05-29 18:03 - 2011-10-09 00:31 - 00000000 ____D C:\Users\FRAZ\Application Data\uTorrent
2013-05-29 18:03 - 2011-10-09 00:31 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\uTorrent
2013-05-29 18:02 - 2011-10-08 23:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-29 18:02 - 2011-10-08 23:59 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA
2013-05-29 18:02 - 2009-07-14 06:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-29 18:02 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-29 18:02 - 2003-12-01 13:31 - 00071952 ____A C:\Windows\setupact.log
2013-05-29 17:31 - 2013-05-29 18:00 - 05073804 ____R (Swearware) C:\Users\FRAZ\Desktop\fraz.exe
2013-05-29 17:18 - 2013-05-29 17:18 - 01796736 ____A (Bleeping Computer, LLC) C:\Users\FRAZ\Desktop\rkill.exe
2013-05-29 17:13 - 2013-05-29 17:37 - 00004602 ____A C:\Users\FRAZ\Desktop\combo fix - how to run etc.txt
2013-05-29 01:25 - 2013-05-29 01:25 - 00000000 ____D C:\_OTL
2013-05-28 22:41 - 2013-05-28 22:41 - 00111160 ____A C:\OTL.Txt
2013-05-28 18:46 - 2011-10-08 22:41 - 00000000 ____D C:\users\FRAZ
2013-05-28 04:18 - 2013-05-28 04:18 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-05-27 23:21 - 2013-05-28 12:29 - 00003946 ____A C:\Z - WINDOWS RECOVERY.txt
2013-05-25 17:15 - 2013-05-23 19:40 - 00000000 ____D C:\FRST
2013-05-25 08:03 - 2003-12-01 13:31 - 00036866 ____A C:\Windows\PFRO.log
2013-05-23 14:40 - 2013-05-23 14:40 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\FRAZ\Desktop\tdsskiller.exe
2013-05-23 14:24 - 2013-05-23 14:24 - 00000000 ____D C:\Windows\erdnt
2013-05-23 14:24 - 2013-05-23 14:24 - 00000000 ____D C:\Qoobox
2013-05-23 14:12 - 2013-05-23 14:20 - 00321416 ____A (ESET) C:\ESETSirefefCleaner.exe
2013-05-23 11:17 - 2013-05-25 07:58 - 01878472 ____A (Farbar) C:\Users\FRAZ\Desktop\FRST64.exe
2013-05-23 10:54 - 2011-10-09 09:44 - 00000000 ____D C:\Users\FRAZ\Local Settings\Application Data\ACD Systems
2013-05-23 10:54 - 2011-10-09 09:44 - 00000000 ____D C:\Users\FRAZ\AppData\Local\ACD Systems
2013-05-17 19:30 - 2009-07-14 00:38 - 00129024 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys
2013-05-17 19:28 - 2009-07-14 01:10 - 00845824 ____A (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-05-17 19:27 - 2009-07-14 00:28 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-05-17 19:25 - 2009-07-14 00:49 - 01065984 ____A (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2013-05-17 19:14 - 2009-07-14 00:25 - 01898576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-05-17 19:13 - 2009-07-14 00:20 - 01659984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-05-17 19:11 - 2013-05-17 19:11 - 00000000 __SHD C:\found.000
2013-05-17 09:57 - 2009-07-14 05:45 - 00015504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-17 09:57 - 2009-07-14 05:45 - 00015504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-17 09:47 - 2012-09-15 16:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-16 19:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-05-16 19:42 - 2011-10-09 00:03 - 00000000 ____D C:\Users\FRAZ\Application Data\Adobe
2013-05-16 19:42 - 2011-10-09 00:03 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\Adobe
2013-05-16 19:10 - 2013-05-16 14:21 - 00000000 ____D C:\Users\FRAZ\Desktop\family photos spain
2013-05-15 17:47 - 2012-09-15 16:19 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 17:47 - 2012-09-15 16:19 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-15 07:28 - 2013-05-15 07:28 - 00300768 ____A C:\Windows\Minidump\051513-27908-01.dmp
2013-05-15 07:28 - 2012-11-19 12:00 - 00000000 ____D C:\Windows\Minidump
2013-05-13 07:50 - 2009-07-14 06:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-13 00:04 - 2013-05-13 00:03 - 00000000 ____D C:\Users\FRAZ\Desktop\Panasonic Camcorder photo test
2013-05-12 23:55 - 2013-05-12 23:54 - 00000000 ____D C:\Users\FRAZ\Desktop\FashionRingtones
2013-05-12 16:04 - 2013-05-12 16:04 - 00000952 ____A C:\Users\FRAZ\Desktop\HD Tune.lnk
2013-05-12 16:04 - 2013-05-12 16:04 - 00000000 ____D C:\Program Files (x86)\HD Tune
2013-05-11 12:34 - 2013-05-11 12:29 - 00000000 ____D C:\Users\FRAZ\Desktop\moby northern
2013-05-11 10:16 - 2013-05-11 10:16 - 00000000 ___HD C:\Users\Public\[Originals]
2013-05-11 09:54 - 2013-05-11 09:54 - 00000000 ____D C:\Users\FRAZ\Documents\Adobe
2013-05-11 09:54 - 2011-10-09 12:54 - 00000000 ____D C:\Users\FRAZ\Local Settings\Application Data\Adobe
2013-05-11 09:54 - 2011-10-09 12:54 - 00000000 ____D C:\Users\FRAZ\AppData\Local\Adobe
2013-05-11 09:48 - 2013-05-11 09:48 - 00002077 ____A C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 09:48 - 2013-05-11 09:48 - 00002077 ____A C:\ProgramData\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 09:48 - 2011-10-09 12:59 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-05-11 09:48 - 2011-10-09 00:54 - 00000000 ____D C:\ProgramData\Application Data\Adobe
2013-05-11 09:48 - 2011-10-09 00:54 - 00000000 ____D C:\ProgramData\Adobe
2013-05-11 09:47 - 2011-10-09 13:00 - 00000000 ____D C:\Program Files\Adobe
2013-05-11 09:36 - 2013-05-11 09:36 - 00000000 ____D C:\Users\FRAZ\Desktop\Adobe
2013-05-09 08:17 - 2013-05-09 08:17 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-09 08:17 - 2013-05-09 08:17 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-07 14:30 - 2013-05-07 14:30 - 00001072 ____A C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 14:30 - 2013-05-07 14:30 - 00001072 ____A C:\ProgramData\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 14:30 - 2013-05-07 14:30 - 00000000 ____D C:\ProgramData\YTD YouTube Downloader & Converter
2013-05-07 14:30 - 2013-05-07 14:30 - 00000000 ____D C:\ProgramData\Application Data\YTD YouTube Downloader & Converter
2013-05-07 14:30 - 2011-10-09 09:37 - 00000000 ____D C:\Program Files (x86)\YouTube Downloader
2013-05-03 23:58 - 2013-05-11 12:29 - 09093237 ____N C:\Users\FRAZ\Desktop\20130503_235820.mp4
2013-05-03 23:05 - 2013-05-11 12:29 - 245591627 ____N C:\Users\FRAZ\Desktop\20130503_230306.mp4
2013-05-03 23:02 - 2013-05-11 12:29 - 71031828 ____N C:\Users\FRAZ\Desktop\20130503_230220.mp4
2013-04-30 10:44 - 2013-04-30 10:44 - 00001388 ____A C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 10:44 - 2013-04-30 10:44 - 00001388 ____A C:\ProgramData\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 10:44 - 2013-04-30 10:44 - 00001265 ____A C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 10:44 - 2013-04-30 10:44 - 00001265 ____A C:\ProgramData\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 10:44 - 2013-04-30 10:44 - 00000000 ____D C:\Users\FRAZ\Application Data\DVDVideoSoft
2013-04-30 10:44 - 2013-04-30 10:44 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\DVDVideoSoft
2013-04-30 10:44 - 2013-04-30 10:44 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-04-30 10:44 - 2011-10-09 15:29 - 00000000 ____D C:\Users\FRAZ\Documents\DVDVideoSoft
2013-04-30 10:22 - 2011-10-09 15:34 - 00000349 ____A C:\Users\Public\Documents\PCLECHAL.INI
2013-04-30 10:22 - 2011-10-09 15:34 - 00000349 ____A C:\ProgramData\Documents\PCLECHAL.INI
2013-04-30 10:21 - 2011-10-09 15:34 - 00000000 ____D C:\Users\Public\Documents\Pinnacle
2013-04-30 10:21 - 2011-10-09 15:34 - 00000000 ____D C:\ProgramData\Documents\Pinnacle
2013-04-30 10:21 - 2011-10-09 12:06 - 00000000 ____D C:\Users\FRAZ\Documents\Pinnacle Studio
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2009-07-14 00:56] - [2009-07-14 02:39] - 2868224 ____A (Microsoft Corporation) 22424AE68280D6FDE95CD40F2D238049
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-14 14:58
==================== End Of Log ============================
 
. . Continued again (Because Techspot keeps freezing due to a "Long running script")

Additional Scan LOG:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2013 01
Ran by FRAZ at 2013-05-29 18:11:29 Run:
Running from C:\Users\FRAZ\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================
µTorrent (Version: 1.8.0)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Accounts (Version: 15.0.11.159)
ACDSee Pro 5 (Version: 5.0.110)
ACDSee Pro 6 (Version: 6.0.169)
Acronis True Image Home (Version: 13.0.5055)
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS (Version: CS)
Adobe Photoshop Lightroom 4.3 64-bit (Version: 4.3.1)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Any Audio Converter 3.2.7
AVS Video Converter 7
BIAS SoundSoap PE 2.1 (Version: 2.1.1)
Boris Graffiti (Version: 5.20.200)
BrowserProtect
Bundled software uninstaller
CSMenu 1.1 (Version: 1.1)
DAEMON Tools Toolbar (Version: 1.1.8.0285)
Delta Chrome Toolbar
Delta toolbar (Version: 1.8.16.16)
DVD Shrink 3.2
EasyBCD 2.1 (Version: 2.1)
Epson Print CD (Version: 2.00.00)
EPSON Printer Software
Extensis PhotoTools 3.0
Family Tree Maker 2006
Free Video Flip and Rotate version 2.1.7.426 (Version: 2.1.7.426)
Free YouTube to MP3 Converter version 3.9.40.602
Garmin City Navigator Europe NT 2012.20 Update (Version: 15.20.0.0)
Garmin City Navigator Europe NT v9 (Version: 9.0.0.0)
Garmin City Navigator Europe NT+ v8.02 (Version: 8.0.2.0)
Garmin MapSource (Version: 6.15.7.0)
Garmin USB Drivers (Version: 2.3.1.0)
Genie Backup Manager Pro 8.0
Google Earth (Version: 6.2.2.6613)
HD Tune 2.54
ImgBurn (Version: 2.5.5.0)
ImTOO DVD Creator (Version: 7.0.3.1214)
iReboot 1.1.1 (Version: 1.1.1)
Java 7 Update 11 (Version: 7.0.110)
Java Auto Updater (Version: 2.1.9.0)
Kaspersky Internet Security 2013 (Version: 13.0.1.4190)
K-Lite Codec Pack 2.54 Full (Version: 2.54)
Knoll Light Factory EZ Studio
Macromedia Dreamweaver MX 2004 (Version: 7.0)
Macromedia Extension Manager (Version: 1.5)
Magic Bullet Looks Studio
Magic ISO Maker v5.5 (build 0265)
Magical Jelly Bean KeyFinder (Version: 2.0.9.5)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MediaInfo 0.7.61 (Version: 0.7.61)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Money 2004 (Version: 12.0.120)
Microsoft Money 2004 System Pack (Version: 12.0.120)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MKV File Player
MKV Player 2.1
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
Mp3tag v2.54 (Version: v2.54)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero Burning ROM 10 (Version: 10.2.11000.12.100)
Nero Burning ROM 10 (Version: 10.5.10300)
Nero BurningROM 10 Help (CHM) (Version: 10.5.10100)
Nero BurnRights 10 Help (CHM) (Version: 10.5.10000)
Nero Control Center 10 (Version: 10.2.10600.0.6)
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000)
Nero Core Components 10 (Version: 2.0.17400.8.2)
NVIDIA 3D Vision Driver 314.07 (Version: 314.07)
NVIDIA Control Panel 314.07 (Version: 314.07)
NVIDIA Graphics Driver 314.07 (Version: 314.07)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1407)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
Pinnacle Instant DVD Recorder (Version: 2.00.088)
Pinnacle Studio 14 (Version: 14.0.0.7255)
Pinnacle Studio Ultimate Collection Plugins (Version: 14.0.0.7255)
Pinnacle Video Driver (Version: 12.1.0.030)
player (Version: 1.00.0)
PowerISO
proDAD Heroglyph 2.5
proDAD Vitascene 1.0
Product Key Explorer 3.1.9
Red Giant ToonIt Studio
Sage 50 Accounts 2009 (Version: 15.0.11.159)
SDFormatter (Version: 3.1.0)
Serif PagePlus X5 (Version: 15.0.2.023)
Software Version Updater (Version: 1.1.3.5)
Studio 11 (Version: 11.0)
Studio 11 (Version: 11.0.0.0)
Studio 11 Bonus DVD (Version: 11.0.0.0)
Studio Ultimate (Version: 11.00.0013)
Trapcode 3DStroke Studio
Trapcode Particular Studio
TreeSize Professional 3.03
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Manager for SweetPacks 1.1 (Version: 1.1.0008)
WinBubble (Version: 2.0.1.32)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
WinRAR archiver
WinX Blu-ray Decrypter 3.2.0
Yahoo! Desktop Login (Version: 1.00.0001)
YTD YouTube Downloader & Converter 3.6
==================== Restore Points =========================
Could not list Restore Points.
==================== Faulty Device Manager Devices =============
Could not list devices.
==================== Event log errors: =========================
Could not start eventlog service, could not read events.

==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 8190.05 MB
Available physical RAM: 7061.09 MB
Total Pagefile: 16378.26 MB
Available Pagefile: 15287 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (130 GIG - SAT1 - WIN 7) (Fixed) (Total:136.72 GB) (Free:10.54 GB) NTFS (Disk=0 Partition=1)
Drive d: (96 gig ) (Fixed) (Total:96.16 GB) (Free:2.53 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: ( 10 GIG - SATA 1 - Win XP) (Fixed) (Total:9.77 GB) (Free:3.07 GB) NTFS (Disk=1 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive f: (700 GIG - SATA 1 - Misc) (Fixed) (Total:701.04 GB) (Free:7.83 GB) NTFS (Disk=1 Partition=4)
Drive m: (100 GIG - SATA 1 - WIN 7) (Fixed) (Total:100.59 GB) (Free:66.46 GB) NTFS (Disk=1 Partition=2)
Drive n: (120 GIG - SATA 1 - Win8) (Fixed) (Total:120.11 GB) (Free:12.18 GB) NTFS (Disk=1 Partition=3)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 2D531A81)
Partition 1: (Not Active) - (Size=137 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=96 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: B597786B)
Partition 1: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=101 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=120 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=701 GB) - (Type=OF Extended)
==================== End Of Log ============================
 
Don't know if it's relevant but no icons would open with a double click once I'd run rkill, they had to be right cliked to open.

also, there was this txt file called "Result" created on the desktop, I don't know where it came from:

The Windows Event Log service is starting.
The Windows Event Log service could not be started.
A system error has occurred.
System error 5 has occurred.
Access is denied.

as usual, I will await your comment / instruction :)
 
I can see couple of issues there.
There is still some infection left, which we'll fix in next step.

rKill shows number of unsigned system files.
I'll include fixes for those as well.

I still suspect though that we have some major system files corruption here.

================================

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Try to boot to normal/safe mode and let me know.

If still same issue post new rKill and FRST logs.
 

Attachments

  • fixlist.txt
    1.4 KB · Views: 2
Did the FRST Fix, but after it ran the PC still won't stay on. Now, just before the "Win will restart" message, all the decktop icons blink and come back as "Generic" icons and as they start to change back to the correct icons, the system restarts.

Here's the FRST FIX LOG:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-05-2013 01
Ran by FRAZ at 2013-05-29 18:59:57 Run:5
Running from C:\Users\FRAZ\Desktop
Boot Mode: Normal
==============================================
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7AAAD6F0-67E7-4FCD-872C-C967C82C2AC2} => Key deleted successfully.
HKCR\CLSID\{7AAAD6F0-67E7-4FCD-872C-C967C82C2AC2} => Key not found.
BrowserProtect => Service deleted successfully.
C:\ProgramData\BrowserProtect => File/Directory not found.
Gpstetexysm => Service deleted successfully.
C:\Windows\SysWOW64\d3d9.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_1e425e4c7a773ca0\d3d9.dll copied successfully to C:\Windows\SysWOW64\d3d9.dll
C:\Windows\System32\drivers\afd.sys => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys copied successfully to C:\Windows\System32\drivers\afd.sys
C:\Windows\System32\drivers\usbhub.sys => Moved successfully.
C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7600.16385_none_26ed589d28235a16\usbhub.sys copied successfully to C:\Windows\System32\drivers\usbhub.sys
C:\Windows\System32\mshtml.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_89f24b7ab2dc7a40\mshtml.dll copied successfully to C:\Windows\System32\mshtml.dll
C:\Windows\System32\qmgr.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll copied successfully to C:\Windows\System32\qmgr.dll
C:\Windows\explorer.exe => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe copied successfully to C:\Windows\explorer.exe
==== End of Fixlog ====

I then ran rkill, here's the LOG:

Rkill 2.5.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 05/29/2013 07:08:12 PM in x64 mode.
Windows Version: Windows 7 Ultimate
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\explorer.exe (PID: 4032) [WD-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* Plug and Play (PlugPlay) is not Running.
Startup Type set to: Automatic
* Plug and Play (RpcSs) is not Running.
Startup Type set to: Automatic
* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)
* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)
Searching for Missing Digital Signatures:
* C:\Windows\System32\d3d9.dll [NoSig]
+-> C:\Windows\SysWOW64\d3d9.dll : 2,065,920 : 07/14/2009 00:40 AM : c186c9b2015ea03bffc25fbcb06e429c [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_1e425e4c7a773ca0\d3d9.dll : 2,065,920 : 07/14/2009 00:40 AM : c186c9b2015ea03bffc25fbcb06e429c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_c223c2c8c219cb6a\d3d9.dll : 1,826,816 : 07/14/2009 00:15 AM : 7459301d21c2e21468823f73042d9f87 [Pos Repl]
* C:\Windows\System32\qmgr.dll [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll : 848,384 : 07/14/2009 00:41 AM : a61d1262cb20fc60a68ebe3d10ba145a [Pos Repl]
* C:\Windows\explorer.exe [NoSig]
+-> C:\Windows\SysWOW64\explorer.exe : 2,613,248 : 07/14/2009 00:14 AM : 15bc38a7492befe831966adb477cf76f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe : 2,868,224 : 07/14/2009 00:39 AM : 22424ae68280d6fde95cd40f2d238049 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe : 2,868,224 : 08/03/2009 00:17 AM : f170b4a061c9e026437b193b4d571799 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe : 2,870,272 : 10/31/2009 00:34 AM : 9aaaec8dac27aa17b053e6352ad233ae [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe : 2,870,272 : 02/26/2011 00:23 AM : 0862495e0c825893db75ef44faea8e93 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe : 2,868,224 : 08/03/2009 00:19 AM : 700073016dac1c3d2e7e2ce4223334b6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe : 2,870,272 : 10/31/2009 00:38 AM : b8ec4bd49ce8f6fc457721bfc210b67f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe : 2,870,784 : 02/26/2011 00:26 AM : e38899074d4951d31b4040e994dd7c8d [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe : 2,871,808 : 02/25/2011 00:19 AM : 332feab1435662fc6c672e25beb37be3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe : 2,871,808 : 02/26/2011 00:14 AM : 3b69712041f3d63605529bd66dc00c48 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe : 2,613,248 : 07/14/2009 00:14 AM : 15bc38a7492befe831966adb477cf76f [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe : 2,613,248 : 08/03/2009 00:35 AM : b95eeb0f4e5efbf1038a35b3351cf047 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe : 2,614,272 : 10/31/2009 00:45 AM : 2626fc9755be22f805d3cfa0ce3ee727 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe : 2,614,784 : 02/26/2011 00:33 AM : 2af58d15edc06ec6fdacce1f19482bbf [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe : 2,613,248 : 08/03/2009 00:49 AM : 9ff6c4c91a3711c0a3b18f87b08b518d [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe : 2,614,272 : 10/31/2009 00:00 AM : c76153c7eca00fa852bb0c193378f917 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe : 2,614,784 : 02/26/2011 00:51 AM : 255cf508d7cfb10e0794d6ac93280bd8 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe : 2,616,320 : 02/25/2011 00:30 AM : 8b88ebbb05a0e56b7dcc708498c02b3e [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe : 2,616,320 : 02/26/2011 00:19 AM : 0fb9c74046656d1579a64660ad67b746 [Pos Repl]
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 activate.adobe.com
Program finished at: 05/29/2013 07:08:22 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)
continued in next post . . .
 
Continued from last post . . .

And then I ran FRST64, here's the LOG:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-05-2013 01
Ran by FRAZ (administrator) on 29-05-2013 19:09:05
Running from C:\Users\FRAZ\Desktop
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ACPW06EN] "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" /pid ACPW06EN [1231992 2012-08-31] (ACD Systems)
HKCU\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" [267056 2011-10-09] (BitTorrent, Inc.)
HKCU\...\Run: [EPSON Stylus Photo R220 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAIA.EXE /FU "C:\Windows\TEMP\E_S6681.tmp" /EF "HKCU" [148 2012-12-16] ()
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2012-11-13] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [ACPW05EN] "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN [822384 2011-09-20] (ACD Systems)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Start Menu\Programs\Startup\iReboot 1.1.1.lnk
ShortcutTarget: iReboot 1.1.1.lnk -> C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe (NeoSmart Technologies)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU SearchScopes: DefaultScope {829EA780-935C-4A2F-92FC-73E858B5C6E1} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {829EA780-935C-4A2F-92FC-73E858B5C6E1} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
PDF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\FRAZ\AppData\Roaming\Mozilla\Firefox\Profiles\usfkuo0s.default
FF Homepage: user_pref("browser.startup.homepage", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin-x32: google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
==================== Services (Whitelisted) =================
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [891432 2009-09-12] (Acronis)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2012-09-15] ()
S2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2011-10-09] (Acronis)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-13] (Kaspersky Lab ZAO)
S3 BITS; C:\Windows\System32\qmgr.dll [848384 2009-07-14] ()
S2 iReboot; C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe [17408 2009-09-15] ()
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2012-09-15] ()
S2 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-09-17] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-09-17] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55056 2013-04-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 WimFltr; C:\Windows\SysWow64\DRIVERS\wimfltr.sys [128104 2006-11-02] (Microsoft Corporation)
R0 snapman; system32\DRIVERS\snapman.sys [x]
R0 tdrpman251; system32\DRIVERS\tdrpm251.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-05-29 19:08 - 2013-05-29 19:08 - 00012088 ____A C:\Users\FRAZ\Desktop\Rkill.txt
2013-05-29 18:11 - 2013-05-29 18:11 - 00010543 ____A C:\Users\FRAZ\Desktop\Addition.txt
2013-05-29 18:11 - 2013-05-29 18:11 - 00000184 ____A C:\Users\FRAZ\Desktop\Result.txt
2013-05-29 18:08 - 2013-05-29 18:08 - 00000000 ___SD C:\fraz
2013-05-29 18:04 - 2013-05-29 18:04 - 00000000 ____D C:\Users\FRAZ\Desktop\rkill
2013-05-29 18:00 - 2013-05-29 17:31 - 05073804 ____R (Swearware) C:\Users\FRAZ\Desktop\fraz.exe
2013-05-29 17:37 - 2013-05-29 17:13 - 00004602 ____A C:\Users\FRAZ\Desktop\combo fix - how to run etc.txt
2013-05-29 17:18 - 2013-05-29 17:18 - 01796736 ____A (Bleeping Computer, LLC) C:\Users\FRAZ\Desktop\rkill.exe
2013-05-29 01:25 - 2013-05-29 01:25 - 00000000 ____D C:\_OTL
2013-05-28 22:41 - 2013-05-28 22:41 - 00111160 ____A C:\OTL.Txt
2013-05-28 12:29 - 2013-05-27 23:21 - 00003946 ____A C:\Z - WINDOWS RECOVERY.txt
2013-05-28 04:18 - 2013-05-28 04:18 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-05-25 07:58 - 2013-05-23 11:17 - 01878472 ____A (Farbar) C:\Users\FRAZ\Desktop\FRST64.exe
2013-05-23 19:40 - 2013-05-25 17:15 - 00000000 ____D C:\FRST
2013-05-23 14:40 - 2013-05-23 14:40 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\FRAZ\Desktop\tdsskiller.exe
2013-05-23 14:24 - 2013-05-23 14:24 - 00000000 ____D C:\Windows\erdnt
2013-05-23 14:24 - 2013-05-23 14:24 - 00000000 ____D C:\Qoobox
2013-05-23 14:20 - 2013-05-23 14:12 - 00321416 ____A (ESET) C:\ESETSirefefCleaner.exe
2013-05-17 19:11 - 2013-05-17 19:11 - 00000000 __SHD C:\found.000
2013-05-16 14:21 - 2013-05-16 19:10 - 00000000 ____D C:\Users\FRAZ\Desktop\family photos spain
2013-05-15 07:28 - 2013-05-15 07:28 - 00300768 ____A C:\Windows\Minidump\051513-27908-01.dmp
2013-05-13 00:03 - 2013-05-13 00:04 - 00000000 ____D C:\Users\FRAZ\Desktop\Panasonic Camcorder photo test
2013-05-12 23:54 - 2013-05-12 23:55 - 00000000 ____D C:\Users\FRAZ\Desktop\FashionRingtones
2013-05-12 16:04 - 2013-05-12 16:04 - 00000952 ____A C:\Users\FRAZ\Desktop\HD Tune.lnk
2013-05-12 16:04 - 2013-05-12 16:04 - 00000000 ____D C:\Program Files (x86)\HD Tune
2013-05-11 12:29 - 2013-05-11 12:34 - 00000000 ____D C:\Users\FRAZ\Desktop\moby northern
2013-05-11 12:29 - 2013-05-03 23:58 - 09093237 ____N C:\Users\FRAZ\Desktop\20130503_235820.mp4
2013-05-11 12:29 - 2013-05-03 23:05 - 245591627 ____N C:\Users\FRAZ\Desktop\20130503_230306.mp4
2013-05-11 12:29 - 2013-05-03 23:02 - 71031828 ____N C:\Users\FRAZ\Desktop\20130503_230220.mp4
2013-05-11 10:16 - 2013-05-11 10:16 - 00000000 ___HD C:\Users\Public\[Originals]
2013-05-11 09:54 - 2013-05-11 09:54 - 00000000 ____D C:\Users\FRAZ\Documents\Adobe
2013-05-11 09:48 - 2013-05-11 09:48 - 00002077 ____A C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 09:48 - 2013-05-11 09:48 - 00002077 ____A C:\ProgramData\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 09:36 - 2013-05-11 09:36 - 00000000 ____D C:\Users\FRAZ\Desktop\Adobe
2013-05-09 08:17 - 2013-05-09 08:17 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-09 08:17 - 2013-05-09 08:17 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-07 14:30 - 2013-05-07 14:30 - 00001072 ____A C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 14:30 - 2013-05-07 14:30 - 00001072 ____A C:\ProgramData\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 14:30 - 2013-05-07 14:30 - 00000000 ____D C:\ProgramData\YTD YouTube Downloader & Converter
2013-05-07 14:30 - 2013-05-07 14:30 - 00000000 ____D C:\ProgramData\Application Data\YTD YouTube Downloader & Converter
2013-04-30 10:44 - 2013-04-30 10:44 - 00001388 ____A C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 10:44 - 2013-04-30 10:44 - 00001388 ____A C:\ProgramData\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 10:44 - 2013-04-30 10:44 - 00001265 ____A C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 10:44 - 2013-04-30 10:44 - 00001265 ____A C:\ProgramData\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 10:44 - 2013-04-30 10:44 - 00000000 ____D C:\Users\FRAZ\Application Data\DVDVideoSoft
2013-04-30 10:44 - 2013-04-30 10:44 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\DVDVideoSoft
2013-04-30 10:44 - 2013-04-30 10:44 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
==================== One Month Modified Files and Folders =======
2013-05-29 19:08 - 2013-05-29 19:08 - 00012088 ____A C:\Users\FRAZ\Desktop\Rkill.txt
2013-05-29 19:08 - 2011-10-08 22:41 - 02068570 ____A C:\Windows\WindowsUpdate.log
2013-05-29 19:08 - 2009-07-14 06:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-29 19:05 - 2012-09-15 09:17 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-05-29 19:05 - 2012-09-15 09:17 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab
2013-05-29 19:05 - 2011-10-09 00:31 - 00000000 ____D C:\Users\FRAZ\Application Data\uTorrent
2013-05-29 19:05 - 2011-10-09 00:31 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\uTorrent
2013-05-29 19:05 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-29 19:04 - 2011-10-08 23:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-29 19:04 - 2011-10-08 23:59 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA
2013-05-29 19:04 - 2003-12-01 13:31 - 00072120 ____A C:\Windows\setupact.log
2013-05-29 18:11 - 2013-05-29 18:11 - 00010543 ____A C:\Users\FRAZ\Desktop\Addition.txt
2013-05-29 18:11 - 2013-05-29 18:11 - 00000184 ____A C:\Users\FRAZ\Desktop\Result.txt
2013-05-29 18:08 - 2013-05-29 18:08 - 00000000 ___SD C:\fraz
2013-05-29 18:04 - 2013-05-29 18:04 - 00000000 ____D C:\Users\FRAZ\Desktop\rkill
2013-05-29 17:31 - 2013-05-29 18:00 - 05073804 ____R (Swearware) C:\Users\FRAZ\Desktop\fraz.exe
2013-05-29 17:18 - 2013-05-29 17:18 - 01796736 ____A (Bleeping Computer, LLC) C:\Users\FRAZ\Desktop\rkill.exe
2013-05-29 17:13 - 2013-05-29 17:37 - 00004602 ____A C:\Users\FRAZ\Desktop\combo fix - how to run etc.txt
2013-05-29 01:25 - 2013-05-29 01:25 - 00000000 ____D C:\_OTL
2013-05-28 22:41 - 2013-05-28 22:41 - 00111160 ____A C:\OTL.Txt
2013-05-28 18:46 - 2011-10-08 22:41 - 00000000 ____D C:\users\FRAZ
2013-05-28 04:18 - 2013-05-28 04:18 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-05-27 23:21 - 2013-05-28 12:29 - 00003946 ____A C:\Z - WINDOWS RECOVERY.txt
2013-05-25 17:15 - 2013-05-23 19:40 - 00000000 ____D C:\FRST
2013-05-25 08:03 - 2003-12-01 13:31 - 00036866 ____A C:\Windows\PFRO.log
2013-05-23 14:40 - 2013-05-23 14:40 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\FRAZ\Desktop\tdsskiller.exe
2013-05-23 14:24 - 2013-05-23 14:24 - 00000000 ____D C:\Windows\erdnt
2013-05-23 14:24 - 2013-05-23 14:24 - 00000000 ____D C:\Qoobox
2013-05-23 14:12 - 2013-05-23 14:20 - 00321416 ____A (ESET) C:\ESETSirefefCleaner.exe
2013-05-23 11:17 - 2013-05-25 07:58 - 01878472 ____A (Farbar) C:\Users\FRAZ\Desktop\FRST64.exe
2013-05-23 10:54 - 2011-10-09 09:44 - 00000000 ____D C:\Users\FRAZ\Local Settings\Application Data\ACD Systems
2013-05-23 10:54 - 2011-10-09 09:44 - 00000000 ____D C:\Users\FRAZ\AppData\Local\ACD Systems
2013-05-17 19:30 - 2009-07-14 00:38 - 00129024 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys
2013-05-17 19:28 - 2009-07-14 01:10 - 00845824 ____A (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-05-17 19:27 - 2009-07-14 00:28 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-05-17 19:25 - 2009-07-14 00:49 - 01065984 ____A (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2013-05-17 19:14 - 2009-07-14 00:25 - 01898576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-05-17 19:13 - 2009-07-14 00:20 - 01659984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-05-17 19:11 - 2013-05-17 19:11 - 00000000 __SHD C:\found.000
2013-05-17 09:57 - 2009-07-14 05:45 - 00015504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-17 09:57 - 2009-07-14 05:45 - 00015504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-17 09:47 - 2012-09-15 16:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-16 19:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-05-16 19:42 - 2011-10-09 00:03 - 00000000 ____D C:\Users\FRAZ\Application Data\Adobe
2013-05-16 19:42 - 2011-10-09 00:03 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\Adobe
2013-05-16 19:10 - 2013-05-16 14:21 - 00000000 ____D C:\Users\FRAZ\Desktop\family photos spain
2013-05-15 17:47 - 2012-09-15 16:19 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 17:47 - 2012-09-15 16:19 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-15 07:28 - 2013-05-15 07:28 - 00300768 ____A C:\Windows\Minidump\051513-27908-01.dmp
2013-05-15 07:28 - 2012-11-19 12:00 - 00000000 ____D C:\Windows\Minidump
2013-05-13 07:50 - 2009-07-14 06:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-13 00:04 - 2013-05-13 00:03 - 00000000 ____D C:\Users\FRAZ\Desktop\Panasonic Camcorder photo test
2013-05-12 23:55 - 2013-05-12 23:54 - 00000000 ____D C:\Users\FRAZ\Desktop\FashionRingtones
2013-05-12 16:04 - 2013-05-12 16:04 - 00000952 ____A C:\Users\FRAZ\Desktop\HD Tune.lnk
2013-05-12 16:04 - 2013-05-12 16:04 - 00000000 ____D C:\Program Files (x86)\HD Tune
2013-05-11 12:34 - 2013-05-11 12:29 - 00000000 ____D C:\Users\FRAZ\Desktop\moby northern
2013-05-11 10:16 - 2013-05-11 10:16 - 00000000 ___HD C:\Users\Public\[Originals]
2013-05-11 09:54 - 2013-05-11 09:54 - 00000000 ____D C:\Users\FRAZ\Documents\Adobe
2013-05-11 09:54 - 2011-10-09 12:54 - 00000000 ____D C:\Users\FRAZ\Local Settings\Application Data\Adobe
2013-05-11 09:54 - 2011-10-09 12:54 - 00000000 ____D C:\Users\FRAZ\AppData\Local\Adobe
2013-05-11 09:48 - 2013-05-11 09:48 - 00002077 ____A C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 09:48 - 2013-05-11 09:48 - 00002077 ____A C:\ProgramData\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 09:48 - 2011-10-09 12:59 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-05-11 09:48 - 2011-10-09 00:54 - 00000000 ____D C:\ProgramData\Application Data\Adobe
2013-05-11 09:48 - 2011-10-09 00:54 - 00000000 ____D C:\ProgramData\Adobe
2013-05-11 09:47 - 2011-10-09 13:00 - 00000000 ____D C:\Program Files\Adobe
2013-05-11 09:36 - 2013-05-11 09:36 - 00000000 ____D C:\Users\FRAZ\Desktop\Adobe
2013-05-09 08:17 - 2013-05-09 08:17 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-09 08:17 - 2013-05-09 08:17 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-07 14:30 - 2013-05-07 14:30 - 00001072 ____A C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 14:30 - 2013-05-07 14:30 - 00001072 ____A C:\ProgramData\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 14:30 - 2013-05-07 14:30 - 00000000 ____D C:\ProgramData\YTD YouTube Downloader & Converter
2013-05-07 14:30 - 2013-05-07 14:30 - 00000000 ____D C:\ProgramData\Application Data\YTD YouTube Downloader & Converter
2013-05-07 14:30 - 2011-10-09 09:37 - 00000000 ____D C:\Program Files (x86)\YouTube Downloader
2013-05-03 23:58 - 2013-05-11 12:29 - 09093237 ____N C:\Users\FRAZ\Desktop\20130503_235820.mp4
2013-05-03 23:05 - 2013-05-11 12:29 - 245591627 ____N C:\Users\FRAZ\Desktop\20130503_230306.mp4
2013-05-03 23:02 - 2013-05-11 12:29 - 71031828 ____N C:\Users\FRAZ\Desktop\20130503_230220.mp4
2013-04-30 10:44 - 2013-04-30 10:44 - 00001388 ____A C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 10:44 - 2013-04-30 10:44 - 00001388 ____A C:\ProgramData\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 10:44 - 2013-04-30 10:44 - 00001265 ____A C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 10:44 - 2013-04-30 10:44 - 00001265 ____A C:\ProgramData\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 10:44 - 2013-04-30 10:44 - 00000000 ____D C:\Users\FRAZ\Application Data\DVDVideoSoft
2013-04-30 10:44 - 2013-04-30 10:44 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\DVDVideoSoft
2013-04-30 10:44 - 2013-04-30 10:44 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-04-30 10:44 - 2011-10-09 15:29 - 00000000 ____D C:\Users\FRAZ\Documents\DVDVideoSoft
2013-04-30 10:22 - 2011-10-09 15:34 - 00000349 ____A C:\Users\Public\Documents\PCLECHAL.INI
2013-04-30 10:22 - 2011-10-09 15:34 - 00000349 ____A C:\ProgramData\Documents\PCLECHAL.INI
2013-04-30 10:21 - 2011-10-09 15:34 - 00000000 ____D C:\Users\Public\Documents\Pinnacle
2013-04-30 10:21 - 2011-10-09 15:34 - 00000000 ____D C:\ProgramData\Documents\Pinnacle
2013-04-30 10:21 - 2011-10-09 12:06 - 00000000 ____D C:\Users\FRAZ\Documents\Pinnacle Studio
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2009-07-14 00:56] - [2009-07-14 02:39] - 2868224 ____A (Microsoft Corporation) 22424AE68280D6FDE95CD40F2D238049
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-14 14:58
==================== End Of Log ============================
 
At this point we can dismiss infection as a culprit.
Still it was most likely the infection which caused Windows corruption.

We'll try three options.

1. Boot back to System Recovery Options and try "Startup Repair".

If that doesn't work boot back normally and...

2. Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22002979.gif




Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22002980.gif



Go to Step 4 and under "System Restore" click on Create button:

p22002982.gif



Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22003030.gif


Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

If you can't run it or it doesn't fix the issue our last option is Windows repair installation...

3. http://www.sevenforums.com/tutorials/3413-repair-install.html
 
Windows Repair AIO installed ok but wouldn't run. (I tried the mobile version too but with the same error result)

"Failed to load 'Control IvButtons_H' from. The version may be outdated.

I was trying to avoid doing the windows repair option because I need to keep my Windows Mail folders intact and all the stuff on my desktop. Whenever I've run it in the past, it over writes things like this. :'(

If it wasn't for loosing my Winmail folders, rules etc etc I'd have done that from the start. Are there any other options left in your bag of tricks? :D
 
Unfortunately at this point I don't see any other option.
Since you can get to Windows you should be able to backup your mail.
 
Tried to do the repair install but even that will not work! :eek: :'(

"Windows encountered an internal error while initialising COM." is all I get, after it has loaded the temporary files

Tried doing the method above (7forums) and also tried "Repair" from boot DVD (This only gives startup repair option)

Gutted!

good news is that on the affected os drive, I've got web access (Though still nothing in Device Manager and IE9 will not open)

Have I really got to do a clean install?
 
If repair installation didn't work I see no other option but to reinstall Windows.
 
Trying every angle but repair just will not work.

Booted up and chose "Repair" whilst DVD was in the drive. It seemed t obe doing more than a "Start up repair" and then it came up with this, as the only error:

Root cause found:
---------------------------
Unspecified changes to system configuration might have caused the problem.
Repair action: System files integrity check and repair
Result: Failed. Error code = 0x2

Does this info give any hope of repair without a full wipe & reload?
 
Just a thought but what would happen if I simply copied the contents of the "Windows" Folder from this working drive and pasted them into the affected drive's Windows folder?

After all, they are both Windows 7 x64 and running on the same pc now
 
Repair action: System files integrity check and repair
Result: Failed. Error code = 0x2
Click to expand...
It's fairly clear. Your Windows installation is beyond repair as I already told you.

Now these kind of issues may be a sign of a failing hard drive.
Before you even attempt reinstallation I'd strongly suggest...

Run hard drive diagnostics: http://www.bleepingcomputer.com/forums/topic28744.html/page__view__findpost__p__160520
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.
For Toshiba hard drives, see here: http://storage.toshiba.com/storage-services-support/warranty-support/software-utilities#diagnostic

Note : If you do not know how to set your computer to boot from CD follow the steps here
 
Sorry, I couldn't see where you'd said previously, that it was "Beyond repair" - hence my asking. :confused:

We already did the chkdsk didn't we, so I guess the HD is ok.

I'll do a clean install.

Thanks for your assist with this unsolved problem, I'll formally retire from the thread now.
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni

Latest posts

Back