[Inactive] Folders with random names

[jigilits1231]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by Thom at 2014-09-11 20:39:51 Run:1
Running from C:\Users\Thom\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Toolbar: HKLM - AdventureQuest Worlds Toolbar - {3385E2D6-567B-4FC6-8F0F-D7A8C6E6118C} - C:\Program Files\AdventureQuest Worlds Toolbar\Toolbar.dll No File
FF SearchPlugin: C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\mdydyq0n.default\searchplugins\keepmysearch.xml
C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\mdydyq0n.default\searchplugins\keepmysearch.xml
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 catchme; \??\C:\Users\Thom\AppData\Local\Temp\catchme.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [X]
S3 XDva407; \??\C:\Windows\system32\XDva407.sys [X]
C:\Users\Thom\AppData\Local\temp\avgnt.exe
C:\Users\Thom\AppData\Local\temp\Quarantine.exe
Task: {0C86CB32-6095-4733-AEF0-26333C263274} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {113B59E2-BD17-4E76-9C69-B31458B43325} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {2C5D8CB4-7CE5-44D9-9324-A3F28AB204F0} - System32\Tasks\UNELEVATE_17873 => C:\Program Files\ShopperPro\JSDriver\1.37.0.193\jsdrv.exe <==== ATTENTION
Task: {4601939D-1410-47FA-B989-85B0D0DCF03E} - \SPBIW_UpdateTask_Time_343230333937333236352d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {54B896B8-8129-4925-900B-5731FDBF7FFB} - System32\Tasks\Oxy Updater => C:\Users\Thom\AppData\Roaming\Oxy\Loader.exe <==== ATTENTION
Task: {AE9710D6-2386-4F1F-8A59-070E0786E0B0} - System32\Tasks\UNELEVATE_1037 => C:\Program Files\ShopperPro\JSDriver\1.37.0.193\jsdrv.exe <==== ATTENTION
Task: {B1651341-FF4F-4FF6-8DC3-536927310354} - System32\Tasks\YTDownloaderUpd => C:\Program Files\YTDownloader\updater.exe <==== ATTENTION
Task: {F3FAD908-F413-4A5B-9384-893502869F0A} - System32\Tasks\UNELEVATE_9385 => C:\Program Files\ShopperPro\JSDriver\1.37.0.193\jsdrv.exe <==== ATTENTION

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3385E2D6-567B-4FC6-8F0F-D7A8C6E6118C} => value deleted successfully.
"HKCR\CLSID\{3385E2D6-567B-4FC6-8F0F-D7A8C6E6118C}" => Key deleted successfully.
C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\mdydyq0n.default\searchplugins\keepmysearch.xml => Moved successfully.
"C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\mdydyq0n.default\searchplugins\keepmysearch.xml" => File/Directory not found.
rpcapd => Service deleted successfully.
catchme => Service deleted successfully.
EagleXNt => Service deleted successfully.
GGSAFERDriver => Service deleted successfully.
pwdrvio => Service deleted successfully.
RimUsb => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
XDva401 => Service deleted successfully.
XDva407 => Service deleted successfully.
C:\Users\Thom\AppData\Local\temp\avgnt.exe => Moved successfully.
C:\Users\Thom\AppData\Local\temp\Quarantine.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C86CB32-6095-4733-AEF0-26333C263274}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C86CB32-6095-4733-AEF0-26333C263274}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{113B59E2-BD17-4E76-9C69-B31458B43325}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{113B59E2-BD17-4E76-9C69-B31458B43325}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C5D8CB4-7CE5-44D9-9324-A3F28AB204F0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C5D8CB4-7CE5-44D9-9324-A3F28AB204F0}" => Key deleted successfully.
C:\Windows\System32\Tasks\UNELEVATE_17873 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UNELEVATE_17873" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4601939D-1410-47FA-B989-85B0D0DCF03E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4601939D-1410-47FA-B989-85B0D0DCF03E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_343230333937333236352d3437415a556c2a3223346c41" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54B896B8-8129-4925-900B-5731FDBF7FFB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54B896B8-8129-4925-900B-5731FDBF7FFB}" => Key deleted successfully.
C:\Windows\System32\Tasks\Oxy Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Oxy Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE9710D6-2386-4F1F-8A59-070E0786E0B0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE9710D6-2386-4F1F-8A59-070E0786E0B0}" => Key deleted successfully.
C:\Windows\System32\Tasks\UNELEVATE_1037 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UNELEVATE_1037" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B1651341-FF4F-4FF6-8DC3-536927310354}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1651341-FF4F-4FF6-8DC3-536927310354}" => Key deleted successfully.
C:\Windows\System32\Tasks\YTDownloaderUpd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3FAD908-F413-4A5B-9384-893502869F0A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3FAD908-F413-4A5B-9384-893502869F0A}" => Key deleted successfully.
C:\Windows\System32\Tasks\UNELEVATE_9385 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UNELEVATE_9385" => Key deleted successfully.

==== End of Fixlog ====

[Broni]

Good

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
  
  
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Internet Explorer users - Click on this link to open ESET OnlineScan.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  
  
  • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the [img=http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png] icon on your desktop.
  
  
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.[/*]
• Check "Enable detection of potentially unwanted applications".
• Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
  Do NOT checkmark "Use custom proxy settings"
• Click the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats[/*]
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

[Broni]

Still with me?

[jigilits1231]

.

[jigilits1231]

Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 55
Java version out of Date!
Adobe Flash Player 15.0.0.152
Mozilla Firefox (31.0)
Google Chrome 36.0.1985.143
Google Chrome 37.0.2062.103
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

[jigilits1231]

Farbar Service Scanner Version: 21-07-2014
Ran by Thom (administrator) on 16-09-2014 at 09:21:07
Running from "C:\Users\Thom\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

[jigilits1231]

C:\AdwCleaner\Quarantine\C\Program Files\WinZipper\winzipersvc.exe.vir a variant of Win32/ELEX.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\YTDownloader\Updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Thom\AppData\Roaming\eIntaller\90FE83703A1D49428A6EDA67B0CEF43D\eGdpSvc.exe.vir Win32/ELEX.F potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Thom\AppData\Roaming\Oxy\Updater.exe.vir MSIL/Adware.OxyPumper.B application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Tbccint\IE\CT3327997\UninstallerUI.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Tbccint\Multi\CT3327997\UninstallerUI.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Qoobox\Quarantine\C\Users\Thom\AppData\Local\Tbccint\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\Qoobox\Quarantine\C\Users\Thom\AppData\Local\Tbccint\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\Users\Thom\AppData\Local\Chromium\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_0\background.js Win32/BrowseFox.B potentially unwanted application deleted - quarantined
C:\Users\Thom\AppData\Local\Chromium\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_0\content.js Win32/BrowseFox.B potentially unwanted application deleted - quarantined
C:\Users\Thom\AppData\Local\Chromium\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\flavour.js Win32/SweetIM.J potentially unwanted application deleted - quarantined
C:\Users\Thom\AppData\Local\Chromium\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\newtab.js Win32/SweetIM.J potentially unwanted application deleted - quarantined
C:\Users\Thom\AppData\Local\Chromium\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\toolbar.js Win32/SweetIM.J potentially unwanted application deleted - quarantined
C:\Users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\mdydyq0n.default\extensions\firefox@luckyleap.net\chrome\content\overlay.js Win32/BrowseFox.B potentially unwanted application deleted - quarantined
C:\Users\Thom\Downloads\Brothersoft_downloader_For_Cross_Fire.exe a variant of Win32/BSDownloader potentially unwanted application deleted - quarantined
C:\Users\Thom\Downloads\cbsidlm-cbsi134-Free_Sound_Recorder-ORG-10698910.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\Thom\Downloads\CheatEngine62.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\Thom\Downloads\clipgrab-3.4.1.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\Thom\Downloads\FoxitReader602.0413_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\Users\Thom\Downloads\Programs\flashplayer14_install_win_pi.exe Win32/JoyDownloader.C potentially unwanted application deleted - quarantined
E:\Gelo\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application deleted - quarantined
E:\Gelo\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined
E:\Thomazing!\Set Up\avira_free_antivirus_en_2.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
E:\Thomazing!\Set Up\ccsetup326.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Thomazing!\Set Up\RemoteAdmin.rar Win32/RemoteAdmin potentially unsafe application deleted - quarantined
E:\Thomazing!\Set Up\MSOffice2010\MS OFFICE TOOLKIT.rar a variant of MSIL/HackKMS.A potentially unsafe application deleted - quarantined

[jigilits1231]

randaom.jpgHi Broni..Why rhe random filename folders still on my drive e:..I thought I'm clean..Please see attached file. Thank you.

[Broni]

It looks like system folders to me.

Open Windows Explorer. Go Tools>Folder Options>View tab, remove checkmark next to Show hidden files, and folders, checkmark Hide protected operating system files.
Press F5 key to refresh view.
Are the folders gone?

Update Firefox to the current 32.0.1 version.

Update your Java version here: http://www.java.com/en/download/manual.jsp
Alternate download: http://www.filehippo.com/search?q=java

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

[jigilits1231]

Hi Broni. We are at worst now!!!!I can not do your procedures anymore. After I posted my last post, I shutdown my desktop. Then my sister came and turned on our desktop to surf the net. Upon entering the main desktop of windows, there was an "American Stardard" window poped up and saying something like disk error messages. She just closed it and tried to surf the net but didn't manage to go online even our internet access works fine. She noticed that the PC is very slow so she reboot it. After that, its just plain black screen is what we see on the monitor. We tried to reboot again but still plain black screen appears. We can't do anything about it. What should we do? Please help.

[Broni]

NOTE 1. Use another working computer to download Farbar Recovery Scan Tool. Use USB flash drive to transfer it from good computer to the bad one.
NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• Startup Repair
• System Restore
• Windows Complete PC Restore
• Windows Memory Diagnostic Tool
• Command Prompt

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[jigilits1231]

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

I tried this, but still black screen and I lost my windows Installation disk as well.. =(

[Broni]

You actually may have hard drive issue.
You shouldn't be getting black screen when booting my way.

How far can you go using my instruction or you have black screen from the very beginning?

[jigilits1231]

after waiting an hour it popped up then we managed to have frst logs.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by SYSTEM on MININT-DOCDED3 on 19-09-2014 03:34:55
Running from f:\
Platform: WIN_7 (X86) OS Language: English (United States)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

ATTENTION: Software hive is missing.

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)


==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)


==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)


==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 3975.35 MB
Available physical RAM: 3523.07 MB
Total Pagefile: 3973.63 MB
Available Pagefile: 3533.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.72 MB

==================== Drives ================================

Drive f: (kager) (Removable) (Total:7.5 GB) (Free:0.01 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5D344508)
Partition 1: (Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=319.3 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 7.5 GB) (Disk ID: 911A0A32)
Partition 1: (Active) - (Size=7.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=32 KB) - (Type=21)

==================== End Of Log ============================

[Broni]

That doesn't look good...

• For x32 (x86) bit systems download ListParts to a USB flash drive.
• For x64 bit systems download ListParts64 to a USB flash drive.
• Plug the USB drive into the infected machine.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
  
  
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\listparts (for x64 bit version type e:\listparts64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• Press Scan button.
• It will make a log (Result.txt) on the flash drive. Please copy and paste it to your reply.