[Inactive-A] HELP!

Hi all
I sure do need some experts...waaay out of my league here.

NO CLKUTE what happened but a few days ago, I got some virus warnings. Then I could not get online at all. Tried for hrs and FINALLY just did a quick system date change to a few days earlier and SEEMED like I was okay. As an Xfinity customer, I went in today to install fee Norton AV and it claims the file is infected and was deleted. (Right0

The I came to this site and tried to DL the free AV suggested here and said that was infected and deelted.

NO CLUE what the name of this ' thing ' on my PC is ...please help
THX

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

You may be infected with ZeroAccess rootkit.
What Windows version is it?

win 7

Quote:

Originally Posted by laurelj

Hi all
I sure do need some experts...waaay out of my league here.

NO CLKUTE what happened but a few days ago, I got some virus warnings. Then I could not get online at all. Tried for hrs and FINALLY just did a quick system date change to a few days earlier and SEEMED like I was okay. As an Xfinity customer, I went in today to install fee Norton AV and it claims the file is infected and was deleted. (Right0

The I came to this site and tried to DL the free AV suggested here and said that was infected and deelted.

NO CLUE what the name of this ' thing ' on my PC is ...please help
THX

===========================

I have WIN 7

sends me here :

Quote:

Originally Posted by laurelj

===========================

I have WIN 7

Also- if I try to DL real av it claims it has a virus and they deleted it and sends me here :

http://windows.microsoft.com/en-US/w...rotect_viruses

Foillow the instructions at
http://discussions.virtualdr.com/sho...d-4-28-2013%29

If you need to have them downloaded on another computer and transfer them to yours. Using A USB memory stick, cd, etc.
Gots to get rid of the garbage so a av program can be installed.

Can't !

Quote:

Originally Posted by Train

Foillow the instructions at
http://discussions.virtualdr.com/sho...d-4-28-2013%29

If you need to have them downloaded on another computer and transfer them to yours. Using A USB memory stick, cd, etc.
Gots to get rid of the garbage so a av program can be installed.

OK Train ...I looked at those instructions. "IT" will not allow me to DL any of those things. Keeps claiming virus was detected and so deleted.

Will *try* to get access to another PC to do all this , but it wont be easy! So, are you saying, if I can get another PC, DL and USB, the 'thing' cannot stop me from ' dumping it' all into my PC the usb ?

THX

EDIT: Follow Broni's instruction in the next post.

Quote:

You may be infected with ZeroAccess rootkit.

I strongly advice you follow rules I posted especially:

Quote:

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

YIKES!

BRONI

Win installation disc? I doubt I even have that ? NO CLUE where that might be IF I +ever+ had it. I have WIN 7.

As for

32 or 64 ? Don't even know that!

I am afraid I simply don't know how/ cannot follow your instructions. (grrrrrr!) :eek::(
===================

BRONI

Win installation disc? I doubt I even have that ? NO CLUE where that might be IF I +ever+ had it. I have WIN 7.

As for

32 or 64 ? Don't even know that!

I am afraid I simply don't know how/ cannot follow your instructions. (grrrrrr!) :eek::(

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/QUOTE]

OK Broni...here goes nothing!

;)

can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by SYSTEM on 21-07-2013 09:37:35
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-18] ()
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-03-03] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [3478752 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] ()
HKU\laurelhome\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKU\laurelhome\...\Run: [Logitech Vid] - "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode [6129496 2011-01-12] (Logitech Inc.)
HKU\laurelhome\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{16cdf~1\browse~1.dll [2521552 2013-06-03] ()

==================== Services (Whitelisted) =================

S2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [3085264 2013-06-03] ()
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
S2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [1157240 2012-03-02] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [1157240 2012-03-02] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-03] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-03] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-03] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120307.002\IDSvia64.sys [488568 2012-03-06] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120307.002\IDSvia64.sys [488568 2012-03-06] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120308.002\ENG64.SYS [117880 2012-01-07] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120308.002\ENG64.SYS [117880 2012-01-07] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120308.002\EX64.SYS [2048632 2012-01-07] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120308.002\EX64.SYS [2048632 2012-01-07] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-01-07] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-21 05:33 - 2013-07-21 05:33 - 00003434 _____ C:\Windows\System32\Tasks\Browser Manager
2013-07-21 05:13 - 2013-07-21 05:13 - 00000000 ____D C:\FRST
2013-07-20 05:29 - 2013-07-20 05:29 - 00000000 ____D C:\Users\laurelhome\AppData\Roaming\Tific
2013-07-18 02:32 - 2013-07-18 15:49 - 00000000 ____D C:\ProgramData\8ed1d93e-4c6e-0000-d386-0c0060e123bc
2013-07-14 04:41 - 2013-07-14 04:41 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{868E3F65-8A3A-4BFD-86EC-8F9134A9BC1D}
2013-07-10 23:08 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 23:08 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 23:08 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 23:08 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 23:08 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 23:08 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 23:08 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 23:08 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 23:08 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 23:08 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 23:08 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 23:08 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 23:08 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 23:08 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 23:08 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 23:08 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 23:08 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 23:08 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 23:08 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 23:08 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 23:08 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 23:08 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 23:08 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 23:08 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 23:08 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 23:08 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-10 23:08 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 23:08 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 23:08 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 23:08 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 23:08 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 14:36 - 2013-07-10 14:36 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{6E94EC52-CCEB-4DFC-9175-73DAB384E5DE}
2013-07-10 14:33 - 2013-07-20 03:06 - 00000000 ____D C:\Users\laurelhome\Desktop\library
2013-07-10 03:27 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 03:27 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-10 03:27 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 03:27 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-10 03:27 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 03:27 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 03:27 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-07 13:41 - 2013-07-07 13:41 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{65421385-239C-41C1-9070-535CD5EA22EA}
2013-07-06 09:27 - 2013-07-06 09:27 - 00009734 _____ C:\Users\laurelhome\Documents\groceries.xlsx
2013-07-05 02:55 - 2013-07-05 02:56 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{AB507790-7C65-4EB2-AD72-5F897E0FCA24}
2013-07-04 04:02 - 2013-07-04 04:02 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{CC6971E9-18BD-4012-BBDD-288A57C5F028}
2013-07-01 03:16 - 2013-07-01 03:32 - 00000000 ____D C:\Users\laurelhome\Desktop\LG2013
2013-06-30 15:34 - 2013-06-30 15:34 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{AF3E7684-9DA7-4D75-8A87-11E3C7CAB3A1}
2013-06-25 09:54 - 2013-06-25 09:54 - 00002239 _____ C:\Users\laurelhome\Documents\My Movie.wlmp
2013-06-25 09:41 - 2013-06-25 09:41 - 00002249 _____ C:\Users\laurelhome\Documents\THEMOVIE.wlmp
2013-06-25 09:26 - 2013-06-25 09:26 - 00000000 ____D C:\Users\laurelhome\Desktop\FILMS
2013-06-25 08:59 - 2013-06-25 08:59 - 00000000 ____D C:\Users\laurelhome\Documents\movies
2013-06-25 08:57 - 2013-06-25 08:57 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{4EF8E7D8-283E-464A-9C3D-8DC80526189A}
2013-06-25 08:33 - 2013-07-16 18:12 - 00000000 ____D C:\Users\laurelhome\Desktop\JULY2013 gi

==================== One Month Modified Files and Folders =======

2013-07-21 05:33 - 2013-07-21 05:33 - 00003434 _____ C:\Windows\System32\Tasks\Browser Manager
2013-07-21 05:33 - 2012-05-03 05:47 - 00000000 ____D C:\Users\laurelhome\AppData\Roaming\Skype
2013-07-21 05:33 - 2012-01-07 14:08 - 00196608 _____ C:\Windows\System32\Ikeext.etl
2013-07-21 05:32 - 2013-04-02 16:06 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-21 05:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 05:32 - 2009-07-13 20:51 - 00039827 _____ C:\Windows\setupact.log
2013-07-21 05:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2013-07-21 05:32 - 2009-07-06 23:38 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-21 05:26 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-21 05:26 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-21 05:26 - 2009-07-06 23:39 - 01395627 _____ C:\Windows\WindowsUpdate.log
2013-07-21 05:13 - 2013-07-21 05:13 - 00000000 ____D C:\FRST
2013-07-21 04:49 - 2013-04-02 16:06 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-21 04:43 - 2012-09-02 15:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 04:20 - 2009-07-13 21:13 - 00727310 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-20 05:31 - 2013-04-20 08:48 - 00000000 __HDC C:\Users\laurelhome\AppData\Local\~0
2013-07-20 05:29 - 2013-07-20 05:29 - 00000000 ____D C:\Users\laurelhome\AppData\Roaming\Tific
2013-07-20 03:06 - 2013-07-10 14:33 - 00000000 ____D C:\Users\laurelhome\Desktop\library
2013-07-18 17:44 - 2013-04-02 16:06 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-18 17:44 - 2013-04-02 16:06 - 00003650 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-18 17:44 - 2012-01-07 13:02 - 00000000 ____D C:\users\laurelhome
2013-07-18 15:51 - 2012-11-08 15:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-18 15:51 - 2011-03-31 01:13 - 00000000 ____D C:\ProgramData\Skype
2013-07-18 15:49 - 2013-07-18 02:32 - 00000000 ____D C:\ProgramData\8ed1d93e-4c6e-0000-d386-0c0060e123bc
2013-07-18 15:49 - 2011-03-31 01:24 - 00000000 ____D C:\ProgramData\Norton
2013-07-18 15:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-07-18 15:47 - 2012-01-07 15:09 - 00000000 __RHD C:\MSOCache
2013-07-17 15:24 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-07-16 18:12 - 2013-06-25 08:33 - 00000000 ____D C:\Users\laurelhome\Desktop\JULY2013 gi
2013-07-14 04:53 - 2012-08-19 12:24 - 00000000 ____D C:\Users\laurelhome\Desktop\jwlry
2013-07-14 04:43 - 2013-06-17 15:37 - 00000000 ____D C:\Users\laurelhome\Desktop\H.POTTER
2013-07-14 04:41 - 2013-07-14 04:41 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{868E3F65-8A3A-4BFD-86EC-8F9134A9BC1D}
2013-07-12 11:34 - 2012-01-08 14:39 - 00000000 ____D C:\Users\laurelhome\AppData\Local\CrashDumps
2013-07-11 13:38 - 2012-10-17 13:58 - 00000000 ____D C:\Users\laurelhome\Desktop\recipes
2013-07-10 23:35 - 2009-07-13 20:45 - 00416200 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-10 23:34 - 2013-03-13 23:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 23:34 - 2013-03-13 23:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 23:33 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 23:10 - 2012-01-18 14:29 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-10 23:09 - 2012-08-25 03:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 14:36 - 2013-07-10 14:36 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{6E94EC52-CCEB-4DFC-9175-73DAB384E5DE}
2013-07-07 13:41 - 2013-07-07 13:41 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{65421385-239C-41C1-9070-535CD5EA22EA}
2013-07-06 09:27 - 2013-07-06 09:27 - 00009734 _____ C:\Users\laurelhome\Documents\groceries.xlsx
2013-07-06 07:14 - 2012-01-07 13:13 - 00000000 ____D C:\Users\laurelhome\AppData\Roaming\SoftGrid Client
2013-07-05 17:29 - 2013-04-16 18:59 - 00000000 ____D C:\Users\laurelhome\Desktop\april 2013
2013-07-05 17:28 - 2012-01-14 19:53 - 00000000 ____D C:\Users\laurelhome\Desktop\gipics january 2012
2013-07-05 17:27 - 2012-11-06 13:45 - 00000000 ____D C:\Users\laurelhome\Desktop\coaster
2013-07-05 17:25 - 2012-09-05 01:57 - 00000000 ____D C:\Users\laurelhome\Desktop\favs
2013-07-05 17:24 - 2012-09-03 18:19 - 00000000 ____D C:\Users\laurelhome\Desktop\gpics
2013-07-05 02:56 - 2013-07-05 02:55 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{AB507790-7C65-4EB2-AD72-5F897E0FCA24}
2013-07-04 05:52 - 2012-10-28 14:32 - 00000000 ____D C:\Users\laurelhome\Desktop\halloween2012
2013-07-04 04:02 - 2013-07-04 04:02 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{CC6971E9-18BD-4012-BBDD-288A57C5F028}
2013-07-04 04:00 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 105 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 104 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 103 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 096 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 095 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 055 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 053 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 052 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 051 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001696 _____ C:\Users\laurelhome\Desktop\lake george 117 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001691 _____ C:\Users\laurelhome\Desktop\lake george 101 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001687 _____ C:\Users\laurelhome\Desktop\lake george 091 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001686 _____ C:\Users\laurelhome\Desktop\lake george 054 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001671 _____ C:\Users\laurelhome\Desktop\lake george 100 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 093 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 092 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 090 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 089 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 088 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 087 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 086 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 081 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 079 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 078 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 077 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 076 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 072 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 070 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 067 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 066 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 065 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 064 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 063 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 062 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 061 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 060 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 059 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 058 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 057 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001666 _____ C:\Users\laurelhome\Desktop\lake george 116 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001654 _____ C:\Users\laurelhome\Desktop\lake george 111 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001654 _____ C:\Users\laurelhome\Desktop\lake george 102 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001651 _____ C:\Users\laurelhome\Desktop\lake george 068 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001624 _____ C:\Users\laurelhome\Desktop\lake george 080 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001624 _____ C:\Users\laurelhome\Desktop\lake george 073 - Shortcut.lnk
2013-07-04 04:00 - 2012-08-19 11:45 - 00001595 _____ C:\Users\laurelhome\Desktop\lake george 069 - Shortcut.lnk
2013-07-04 04:00 - 2012-04-06 15:43 - 00000000 ____D C:\Users\laurelhome\Desktop\april 2012
2013-07-04 03:57 - 2012-02-26 07:13 - 00000000 ____D C:\Users\laurelhome\Desktop\giannafeb2012
2013-07-04 03:56 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 050 - Shortcut.lnk
2013-07-04 03:56 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 049 - Shortcut.lnk
2013-07-04 03:56 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 048 - Shortcut.lnk
2013-07-04 03:56 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 047 - Shortcut.lnk
2013-07-04 03:56 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 046 - Shortcut.lnk
2013-07-03 13:31 - 2012-07-29 14:47 - 00000000 ____D C:\Users\laurelhome\Desktop\gbday
2013-07-03 13:30 - 2012-07-26 18:09 - 00000000 ____D C:\Users\laurelhome\Desktop\cuban pete
2013-07-03 13:29 - 2012-11-25 04:57 - 00000000 ____D C:\Users\laurelhome\Desktop\NOVDEC2012
2013-07-03 13:26 - 2012-08-19 11:42 - 00000000 ____D C:\Users\laurelhome\Desktop\lake george pics2012
2013-07-01 03:32 - 2013-07-01 03:16 - 00000000 ____D C:\Users\laurelhome\Desktop\LG2013
2013-07-01 03:30 - 2012-12-02 05:40 - 00000000 ____D C:\Users\laurelhome\Desktop\Le
2013-07-01 03:16 - 2012-08-05 03:48 - 00000000 ____D C:\Users\laurelhome\Desktop\hoedown
2013-06-30 15:34 - 2013-06-30 15:34 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{AF3E7684-9DA7-4D75-8A87-11E3C7CAB3A1}
2013-06-25 09:54 - 2013-06-25 09:54 - 00002239 _____ C:\Users\laurelhome\Documents\My Movie.wlmp
2013-06-25 09:41 - 2013-06-25 09:41 - 00002249 _____ C:\Users\laurelhome\Documents\THEMOVIE.wlmp
2013-06-25 09:26 - 2013-06-25 09:26 - 00000000 ____D C:\Users\laurelhome\Desktop\FILMS
2013-06-25 09:26 - 2012-01-14 19:55 - 00000000 ____D C:\Users\laurelhome\AppData\Local\Windows Live
2013-06-25 08:59 - 2013-06-25 08:59 - 00000000 ____D C:\Users\laurelhome\Documents\movies
2013-06-25 08:57 - 2013-06-25 08:57 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{4EF8E7D8-283E-464A-9C3D-8DC80526189A}
2013-06-22 04:42 - 2012-12-09 11:38 - 00000000 ____D C:\Users\laurelhome\Desktop\pics3

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2943752849-2961130617-1043429671-1000\$bec1570b88464ad800917278f134618e

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-06-11 23:00:38
Restore point made on: 2013-06-15 07:14:36
Restore point made on: 2013-06-15 23:00:37
Restore point made on: 2013-06-21 17:16:39
Restore point made on: 2013-06-28 12:36:29
Restore point made on: 2013-07-02 11:35:42
Restore point made on: 2013-07-10 23:00:41
Restore point made on: 2013-07-11 23:01:06
Restore point made on: 2013-07-18 15:13:01
Restore point made on: 2013-07-18 15:45:51
Restore point made on: 2013-07-18 23:00:45
Restore point made on: 2013-07-20 05:33:32
Restore point made on: 2013-07-20 05:34:14

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 2815.37 MB
Available physical RAM: 2176.41 MB
Total Pagefile: 2813.57 MB
Available Pagefile: 2162.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:911.88 GB) (Free:852.04 GB) NTFS (Disk=0 Partition=3)
Drive e: (PQSERVICE) (Fixed) (Total:19.53 GB) (Free:8.54 GB) NTFS (Disk=0 Partition=1)
Drive h: (OPTIMA PRO) (Removable) (Total:1.92 GB) (Free:0.35 GB) FAT (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 35D5C1F3)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=912 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 814DAD2E)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

LastRegBack: 2013-06-03 11:55

==================== End Of Log ============================

1 Attachment(s)

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

When done...

Please complete all steps listed here: http://discussions.virtualdr.com/sho...d-4-28-2013%29

aaah yes, but foolish me , Broni. Natch, it would not let me DL it...must get to another PC and get back to you.

Thanks for hangin in!

I'm stuck Broni !

:confused

Tried to follow all next steps. Did DL the fixlist. aok.
Went to System Recovery Options but very unclear on what to choose from there (?) Finally , skipped over and tried to go straight to notepad etc ..but nada.

Where do I go- Startup Repair or System Restore or ?????

Cannot get to the place where it says run ....fix.

THX

You follow very same steps like you did to create FRST log.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

Then....

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Fix button.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Got it ...

Many thanks for your patience .... Here is the fix log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2013
Ran by SYSTEM at 2013-07-21 19:51:23 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value deleted successfully.
C:\Program Files (x86)\Ask.com => Moved successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
c:\progra~3\browse~1 => Moved successfully.
Browser Manager => Service deleted successfully.
"C:\ProgramData\Browser Manager" => File/Directory not found.
C:\$Recycle.Bin\S-1-5-21-2943752849-2961130617-1043429671-1000\$bec1570b88464ad800917278f134618e => Moved successfully.
Error: DeleteJunctionsIndirectory: C:\Program Files\Windows Defender => entry should be fixed outside recovery mode.

==== End of Fixlog ====