[Inactive-A] HELP!
Page 1 of 5 123 ... LastLast
Results 1 to 15 of 62

Thread: [Inactive-A] HELP!

  1. #1
    Join Date
    Jul 2003
    Posts
    130

    Angry [Inactive-A] HELP!

    Hi all
    I sure do need some experts...waaay out of my league here.

    NO CLKUTE what happened but a few days ago, I got some virus warnings. Then I could not get online at all. Tried for hrs and FINALLY just did a quick system date change to a few days earlier and SEEMED like I was okay. As an Xfinity customer, I went in today to install fee Norton AV and it claims the file is infected and was deleted. (Right0

    The I came to this site and tried to DL the free AV suggested here and said that was infected and deelted.

    NO CLUE what the name of this ' thing ' on my PC is ...please help
    THX

  2. #2
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ==================================

    You may be infected with ZeroAccess rootkit.
    What Windows version is it?

  3. #3
    Join Date
    Jul 2003
    Posts
    130

    win 7

    Quote Originally Posted by laurelj View Post
    Hi all
    I sure do need some experts...waaay out of my league here.

    NO CLKUTE what happened but a few days ago, I got some virus warnings. Then I could not get online at all. Tried for hrs and FINALLY just did a quick system date change to a few days earlier and SEEMED like I was okay. As an Xfinity customer, I went in today to install fee Norton AV and it claims the file is infected and was deleted. (Right0

    The I came to this site and tried to DL the free AV suggested here and said that was infected and deelted.

    NO CLUE what the name of this ' thing ' on my PC is ...please help
    THX
    ===========================

    I have WIN 7

  4. #4
    Join Date
    Jul 2003
    Posts
    130

    Angry sends me here :

    Quote Originally Posted by laurelj View Post
    ===========================

    I have WIN 7
    Also- if I try to DL real av it claims it has a virus and they deleted it and sends me here :

    http://windows.microsoft.com/en-US/w...rotect_viruses

  5. #5
    Join Date
    Apr 2000
    Location
    Sheboygan, WI
    Posts
    53,392
    Foillow the instructions at
    http://discussions.virtualdr.com/sho...d-4-28-2013%29

    If you need to have them downloaded on another computer and transfer them to yours. Using A USB memory stick, cd, etc.
    Gots to get rid of the garbage so a av program can be installed.

  6. #6
    Join Date
    Jul 2003
    Posts
    130

    Angry Can't !

    Quote Originally Posted by Train View Post
    Foillow the instructions at
    http://discussions.virtualdr.com/sho...d-4-28-2013%29

    If you need to have them downloaded on another computer and transfer them to yours. Using A USB memory stick, cd, etc.
    Gots to get rid of the garbage so a av program can be installed.
    OK Train ...I looked at those instructions. "IT" will not allow me to DL any of those things. Keeps claiming virus was detected and so deleted.

    Will *try* to get access to another PC to do all this , but it wont be easy! So, are you saying, if I can get another PC, DL and USB, the 'thing' cannot stop me from ' dumping it' all into my PC the usb ?

    THX

  7. #7
    Join Date
    Apr 2000
    Location
    Sheboygan, WI
    Posts
    53,392
    EDIT: Follow Broni's instruction in the next post.
    Last edited by Train; July 21st, 2013 at 12:36 AM. Reason: Rootkit

  8. #8
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    You may be infected with ZeroAccess rootkit.
    I strongly advice you follow rules I posted especially:
    Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.



    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.



    On the System Recovery Options menu you will get the following options:


    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt



    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  9. #9
    Join Date
    Jul 2003
    Posts
    130

    Unhappy YIKES!

    BRONI

    Win installation disc? I doubt I even have that ? NO CLUE where that might be IF I +ever+ had it. I have WIN 7.

    As for

    32 or 64 ? Don't even know that!

    I am afraid I simply don't know how/ cannot follow your instructions. (grrrrrr!)
    ===================

    BRONI

    Win installation disc? I doubt I even have that ? NO CLUE where that might be IF I +ever+ had it. I have WIN 7.

    As for

    32 or 64 ? Don't even know that!

    I am afraid I simply don't know how/ cannot follow your instructions. (grrrrrr!)


    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.



    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.



    On the System Recovery Options menu you will get the following options:


    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt



    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
    [/QUOTE]

  10. #10
    Join Date
    Jul 2003
    Posts
    130

    OK Broni...here goes nothing!



    can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
    Ran by SYSTEM on 21-07-2013 09:37:35
    Running from H:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-18] ()
    HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-03-03] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM-x32\...\Run: [] - [x]
    HKLM-x32\...\Run: [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [3478752 2012-12-18] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
    HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] ()
    HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] ()
    HKU\laurelhome\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
    HKU\laurelhome\...\Run: [Logitech Vid] - "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode [6129496 2011-01-12] (Logitech Inc.)
    HKU\laurelhome\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] ()
    AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{16cdf~1\browse~1.dll [2521552 2013-06-03] ()

    ==================== Services (Whitelisted) =================

    S2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [3085264 2013-06-03] ()
    S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
    S2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
    S2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
    S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
    S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
    S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()

    ==================== Drivers (Whitelisted) ====================

    S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [1157240 2012-03-02] (Symantec Corporation)
    S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [1157240 2012-03-02] (Symantec Corporation)
    S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-03] (Symantec Corporation)
    S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-03] (Symantec Corporation)
    S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-03] (Symantec Corporation)
    S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120307.002\IDSvia64.sys [488568 2012-03-06] (Symantec Corporation)
    S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120307.002\IDSvia64.sys [488568 2012-03-06] (Symantec Corporation)
    S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120308.002\ENG64.SYS [117880 2012-01-07] (Symantec Corporation)
    S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120308.002\ENG64.SYS [117880 2012-01-07] (Symantec Corporation)
    S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120308.002\EX64.SYS [2048632 2012-01-07] (Symantec Corporation)
    S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120308.002\EX64.SYS [2048632 2012-01-07] (Symantec Corporation)
    S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
    S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
    S0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
    S0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
    S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-01-07] (Symantec Corporation)
    S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
    S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-07-21 05:33 - 2013-07-21 05:33 - 00003434 _____ C:\Windows\System32\Tasks\Browser Manager
    2013-07-21 05:13 - 2013-07-21 05:13 - 00000000 ____D C:\FRST
    2013-07-20 05:29 - 2013-07-20 05:29 - 00000000 ____D C:\Users\laurelhome\AppData\Roaming\Tific
    2013-07-18 02:32 - 2013-07-18 15:49 - 00000000 ____D C:\ProgramData\8ed1d93e-4c6e-0000-d386-0c0060e123bc
    2013-07-14 04:41 - 2013-07-14 04:41 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{868E3F65-8A3A-4BFD-86EC-8F9134A9BC1D}
    2013-07-10 23:08 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-07-10 23:08 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-07-10 23:08 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-07-10 23:08 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-07-10 23:08 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-07-10 23:08 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-07-10 23:08 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-07-10 23:08 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-07-10 23:08 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-07-10 23:08 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-07-10 23:08 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2013-07-10 23:08 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2013-07-10 23:08 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2013-07-10 23:08 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-07-10 23:08 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-07-10 23:08 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-07-10 23:08 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-07-10 23:08 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-07-10 23:08 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-07-10 23:08 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-07-10 23:08 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-07-10 23:08 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-07-10 23:08 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-07-10 23:08 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2013-07-10 23:08 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2013-07-10 23:08 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-07-10 23:08 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2013-07-10 23:08 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2013-07-10 23:08 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2013-07-10 23:08 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-07-10 23:08 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-07-10 14:36 - 2013-07-10 14:36 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{6E94EC52-CCEB-4DFC-9175-73DAB384E5DE}
    2013-07-10 14:33 - 2013-07-20 03:06 - 00000000 ____D C:\Users\laurelhome\Desktop\library
    2013-07-10 03:27 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-07-10 03:27 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
    2013-07-10 03:27 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2013-07-10 03:27 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
    2013-07-10 03:27 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2013-07-10 03:27 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2013-07-10 03:27 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2013-07-07 13:41 - 2013-07-07 13:41 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{65421385-239C-41C1-9070-535CD5EA22EA}
    2013-07-06 09:27 - 2013-07-06 09:27 - 00009734 _____ C:\Users\laurelhome\Documents\groceries.xlsx
    2013-07-05 02:55 - 2013-07-05 02:56 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{AB507790-7C65-4EB2-AD72-5F897E0FCA24}
    2013-07-04 04:02 - 2013-07-04 04:02 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{CC6971E9-18BD-4012-BBDD-288A57C5F028}
    2013-07-01 03:16 - 2013-07-01 03:32 - 00000000 ____D C:\Users\laurelhome\Desktop\LG2013
    2013-06-30 15:34 - 2013-06-30 15:34 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{AF3E7684-9DA7-4D75-8A87-11E3C7CAB3A1}
    2013-06-25 09:54 - 2013-06-25 09:54 - 00002239 _____ C:\Users\laurelhome\Documents\My Movie.wlmp
    2013-06-25 09:41 - 2013-06-25 09:41 - 00002249 _____ C:\Users\laurelhome\Documents\THEMOVIE.wlmp
    2013-06-25 09:26 - 2013-06-25 09:26 - 00000000 ____D C:\Users\laurelhome\Desktop\FILMS
    2013-06-25 08:59 - 2013-06-25 08:59 - 00000000 ____D C:\Users\laurelhome\Documents\movies
    2013-06-25 08:57 - 2013-06-25 08:57 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{4EF8E7D8-283E-464A-9C3D-8DC80526189A}
    2013-06-25 08:33 - 2013-07-16 18:12 - 00000000 ____D C:\Users\laurelhome\Desktop\JULY2013 gi

    ==================== One Month Modified Files and Folders =======

    2013-07-21 05:33 - 2013-07-21 05:33 - 00003434 _____ C:\Windows\System32\Tasks\Browser Manager
    2013-07-21 05:33 - 2012-05-03 05:47 - 00000000 ____D C:\Users\laurelhome\AppData\Roaming\Skype
    2013-07-21 05:33 - 2012-01-07 14:08 - 00196608 _____ C:\Windows\System32\Ikeext.etl
    2013-07-21 05:32 - 2013-04-02 16:06 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-07-21 05:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-07-21 05:32 - 2009-07-13 20:51 - 00039827 _____ C:\Windows\setupact.log
    2013-07-21 05:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
    2013-07-21 05:32 - 2009-07-06 23:38 - 00000000 ____D C:\ProgramData\NVIDIA
    2013-07-21 05:26 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-07-21 05:26 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-07-21 05:26 - 2009-07-06 23:39 - 01395627 _____ C:\Windows\WindowsUpdate.log
    2013-07-21 05:13 - 2013-07-21 05:13 - 00000000 ____D C:\FRST
    2013-07-21 04:49 - 2013-04-02 16:06 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-07-21 04:43 - 2012-09-02 15:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-07-21 04:20 - 2009-07-13 21:13 - 00727310 _____ C:\Windows\System32\PerfStringBackup.INI
    2013-07-20 05:31 - 2013-04-20 08:48 - 00000000 __HDC C:\Users\laurelhome\AppData\Local\~0
    2013-07-20 05:29 - 2013-07-20 05:29 - 00000000 ____D C:\Users\laurelhome\AppData\Roaming\Tific
    2013-07-20 03:06 - 2013-07-10 14:33 - 00000000 ____D C:\Users\laurelhome\Desktop\library
    2013-07-18 17:44 - 2013-04-02 16:06 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2013-07-18 17:44 - 2013-04-02 16:06 - 00003650 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2013-07-18 17:44 - 2012-01-07 13:02 - 00000000 ____D C:\users\laurelhome
    2013-07-18 15:51 - 2012-11-08 15:03 - 00000000 ___RD C:\Program Files (x86)\Skype
    2013-07-18 15:51 - 2011-03-31 01:13 - 00000000 ____D C:\ProgramData\Skype
    2013-07-18 15:49 - 2013-07-18 02:32 - 00000000 ____D C:\ProgramData\8ed1d93e-4c6e-0000-d386-0c0060e123bc
    2013-07-18 15:49 - 2011-03-31 01:24 - 00000000 ____D C:\ProgramData\Norton
    2013-07-18 15:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2013-07-18 15:47 - 2012-01-07 15:09 - 00000000 __RHD C:\MSOCache
    2013-07-17 15:24 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
    2013-07-16 18:12 - 2013-06-25 08:33 - 00000000 ____D C:\Users\laurelhome\Desktop\JULY2013 gi
    2013-07-14 04:53 - 2012-08-19 12:24 - 00000000 ____D C:\Users\laurelhome\Desktop\jwlry
    2013-07-14 04:43 - 2013-06-17 15:37 - 00000000 ____D C:\Users\laurelhome\Desktop\H.POTTER
    2013-07-14 04:41 - 2013-07-14 04:41 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{868E3F65-8A3A-4BFD-86EC-8F9134A9BC1D}
    2013-07-12 11:34 - 2012-01-08 14:39 - 00000000 ____D C:\Users\laurelhome\AppData\Local\CrashDumps
    2013-07-11 13:38 - 2012-10-17 13:58 - 00000000 ____D C:\Users\laurelhome\Desktop\recipes
    2013-07-10 23:35 - 2009-07-13 20:45 - 00416200 _____ C:\Windows\System32\FNTCACHE.DAT
    2013-07-10 23:34 - 2013-03-13 23:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-07-10 23:34 - 2013-03-13 23:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-07-10 23:33 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
    2013-07-10 23:10 - 2012-01-18 14:29 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-07-10 23:09 - 2012-08-25 03:10 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-07-10 14:36 - 2013-07-10 14:36 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{6E94EC52-CCEB-4DFC-9175-73DAB384E5DE}
    2013-07-07 13:41 - 2013-07-07 13:41 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{65421385-239C-41C1-9070-535CD5EA22EA}
    2013-07-06 09:27 - 2013-07-06 09:27 - 00009734 _____ C:\Users\laurelhome\Documents\groceries.xlsx
    2013-07-06 07:14 - 2012-01-07 13:13 - 00000000 ____D C:\Users\laurelhome\AppData\Roaming\SoftGrid Client
    2013-07-05 17:29 - 2013-04-16 18:59 - 00000000 ____D C:\Users\laurelhome\Desktop\april 2013
    2013-07-05 17:28 - 2012-01-14 19:53 - 00000000 ____D C:\Users\laurelhome\Desktop\gipics january 2012
    2013-07-05 17:27 - 2012-11-06 13:45 - 00000000 ____D C:\Users\laurelhome\Desktop\coaster
    2013-07-05 17:25 - 2012-09-05 01:57 - 00000000 ____D C:\Users\laurelhome\Desktop\favs
    2013-07-05 17:24 - 2012-09-03 18:19 - 00000000 ____D C:\Users\laurelhome\Desktop\gpics
    2013-07-05 02:56 - 2013-07-05 02:55 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{AB507790-7C65-4EB2-AD72-5F897E0FCA24}
    2013-07-04 05:52 - 2012-10-28 14:32 - 00000000 ____D C:\Users\laurelhome\Desktop\halloween2012
    2013-07-04 04:02 - 2013-07-04 04:02 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{CC6971E9-18BD-4012-BBDD-288A57C5F028}
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 105 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 104 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 103 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 096 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 095 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 055 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 053 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 052 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 051 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001696 _____ C:\Users\laurelhome\Desktop\lake george 117 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001691 _____ C:\Users\laurelhome\Desktop\lake george 101 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001687 _____ C:\Users\laurelhome\Desktop\lake george 091 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001686 _____ C:\Users\laurelhome\Desktop\lake george 054 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001671 _____ C:\Users\laurelhome\Desktop\lake george 100 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 093 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 092 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 090 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 089 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 088 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 087 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 086 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 081 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 079 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 078 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 077 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 076 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 072 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 070 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 067 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 066 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 065 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 064 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 063 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 062 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 061 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 060 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 059 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 058 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001669 _____ C:\Users\laurelhome\Desktop\lake george 057 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001666 _____ C:\Users\laurelhome\Desktop\lake george 116 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001654 _____ C:\Users\laurelhome\Desktop\lake george 111 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001654 _____ C:\Users\laurelhome\Desktop\lake george 102 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001651 _____ C:\Users\laurelhome\Desktop\lake george 068 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001624 _____ C:\Users\laurelhome\Desktop\lake george 080 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001624 _____ C:\Users\laurelhome\Desktop\lake george 073 - Shortcut.lnk
    2013-07-04 04:00 - 2012-08-19 11:45 - 00001595 _____ C:\Users\laurelhome\Desktop\lake george 069 - Shortcut.lnk
    2013-07-04 04:00 - 2012-04-06 15:43 - 00000000 ____D C:\Users\laurelhome\Desktop\april 2012
    2013-07-04 03:57 - 2012-02-26 07:13 - 00000000 ____D C:\Users\laurelhome\Desktop\giannafeb2012
    2013-07-04 03:56 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 050 - Shortcut.lnk
    2013-07-04 03:56 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 049 - Shortcut.lnk
    2013-07-04 03:56 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 048 - Shortcut.lnk
    2013-07-04 03:56 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 047 - Shortcut.lnk
    2013-07-04 03:56 - 2012-08-19 11:45 - 00001701 _____ C:\Users\laurelhome\Desktop\lake george 046 - Shortcut.lnk
    2013-07-03 13:31 - 2012-07-29 14:47 - 00000000 ____D C:\Users\laurelhome\Desktop\gbday
    2013-07-03 13:30 - 2012-07-26 18:09 - 00000000 ____D C:\Users\laurelhome\Desktop\cuban pete
    2013-07-03 13:29 - 2012-11-25 04:57 - 00000000 ____D C:\Users\laurelhome\Desktop\NOVDEC2012
    2013-07-03 13:26 - 2012-08-19 11:42 - 00000000 ____D C:\Users\laurelhome\Desktop\lake george pics2012
    2013-07-01 03:32 - 2013-07-01 03:16 - 00000000 ____D C:\Users\laurelhome\Desktop\LG2013
    2013-07-01 03:30 - 2012-12-02 05:40 - 00000000 ____D C:\Users\laurelhome\Desktop\Le
    2013-07-01 03:16 - 2012-08-05 03:48 - 00000000 ____D C:\Users\laurelhome\Desktop\hoedown
    2013-06-30 15:34 - 2013-06-30 15:34 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{AF3E7684-9DA7-4D75-8A87-11E3C7CAB3A1}
    2013-06-25 09:54 - 2013-06-25 09:54 - 00002239 _____ C:\Users\laurelhome\Documents\My Movie.wlmp
    2013-06-25 09:41 - 2013-06-25 09:41 - 00002249 _____ C:\Users\laurelhome\Documents\THEMOVIE.wlmp
    2013-06-25 09:26 - 2013-06-25 09:26 - 00000000 ____D C:\Users\laurelhome\Desktop\FILMS
    2013-06-25 09:26 - 2012-01-14 19:55 - 00000000 ____D C:\Users\laurelhome\AppData\Local\Windows Live
    2013-06-25 08:59 - 2013-06-25 08:59 - 00000000 ____D C:\Users\laurelhome\Documents\movies
    2013-06-25 08:57 - 2013-06-25 08:57 - 00000000 ____D C:\Users\laurelhome\AppData\Local\{4EF8E7D8-283E-464A-9C3D-8DC80526189A}
    2013-06-22 04:42 - 2012-12-09 11:38 - 00000000 ____D C:\Users\laurelhome\Desktop\pics3

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-2943752849-2961130617-1043429671-1000\$bec1570b88464ad800917278f134618e

    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-06-11 23:00:38
    Restore point made on: 2013-06-15 07:14:36
    Restore point made on: 2013-06-15 23:00:37
    Restore point made on: 2013-06-21 17:16:39
    Restore point made on: 2013-06-28 12:36:29
    Restore point made on: 2013-07-02 11:35:42
    Restore point made on: 2013-07-10 23:00:41
    Restore point made on: 2013-07-11 23:01:06
    Restore point made on: 2013-07-18 15:13:01
    Restore point made on: 2013-07-18 15:45:51
    Restore point made on: 2013-07-18 23:00:45
    Restore point made on: 2013-07-20 05:33:32
    Restore point made on: 2013-07-20 05:34:14

    ==================== Memory info ===========================

    Percentage of memory in use: 22%
    Total physical RAM: 2815.37 MB
    Available physical RAM: 2176.41 MB
    Total Pagefile: 2813.57 MB
    Available Pagefile: 2162.12 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.86 MB

    ==================== Drives ================================

    Drive c: (eMachines) (Fixed) (Total:911.88 GB) (Free:852.04 GB) NTFS (Disk=0 Partition=3)
    Drive e: (PQSERVICE) (Fixed) (Total:19.53 GB) (Free:8.54 GB) NTFS (Disk=0 Partition=1)
    Drive h: (OPTIMA PRO) (Removable) (Total:1.92 GB) (Free:0.35 GB) FAT (Disk=2 Partition=1)
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 932 GB) (Disk ID: 35D5C1F3)
    Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=912 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (Size: 2 GB) (Disk ID: 814DAD2E)
    Partition 1: (Not Active) - (Size=2 GB) - (Type=06)


    LastRegBack: 2013-06-03 11:55

    ==================== End Of Log ============================

  11. #11
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    When done...

    Please complete all steps listed here: http://discussions.virtualdr.com/sho...d-4-28-2013%29
    Attached Files Attached Files

  12. #12
    Join Date
    Jul 2003
    Posts
    130
    aaah yes, but foolish me , Broni. Natch, it would not let me DL it...must get to another PC and get back to you.

    Thanks for hangin in!
    Last edited by laurelj; July 21st, 2013 at 04:24 PM.

  13. #13
    Join Date
    Jul 2003
    Posts
    130

    Angry I'm stuck Broni !

    :confused

    Tried to follow all next steps. Did DL the fixlist. aok.
    Went to System Recovery Options but very unclear on what to choose from there (?) Finally , skipped over and tried to go straight to notepad etc ..but nada.

    Where do I go- Startup Repair or System Restore or ?????

    Cannot get to the place where it says run ....fix.

    THX

  14. #14
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    You follow very same steps like you did to create FRST log.

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    Then....

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:


    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.




    To enter System Recovery Options by using Windows installation disc:


    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.




    On the System Recovery Options menu you will get the following options:



    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt





    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Fix button.
    • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

  15. #15
    Join Date
    Jul 2003
    Posts
    130

    Got it ...

    Many thanks for your patience .... Here is the fix log:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2013
    Ran by SYSTEM at 2013-07-21 19:51:23 Run:1
    Running from H:\
    Boot Mode: Recovery
    ==============================================

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value deleted successfully.
    C:\Program Files (x86)\Ask.com => Moved successfully.
    HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
    c:\progra~3\browse~1 => Moved successfully.
    Browser Manager => Service deleted successfully.
    "C:\ProgramData\Browser Manager" => File/Directory not found.
    C:\$Recycle.Bin\S-1-5-21-2943752849-2961130617-1043429671-1000\$bec1570b88464ad800917278f134618e => Moved successfully.
    Error: DeleteJunctionsIndirectory: C:\Program Files\Windows Defender => entry should be fixed outside recovery mode.

    ==== End of Fixlog ====

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •