Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Desktop Blank. Task Manager Disabled. [Closed]

Started by MrHill , Jan 04 2013 04:10 PM

  • This topic is locked This topic is locked

#1
MrHill
Posted 04 January 2013 - 04:10 PM

MrHill

    New Member

  • Member
  • Pip
  • 4 posts
Ok. So last night I log off normaly. Everything shuts down fine but this morning as I log back in I notice that the Desktop is blank. Now I have had this problem once before so I quickly press Ctrl + Alt + Del to start up the screen in which I load up Task Manager. To my surprise I find that among the choices Start Task Manager is gone. My mind starts racing.
I decided to restart my computer by a quick restart button on the PC and hit F8 at the start to 'Repair your Computer' and reset it back a couple of days. The System Restore won't restore my computer. So immediately I pick up my smartphone and start looking for techniques I can try. Nothing works. The 'regedit' way doesn't seem to work and Gpedit won't either.
I'm at a loss here and am wondering who can help. Hopefully you can!

My computer is Custom built at a computer store.
Windows 7 with I believe 12 gbs of RAM. I don't know how much this may help though.

Edited by MrHill, 04 January 2013 - 04:20 PM.

  • 0

Advertisements

#2
Essexboy
Posted 04 January 2013 - 04:28 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I have two programmes for you to run
You can use windows+r to get the run box open

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

THEN

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
MrHill
Posted 04 January 2013 - 05:03 PM

MrHill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I can't use that. I'm not able to use my desktop at all. I can use Task Manager and CMD through the 'Repair Your Computer' Program at the startup by pressing F8. I can do that if there is a way re-enable Task Manager for my account.
I'm using a seperate computer to post.

Edited by MrHill, 04 January 2013 - 05:04 PM.

  • 0

#4
MrHill
Posted 04 January 2013 - 07:10 PM

MrHill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Is there anyone that can help???? I am not able to run these programs!
  • 0

#5
Essexboy
Posted 05 January 2013 - 06:21 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK as you have the repair my computer option and the command prompt do the following


Download the correct version of the following programme to a USB drive
Farbar Recovery Scan Tool x64
Farbar Recovery Scan Tool x32

Reboot the computer and press F8 to get to the safe mode menu
Insert the USB with FRST on it

Select Command prompt
Posted Image

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe or FRST.exe depending on your windows version and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Posted Image
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • 0

#6
MrHill
Posted 05 January 2013 - 01:41 PM

MrHill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ok! I did all of that and It seemed to give me the scan without hesitation. And sorry for not stating earlier that my computer is a 64bit.

Attached File  FRST.txt   28.96KB   75 downloads

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-12-2012
Ran by SYSTEM at 05-01-2013 12:20:17
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8306208 2009-10-21] (Realtek Semiconductor)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Owner\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1354736 2012-12-15] (Valve Corporation)
HKU\Owner\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-10-22] ()
HKU\Owner\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [4862384 2011-09-01] (Exent Technologies Ltd.)
HKU\Owner\...\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Owner\...\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-27] (Google Inc.)
HKU\Owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-07-09] (Google Inc.)
HKU\Owner\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [16070136 2012-11-08] (Google)
HKU\Owner\...\Policies\system: [DisableTaskMgr] 1
HKU\UpdatusUser\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" [4862384 2011-09-01] (Exent Technologies Ltd.)
HKU\UpdatusUser\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1354736 2012-12-15] (Valve Corporation)
HKU\UpdatusUser\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-10-22] ()
HKU\UpdatusUser\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-07-09] (Google Inc.)
HKU\UpdatusUser\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\UpdatusUser\...\Run: [Exent_SDM] C:\Users\UpdatusUser\AppData\Local\Temp\SDM143\Free Ride Games.exe "l 'Startup' u 'http://www.freerideg..._games_nolaunch' p '143' c '466550'" [x]
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1085000 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Runonce: [pivotstickfigure] [x]
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-9G7HL.exe" /REG /REGSVRMODE [711240 2012-07-29] ()
HKLM-x32\...\RunOnce: [ZTBUpdater5_871] "C:\Windows\TEMP\ToolbarUpdate.exe" -REBOOT [1322120 2013-01-04] ()
HKLM\...\Winlogon: [Userinit] ,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe,C:\ProgramData\Microsoft\Windows\Start Menu\Java\qsvlwBmlWUnd\qsvlwBmlWUnd\Java.exe
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{caa981f5-cbfd-8594-def6-5d7fcd241596}\n. ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
Startup: C:\Users\All Users\Start Menu\Programs\Startup\explorer - Shortcut.lnk
ShortcutTarget: explorer - Shortcut.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
Startup: C:\Users\Owner\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 Browser Manager; C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe [2200096 2012-09-28] ()
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-19] ()
2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [267488 2011-07-27] ()
3 wampmysqld; C:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe wampmysqld [9693696 2012-04-19] ()

==================== Drivers (Whitelisted) =====================

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [55400 2010-11-22] (Exent Technologies Ltd.)
3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 X6va005; \??\C:\Users\Owner\AppData\Local\Temp\005B977.tmp [x]
3 X6va007; \??\C:\Users\Owner\AppData\Local\Temp\0077DC6.tmp [x]
3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-05 12:20 - 2013-01-05 12:20 - 00000000 ____D C:\FRST
2013-01-03 22:43 - 2013-01-03 22:43 - 00306355 ____A C:\Users\Owner\Desktop\Minecraft Hacks.rar
2013-01-03 22:43 - 2012-12-20 13:00 - 00774656 ____A (Microsoft Corp.) C:\Users\Owner\Desktop\Minecraft Hacks.exe
2013-01-02 20:05 - 2013-01-02 20:06 - 07558144 ____A C:\Users\Owner\Downloads\Perevodchik v2.0eng.exe
2013-01-02 10:09 - 2013-01-01 10:45 - 02322272 ____A C:\Users\Owner\Desktop\Isabella_dIII-v146_4468641.zip
2013-01-01 15:47 - 2013-01-01 15:47 - 05019406 ____A C:\Users\Owner\Downloads\Castle Gate by pg5 - 2 Maps.zip
2013-01-01 11:52 - 2013-01-01 11:52 - 00324419 ____A (http://magiclauncher.com) C:\Users\Owner\Downloads\MagicLauncher_1.0.0.exe
2013-01-01 01:27 - 2013-01-01 01:27 - 00000000 ____D C:\Users\Owner\Desktop\ChatManager
2013-01-01 00:50 - 2013-01-01 01:44 - 00000000 ____D C:\Users\Owner\Desktop\helping Zep
2013-01-01 00:42 - 2012-12-22 17:07 - 00000096 ____A C:\Users\Owner\Desktop\config.yml
2013-01-01 00:31 - 2013-01-01 00:31 - 00008150 ____A C:\Users\Owner\Desktop\perms.txt
2013-01-01 00:26 - 2013-01-01 00:26 - 00000428 ____A C:\Users\Owner\Desktop\perm.txt
2013-01-01 00:17 - 2012-12-22 17:22 - 00009357 ____A C:\Users\Owner\Desktop\permissions.yml
2012-12-31 18:23 - 2013-01-04 00:24 - 00000000 ____D C:\Users\Owner\Desktop\GMT Updater
2012-12-31 18:23 - 2013-01-04 00:24 - 00000000 ____D C:\Users\Owner\AppData\Local\PixelTail
2012-12-31 18:23 - 2012-12-31 18:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Subversion
2012-12-31 18:22 - 2012-12-31 18:22 - 02542695 ____A C:\Users\Owner\Desktop\GMTUpdater_1.2.8.zip
2012-12-29 11:04 - 2012-12-29 11:04 - 00000222 ____A C:\Users\Owner\Desktop\Galactic Civilizations I Ultimate Edition.url
2012-12-25 12:49 - 2012-12-25 12:49 - 00000220 ____A C:\Users\Owner\Desktop\Garry's Mod.url
2012-12-25 08:26 - 2012-12-25 08:26 - 00291992 ____A C:\Windows\Minidump\122512-30778-01.dmp
2012-12-24 16:42 - 2012-12-24 16:42 - 00000000 ____D C:\Users\Owner\vsxu
2012-12-24 16:41 - 2013-01-04 00:24 - 00000000 ____D C:\Program Files\Vovoid VSXu 0.3.1
2012-12-24 16:40 - 2012-12-24 16:41 - 45821522 ____A C:\Users\Owner\Downloads\VSXu_0.3.1_amd64.exe
2012-12-24 16:37 - 2012-12-24 16:37 - 00000000 ____D C:\Program Files\Microsoft Office
2012-12-24 16:03 - 2012-12-24 16:03 - 00000000 ____D C:\Program Files (x86)\OCSetup
2012-12-24 15:59 - 2012-12-24 15:59 - 56019736 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\X17-30021.exe
2012-12-24 15:58 - 2012-12-24 16:08 - 1050389616 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\X17-75238.exe
2012-12-24 09:59 - 2012-12-24 12:49 - 115228547 ____A C:\Users\Owner\Desktop\Minecraft - Let's Play - Episode 1.wmv
2012-12-24 09:22 - 2012-12-24 09:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{B7CF6BCC-9587-4115-97EF-7A2CD1E3E6AD}
2012-12-24 07:43 - 2012-11-02 12:20 - 01025023 ____A C:\Users\Owner\Desktop\Today's Textures-Greenfield V6.zip
2012-12-23 18:09 - 2012-12-23 18:09 - 00324419 ____A (http://magiclauncher.com) C:\Users\Owner\Desktop\MagicLauncher_1.0.0.exe
2012-12-23 17:43 - 2012-12-23 17:43 - 00000000 ____D C:\Users\Owner\AppData\Local\Grubby Games
2012-12-23 17:39 - 2012-12-23 17:48 - 00000000 ____D C:\Program Files (x86)\Gateway Games
2012-12-23 17:39 - 2012-12-23 17:47 - 00000000 ____D C:\Users\All Users\WildTangent
2012-12-23 17:31 - 2012-12-23 17:31 - 00000147 ____A C:\Users\Owner\Downloads\download link Adobe After Effects CS6.txt
2012-12-23 17:23 - 2012-12-23 17:23 - 00032727 ____A C:\Users\Owner\Downloads\audio-react-1.zip
2012-12-23 17:14 - 2012-12-23 17:14 - 00599689 ____A C:\Users\Owner\Downloads\gulliver-0.10.1-MC1.4.5 (1).zip
2012-12-23 17:14 - 2012-12-23 17:14 - 00599689 ____A C:\Users\Owner\Desktop\gulliver-0.10.1-MC1.4.5.zip
2012-12-23 16:53 - 2012-12-23 16:54 - 31037288 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-idcrl.exe
2012-12-23 16:27 - 2012-12-23 16:27 - 00681472 ____A C:\Users\Owner\Downloads\MicrosoftFixit50577.msi
2012-12-23 16:26 - 2012-12-23 16:26 - 00642712 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\gfwlivesetup (1).exe
2012-12-23 16:23 - 2013-01-04 00:24 - 00000000 ___RD C:\Users\Owner\Podcasts
2012-12-23 16:19 - 2013-01-04 00:24 - 00000000 ____D C:\Program Files\Zune
2012-12-23 16:19 - 2012-12-23 16:19 - 00000927 ____A C:\Users\Public\Desktop\Zune.lnk
2012-12-23 16:17 - 2012-12-23 16:18 - 105664248 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\ZuneSetupPkg.exe
2012-12-23 16:16 - 2012-12-23 16:16 - 00642712 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\gfwlivesetup.exe
2012-12-23 07:30 - 2012-12-23 07:30 - 00000000 ____D C:\Users\Owner\AppData\Local\{36A4DC42-A2FE-4259-B6C8-E2D8898BED74}
2012-12-22 19:34 - 2013-01-04 00:24 - 00000000 ____D C:\Users\Owner\Desktop\Minecraft Christmas
2012-12-20 17:52 - 2012-12-24 16:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-12-20 17:23 - 2012-12-24 16:40 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-20 17:23 - 2012-12-20 17:23 - 00000000 ____D C:\Users\Owner\AppData\Local\Microsoft Help
2012-12-20 17:11 - 2011-02-24 22:19 - 02871808 ____A (Microsoft Corporation) C:\Windows\System32\explorer.exe
2012-12-20 16:55 - 2012-12-20 17:18 - 1050389616 ____A (Microsoft Corporation) C:\Users\Owner\Desktop\X17-75238.exe
2012-12-20 16:24 - 2012-12-20 16:24 - 00000000 ____D C:\Users\Owner\Documents\Fan Art
2012-12-20 16:21 - 2012-12-20 16:21 - 00000000 ____D C:\Users\Owner\AppData\Local\{CE0A5D4B-46DD-4F96-A992-FD44C86C8F18}
2012-12-20 15:10 - 2012-12-20 17:53 - 00000000 ____D C:\Users\Owner\Desktop\Youtube-Livestream Video Supplies
2012-12-16 11:24 - 2012-12-16 11:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{FAA52D09-3C13-4C4D-8D85-BD648E579F64}
2012-12-15 19:47 - 2012-12-15 19:47 - 00185790 ____A C:\Users\Owner\Desktop\ModLoader.zip
2012-12-15 09:27 - 2012-12-15 09:27 - 00000000 ____D C:\Users\Owner\AppData\Local\{4C51BFD8-1738-45A9-A5BA-ACC8A368907C}
2012-12-14 21:26 - 2012-12-14 21:26 - 00000000 ____D C:\Users\Owner\AppData\Local\{52EE7B13-9E5E-491D-8067-1A93A92B6AD4}
2012-12-13 16:09 - 2012-12-13 16:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{2F09BA0B-876A-4DC8-A43A-2EF6DDA98A65}
2012-12-11 18:24 - 2012-12-11 18:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{63E51F98-9126-426A-9631-45DE0042C1F2}
2012-12-09 20:34 - 2012-12-09 20:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{B48AC490-D368-4BD2-A843-75DC620E2D21}

==================== One Month Modified Files and Folders =======

2013-01-04 17:06 - 2012-06-16 11:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-04 16:50 - 2012-07-27 15:35 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2068272409-2542039905-4093708311-1000UA.job
2013-01-04 16:25 - 2011-07-09 19:35 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-04 14:59 - 2009-07-13 20:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-04 14:59 - 2009-07-13 20:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-04 14:51 - 2011-07-09 19:35 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-04 14:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-04 14:51 - 2009-07-13 20:51 - 00098018 ____A C:\Windows\setupact.log
2013-01-04 00:24 - 2012-12-31 18:23 - 00000000 ____D C:\Users\Owner\Desktop\GMT Updater
2013-01-04 00:24 - 2012-12-31 18:23 - 00000000 ____D C:\Users\Owner\AppData\Local\PixelTail
2013-01-04 00:24 - 2012-12-24 16:41 - 00000000 ____D C:\Program Files\Vovoid VSXu 0.3.1
2013-01-04 00:24 - 2012-12-23 16:23 - 00000000 ___RD C:\Users\Owner\Podcasts
2013-01-04 00:24 - 2012-12-23 16:19 - 00000000 ____D C:\Program Files\Zune
2013-01-04 00:24 - 2012-12-22 19:34 - 00000000 ____D C:\Users\Owner\Desktop\Minecraft Christmas
2013-01-04 00:24 - 2012-10-26 17:14 - 00000000 ____D C:\Users\Owner\Desktop\New folder (2)
2013-01-04 00:24 - 2012-10-06 10:32 - 00000000 ____D C:\Users\Owner\Desktop\TekkitKraft
2013-01-04 00:24 - 2012-08-03 09:51 - 00000000 ____D C:\Users\Owner\Desktop\Slender v0.9.5
2013-01-04 00:24 - 2012-05-25 18:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\.minecraft
2013-01-04 00:24 - 2012-05-11 22:06 - 00000000 ____D C:\Users\Owner\AppData\Roaming\.techniclauncher
2013-01-04 00:24 - 2012-01-15 00:22 - 00000000 ____D C:\Windows\Minidump
2013-01-04 00:24 - 2011-11-29 18:00 - 00000000 ____D C:\Users\Owner\Desktop\Minecraft Skins
2013-01-04 00:24 - 2011-11-26 15:24 - 00000000 ___RD C:\Users\Owner\Desktop\Bukkkit
2013-01-04 00:24 - 2011-07-09 07:23 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
2013-01-04 00:24 - 2011-06-02 07:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Notepad++
2013-01-04 00:24 - 2011-04-24 09:54 - 00000000 ____D C:\Program Files (x86)\Steam
2013-01-04 00:24 - 2011-03-03 04:04 - 00000000 ____D C:\users\Owner
2013-01-03 23:14 - 2009-07-13 20:45 - 00018432 _____ C:\Windows\System32\umstartup.etl
2013-01-03 23:01 - 2011-03-03 04:28 - 00228972 ____A C:\Windows\PFRO.log
2013-01-03 22:54 - 2011-04-09 14:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-01-03 22:50 - 2011-03-03 04:04 - 01247014 ____A C:\Windows\WindowsUpdate.log
2013-01-03 22:43 - 2013-01-03 22:43 - 00306355 ____A C:\Users\Owner\Desktop\Minecraft Hacks.rar
2013-01-02 20:06 - 2013-01-02 20:05 - 07558144 ____A C:\Users\Owner\Downloads\Perevodchik v2.0eng.exe
2013-01-01 22:41 - 2012-07-31 05:20 - 00000000 ____D C:\Users\Owner\AppData\Local\Procaster
2013-01-01 15:47 - 2013-01-01 15:47 - 05019406 ____A C:\Users\Owner\Downloads\Castle Gate by pg5 - 2 Maps.zip
2013-01-01 11:52 - 2013-01-01 11:52 - 00324419 ____A (http://magiclauncher.com) C:\Users\Owner\Downloads\MagicLauncher_1.0.0.exe
2013-01-01 11:14 - 2011-11-09 19:41 - 00000000 ____D C:\Users\Owner\AppData\Local\Paint.NET
2013-01-01 10:45 - 2013-01-02 10:09 - 02322272 ____A C:\Users\Owner\Desktop\Isabella_dIII-v146_4468641.zip
2013-01-01 01:44 - 2013-01-01 00:50 - 00000000 ____D C:\Users\Owner\Desktop\helping Zep
2013-01-01 01:27 - 2013-01-01 01:27 - 00000000 ____D C:\Users\Owner\Desktop\ChatManager
2013-01-01 00:31 - 2013-01-01 00:31 - 00008150 ____A C:\Users\Owner\Desktop\perms.txt
2013-01-01 00:26 - 2013-01-01 00:26 - 00000428 ____A C:\Users\Owner\Desktop\perm.txt
2012-12-31 18:23 - 2012-12-31 18:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Subversion
2012-12-31 18:22 - 2012-12-31 18:22 - 02542695 ____A C:\Users\Owner\Desktop\GMTUpdater_1.2.8.zip
2012-12-29 11:19 - 2011-03-03 06:54 - 00525980 ____A C:\Windows\DirectX.log
2012-12-29 11:04 - 2012-12-29 11:04 - 00000222 ____A C:\Users\Owner\Desktop\Galactic Civilizations I Ultimate Edition.url
2012-12-26 11:23 - 2011-05-19 17:36 - 00000000 ____D C:\Users\Owner\Documents\My Games
2012-12-26 09:34 - 2011-03-03 04:34 - 00058744 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-25 12:49 - 2012-12-25 12:49 - 00000220 ____A C:\Users\Owner\Desktop\Garry's Mod.url
2012-12-25 08:26 - 2012-12-25 08:26 - 00291992 ____A C:\Windows\Minidump\122512-30778-01.dmp
2012-12-25 08:26 - 2012-01-15 00:21 - 862051523 ____A C:\Windows\MEMORY.DMP
2012-12-25 08:26 - 2009-07-13 20:45 - 00268912 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-25 04:50 - 2012-07-27 15:35 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2068272409-2542039905-4093708311-1000Core.job
2012-12-24 16:42 - 2012-12-24 16:42 - 00000000 ____D C:\Users\Owner\vsxu
2012-12-24 16:41 - 2012-12-24 16:40 - 45821522 ____A C:\Users\Owner\Downloads\VSXu_0.3.1_amd64.exe
2012-12-24 16:40 - 2012-12-20 17:23 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-24 16:40 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ShellNew
2012-12-24 16:39 - 2012-12-20 17:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-12-24 16:39 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-12-24 16:39 - 2009-07-13 18:34 - 00000387 ____A C:\Windows\win.ini
2012-12-24 16:37 - 2012-12-24 16:37 - 00000000 ____D C:\Program Files\Microsoft Office
2012-12-24 16:08 - 2012-12-24 15:58 - 1050389616 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\X17-75238.exe
2012-12-24 16:03 - 2012-12-24 16:03 - 00000000 ____D C:\Program Files (x86)\OCSetup
2012-12-24 16:03 - 2011-05-08 05:56 - 00000000 ____D C:\Users\Owner\Tracing
2012-12-24 15:59 - 2012-12-24 15:59 - 56019736 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\X17-30021.exe
2012-12-24 12:49 - 2012-12-24 09:59 - 115228547 ____A C:\Users\Owner\Desktop\Minecraft - Let's Play - Episode 1.wmv
2012-12-24 10:41 - 2011-11-26 16:49 - 00000038 ____A C:\Windows\AviSplitter.INI
2012-12-24 09:22 - 2012-12-24 09:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{B7CF6BCC-9587-4115-97EF-7A2CD1E3E6AD}
2012-12-24 08:28 - 2012-04-06 15:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\.spoutcraft
2012-12-23 18:09 - 2012-12-23 18:09 - 00324419 ____A (http://magiclauncher.com) C:\Users\Owner\Desktop\MagicLauncher_1.0.0.exe
2012-12-23 17:52 - 2012-09-25 17:35 - 05005686 ____A C:\Users\Owner\Downloads\minecraft.jar
2012-12-23 17:48 - 2012-12-23 17:39 - 00000000 ____D C:\Program Files (x86)\Gateway Games
2012-12-23 17:47 - 2012-12-23 17:39 - 00000000 ____D C:\Users\All Users\WildTangent
2012-12-23 17:43 - 2012-12-23 17:43 - 00000000 ____D C:\Users\Owner\AppData\Local\Grubby Games
2012-12-23 17:31 - 2012-12-23 17:31 - 00000147 ____A C:\Users\Owner\Downloads\download link Adobe After Effects CS6.txt
2012-12-23 17:23 - 2012-12-23 17:23 - 00032727 ____A C:\Users\Owner\Downloads\audio-react-1.zip
2012-12-23 17:14 - 2012-12-23 17:14 - 00599689 ____A C:\Users\Owner\Downloads\gulliver-0.10.1-MC1.4.5 (1).zip
2012-12-23 17:14 - 2012-12-23 17:14 - 00599689 ____A C:\Users\Owner\Desktop\gulliver-0.10.1-MC1.4.5.zip
2012-12-23 17:02 - 2011-05-08 05:36 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2012-12-23 16:54 - 2012-12-23 16:53 - 31037288 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-idcrl.exe
2012-12-23 16:49 - 2012-05-31 12:24 - 00000000 ____D C:\UDK
2012-12-23 16:27 - 2012-12-23 16:27 - 00681472 ____A C:\Users\Owner\Downloads\MicrosoftFixit50577.msi
2012-12-23 16:26 - 2012-12-23 16:26 - 00642712 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\gfwlivesetup (1).exe
2012-12-23 16:19 - 2012-12-23 16:19 - 00000927 ____A C:\Users\Public\Desktop\Zune.lnk
2012-12-23 16:18 - 2012-12-23 16:17 - 105664248 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\ZuneSetupPkg.exe
2012-12-23 16:16 - 2012-12-23 16:16 - 00642712 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\gfwlivesetup.exe
2012-12-23 07:30 - 2012-12-23 07:30 - 00000000 ____D C:\Users\Owner\AppData\Local\{36A4DC42-A2FE-4259-B6C8-E2D8898BED74}
2012-12-22 17:22 - 2013-01-01 00:17 - 00009357 ____A C:\Users\Owner\Desktop\permissions.yml
2012-12-22 17:07 - 2013-01-01 00:42 - 00000096 ____A C:\Users\Owner\Desktop\config.yml
2012-12-20 17:53 - 2012-12-20 15:10 - 00000000 ____D C:\Users\Owner\Desktop\Youtube-Livestream Video Supplies
2012-12-20 17:52 - 2012-08-02 18:55 - 00000000 ___RD C:\Users\Owner\Dropbox
2012-12-20 17:52 - 2012-08-02 18:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox
2012-12-20 17:23 - 2012-12-20 17:23 - 00000000 ____D C:\Users\Owner\AppData\Local\Microsoft Help
2012-12-20 17:18 - 2012-12-20 16:55 - 1050389616 ____A (Microsoft Corporation) C:\Users\Owner\Desktop\X17-75238.exe
2012-12-20 16:24 - 2012-12-20 16:24 - 00000000 ____D C:\Users\Owner\Documents\Fan Art
2012-12-20 16:21 - 2012-12-20 16:21 - 00000000 ____D C:\Users\Owner\AppData\Local\{CE0A5D4B-46DD-4F96-A992-FD44C86C8F18}
2012-12-20 13:00 - 2013-01-03 22:43 - 00774656 ____A (Microsoft Corp.) C:\Users\Owner\Desktop\Minecraft Hacks.exe
2012-12-16 11:24 - 2012-12-16 11:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{FAA52D09-3C13-4C4D-8D85-BD648E579F64}
2012-12-15 19:47 - 2012-12-15 19:47 - 00185790 ____A C:\Users\Owner\Desktop\ModLoader.zip
2012-12-15 09:27 - 2012-12-15 09:27 - 00000000 ____D C:\Users\Owner\AppData\Local\{4C51BFD8-1738-45A9-A5BA-ACC8A368907C}
2012-12-14 21:26 - 2012-12-14 21:26 - 00000000 ____D C:\Users\Owner\AppData\Local\{52EE7B13-9E5E-491D-8067-1A93A92B6AD4}
2012-12-13 16:10 - 2012-12-13 16:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{2F09BA0B-876A-4DC8-A43A-2EF6DDA98A65}
2012-12-11 19:06 - 2012-06-16 11:45 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-11 19:06 - 2011-05-17 17:23 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-11 18:24 - 2012-12-11 18:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{63E51F98-9126-426A-9631-45DE0042C1F2}
2012-12-10 17:54 - 2011-05-01 14:02 - 00000000 ____D C:\Fraps
2012-12-09 20:34 - 2012-12-09 20:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{B48AC490-D368-4BD2-A843-75DC620E2D21}


ZeroAccess:
C:\Windows\Installer\{caa981f5-cbfd-8594-def6-5d7fcd241596}
C:\Windows\Installer\{caa981f5-cbfd-8594-def6-5d7fcd241596}\@
C:\Windows\Installer\{caa981f5-cbfd-8594-def6-5d7fcd241596}\L
C:\Windows\Installer\{caa981f5-cbfd-8594-def6-5d7fcd241596}\U
C:\Windows\Installer\{caa981f5-cbfd-8594-def6-5d7fcd241596}\U\00000001.@
C:\Windows\Installer\{caa981f5-cbfd-8594-def6-5d7fcd241596}\U\80000000.@
C:\Windows\Installer\{caa981f5-cbfd-8594-def6-5d7fcd241596}\U\800000cb.@

ZeroAccess:
C:\Users\Owner\AppData\Local\{caa981f5-cbfd-8594-def6-5d7fcd241596}
C:\Users\Owner\AppData\Local\{caa981f5-cbfd-8594-def6-5d7fcd241596}\@
C:\Users\Owner\AppData\Local\{caa981f5-cbfd-8594-def6-5d7fcd241596}\L
C:\Users\Owner\AppData\Local\{caa981f5-cbfd-8594-def6-5d7fcd241596}\n
C:\Users\Owner\AppData\Local\{caa981f5-cbfd-8594-def6-5d7fcd241596}\U
C:\Users\Owner\AppData\Local\{caa981f5-cbfd-8594-def6-5d7fcd241596}\U\00000001.@
C:\Users\Owner\AppData\Local\{caa981f5-cbfd-8594-def6-5d7fcd241596}\U\80000000.@
C:\Users\Owner\AppData\Local\{caa981f5-cbfd-8594-def6-5d7fcd241596}\U\800000cb.@

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-24 16:36:51
Restore point made on: 2012-12-29 11:18:48
Restore point made on: 2013-01-03 22:48:04
Restore point made on: 2013-01-03 22:53:01

==================== Memory info ===========================

Percentage of memory in use: 8%
Total physical RAM: 12276.6 MB
Available physical RAM: 11269.35 MB
Total Pagefile: 12274.75 MB
Available Pagefile: 11265.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:229.07 GB) NTFS
2 Drive e: (VRMSP_EN) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS
3 Drive f: () (Removable) (Total:7.45 GB) (Free:5.7 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 7633 MB Healthy

=========================================================

Last Boot: 2013-01-04 15:16

==================== End Of Log =============================

Edited by Essexboy, 05 January 2013 - 02:17 PM.

  • 0

#7
Essexboy
Posted 05 January 2013 - 02:25 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download the fixlist.txt attached to the same USB as FRST


Run FRST as previously but this time select FIX
Once run a log will be generated on the USB drive

Then boot to normal windows

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

FOLLOWED BY

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#8
Essexboy
Posted 10 January 2013 - 12:38 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP