[soarwitheagles777]

Hi everyone!

 

Our first time here.  Hope to find some help please.

 

ASUS laptop.  I installed a SSD two months ago with clean install of Windows 8.1 Pro.  Everything worked perfect.

 

My wife was attempting to download her college syllabus this evening.  She obviously downloaded more than she thought....

 

Now, when we attempt to turn on the computer, start screen, then black screen with white cursor, then ad with phone number to fix computer.

 

Not sure how to fix this.  

Please help us if you can.  Her classes just started.

Thank you,

Soar

Edited by soarwitheagles777, 24 January 2015 - 02:38 AM.

[Advertisements]

Hi soarwitheagles777,



My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

• Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
• Please do not install any new software while we are working on this system as it may hinder our process.
• Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
• Please do not try to fix anything without being ask.
• Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
• Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
• Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
• If you are confused about any instruction, stop and ask. Do not keep on going.
• Do not repeat the steps if you face any problems.
• I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
• Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
• The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

 

• Step #1 Scan with Farbar Recovery Scan Tool
  
  Prerequisites:
  • A clean PC or an accessible user account; and
  • A flash-drive with at least 1GB storage.
  First Part:
  • Download Farbar Recovery Scan Tool(FRST) by Farbar to your Desktop of the clean PC.
    Download link for 32-bit system.
    Download link for 64-bit system.
  • Plug the flash-drive into the clean PC;
  • Copy the correct version of FRST to the flash-drive
  Second Part:
  • Connect the flash-drive to the infected PC;
  • Restart your PC;
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears;
  • Use the arrow keys to select Repair your computer;
  • From the language setting choose US and click Next;
  • Select the operating system you want repair and click Next;
  • Select your user-account and click Next;
  • You will enter into the System Recovery and will be presented the following options --
    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
  • Select Command Prompt
  Third Part:
  • In the Command Prompt window type notepad and press Enter;
  • When the Notepad opens, go to File>Open>My Computer and take a mental note of the flash-drive letter;
  • In the Command Prompt window type e:\frst.exe(for 64-bit system type e:\frst64.exe)
    • Note: Replace e with the drive letter of your flash-drive
  • When the program starts, click on Scan;
  • A log named frst.txt will be created after the scan and will be saved in your flash-drive;
  • Copy and Paste the contents of the log in your next reply

 

• Required Log(s):
  • FRST.txt

Regards,
Valinorum

[Valinorum]

Hi soarwitheagles777,



My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

• Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
• Please do not install any new software while we are working on this system as it may hinder our process.
• Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
• Please do not try to fix anything without being ask.
• Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
• Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
• Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
• If you are confused about any instruction, stop and ask. Do not keep on going.
• Do not repeat the steps if you face any problems.
• I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
• Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
• The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

 

• Step #1 Scan with Farbar Recovery Scan Tool
  
  Prerequisites:
  • A clean PC or an accessible user account; and
  • A flash-drive with at least 1GB storage.
  First Part:
  • Download Farbar Recovery Scan Tool(FRST) by Farbar to your Desktop of the clean PC.
    Download link for 32-bit system.
    Download link for 64-bit system.
  • Plug the flash-drive into the clean PC;
  • Copy the correct version of FRST to the flash-drive
  Second Part:
  • Connect the flash-drive to the infected PC;
  • Restart your PC;
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears;
  • Use the arrow keys to select Repair your computer;
  • From the language setting choose US and click Next;
  • Select the operating system you want repair and click Next;
  • Select your user-account and click Next;
  • You will enter into the System Recovery and will be presented the following options --
    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
  • Select Command Prompt
  Third Part:
  • In the Command Prompt window type notepad and press Enter;
  • When the Notepad opens, go to File>Open>My Computer and take a mental note of the flash-drive letter;
  • In the Command Prompt window type e:\frst.exe(for 64-bit system type e:\frst64.exe)
    • Note: Replace e with the drive letter of your flash-drive
  • When the program starts, click on Scan;
  • A log named frst.txt will be created after the scan and will be saved in your flash-drive;
  • Copy and Paste the contents of the log in your next reply

 

• Required Log(s):
  • FRST.txt

Regards,
Valinorum

[soarwitheagles777]

Thank you for replying Valinorum.

 

I did run the FRST64 before I came to this forum.  I read about it at another website.  But I do not know what to do after running it.

 

Here's the results from frst64:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by SYSTEM on MININT-UE3IK26 on 24-01-2015 00:24:44

Running from D:\

Platform: WIN_8 (X64) OS Language: English (United States)

Boot Mode: Recovery

Attention: Could not load system hive.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

ATTENTION: Software hive is not loaded.

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-24 00:24 - 2015-01-24 00:24 - 00000000 ____D () C:\FRST

2015-01-23 23:07 - 2015-01-23 23:07 - 00000000 _____ () C:\Windows\WindowsUpdate.log

2015-01-23 23:06 - 2015-01-23 23:19 - 00000308 _____ () C:\Windows\setupact.log

2015-01-23 23:06 - 2015-01-23 23:06 - 00000916 _____ () C:\Windows\PFRO.log

2015-01-23 23:06 - 2015-01-23 23:06 - 00000000 _____ () C:\Windows\setuperr.log

2015-01-23 23:00 - 2015-01-23 18:34 - 00048792 _____ (StdLib) C:\Windows\System32\Drivers\{304c2a7d-b0e5-4752-bc7f-90d4456afe97}Gw64.sys

2015-01-23 22:54 - 2015-01-23 23:06 - 00000308 _____ () C:\Windows\Tasks\WSE_Taplika.job

2015-01-23 22:54 - 2015-01-23 22:54 - 00002646 _____ () C:\Windows\System32\Tasks\WSE_Taplika

2015-01-23 22:54 - 2015-01-23 22:54 - 00000000 ____D () C:\Users\TinTin\AppData\Roaming\WSE_Taplika

2015-01-23 22:53 - 2015-01-23 22:53 - 00000000 ____D () C:\ProgramData\{F8A51066-A827-C1E0-19A1-B162C92362EC}

2015-01-23 22:53 - 2015-01-23 22:53 - 00000000 ____D () C:\Program Files (x86)\WSE_Taplika

2015-01-23 22:53 - 2015-01-23 22:53 - 00000000 ____D () C:\Program Files (x86)\Reverse Page

2015-01-23 22:52 - 2015-01-23 23:23 - 00002118 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-10_user.job

2015-01-23 22:52 - 2015-01-23 23:20 - 00004500 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-4.job

2015-01-23 22:52 - 2015-01-23 23:20 - 00002452 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-5_user.job

2015-01-23 22:52 - 2015-01-23 23:20 - 00002452 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-5.job

2015-01-23 22:52 - 2015-01-23 23:20 - 00001356 _____ () C:\Windows\Tasks\JTSHMHM.job

2015-01-23 22:52 - 2015-01-23 23:20 - 00001354 _____ () C:\Windows\Tasks\CVTPQG.job

2015-01-23 22:52 - 2015-01-23 23:19 - 00005524 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-7.job

2015-01-23 22:52 - 2015-01-23 23:19 - 00005524 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-6.job

2015-01-23 22:52 - 2015-01-23 23:19 - 00003128 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-1.job

2015-01-23 22:52 - 2015-01-23 23:19 - 00002116 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-2.job

2015-01-23 22:52 - 2015-01-23 23:19 - 00000936 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job

2015-01-23 22:52 - 2015-01-23 22:57 - 00000940 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job

2015-01-23 22:52 - 2015-01-23 22:52 - 01875944 _____ (Joseph CM) C:\Users\TinTin\AppData\Roaming\CVTPQG.exe

2015-01-23 22:52 - 2015-01-23 22:52 - 01557480 _____ (Joseph CM) C:\Users\TinTin\AppData\Roaming\JTSHMHM.exe

2015-01-23 22:52 - 2015-01-23 22:52 - 00008528 _____ () C:\Windows\System32\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-7

2015-01-23 22:52 - 2015-01-23 22:52 - 00008528 _____ () C:\Windows\System32\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-6

2015-01-23 22:52 - 2015-01-23 22:52 - 00007504 _____ () C:\Windows\System32\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-4

2015-01-23 22:52 - 2015-01-23 22:52 - 00006132 _____ () C:\Windows\System32\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-1

2015-01-23 22:52 - 2015-01-23 22:52 - 00005456 _____ () C:\Windows\System32\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-5

2015-01-23 22:52 - 2015-01-23 22:52 - 00005120 _____ () C:\Windows\System32\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-2

2015-01-23 22:52 - 2015-01-23 22:52 - 00004358 _____ () C:\Windows\System32\Tasks\JTSHMHM

2015-01-23 22:52 - 2015-01-23 22:52 - 00004358 _____ () C:\Windows\System32\Tasks\CVTPQG

2015-01-23 22:52 - 2015-01-23 22:52 - 00003912 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA

2015-01-23 22:52 - 2015-01-23 22:52 - 00003676 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore

2015-01-23 22:52 - 2015-01-23 22:52 - 00000000 ____D () C:\Users\TinTin\AppData\Local\globalUpdate

2015-01-23 22:52 - 2015-01-23 22:52 - 00000000 ____D () C:\Program Files (x86)\TheHDvid-Codec C+

2015-01-23 22:52 - 2015-01-23 22:52 - 00000000 ____D () C:\Program Files (x86)\globalUpdate

2015-01-23 22:52 - 2015-01-23 22:52 - 00000000 ____D () C:\Program Files (x86)\c74242a8-636c-451c-8947-106c861cfdda

2015-01-23 22:48 - 2015-01-23 22:52 - 00000000 ____D () C:\Program Files (x86)\FLVPlayer

2015-01-23 22:48 - 2015-01-23 22:48 - 00000812 _____ () C:\Users\TinTin\Desktop\FLVPlayer.lnk

2015-01-23 22:09 - 2015-01-23 22:09 - 00065472 _____ () C:\Users\TinTin\Downloads\FLVPlayer-Chrome.exe

2015-01-16 18:32 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys

2015-01-16 18:32 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe

2015-01-16 18:32 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ahcache.sys

2015-01-16 18:32 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2015-01-16 18:32 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll

2015-01-16 18:32 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll

2015-01-16 18:32 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2015-01-16 18:32 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\System32\Faultrep.dll

2015-01-16 18:32 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll

2015-01-16 18:32 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll

2015-01-16 18:32 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\System32\WerFaultSecure.exe

2015-01-16 18:32 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe

2015-01-16 18:32 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll

2015-01-16 18:32 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll

2015-01-16 18:32 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll

2015-01-04 00:59 - 2015-01-04 00:59 - 11353649 _____ () C:\Users\TinTin\Downloads\Waterfalls.themepack

2015-01-04 00:57 - 2015-01-04 00:58 - 12350831 _____ () C:\Users\TinTin\Downloads\Iceland.themepack

2015-01-04 00:56 - 2015-01-04 00:58 - 16924019 _____ () C:\Users\TinTin\Downloads\CommunityShowcaseDramaticSkies.themepack

2015-01-04 00:56 - 2015-01-04 00:57 - 25780408 _____ () C:\Users\TinTin\Downloads\CommunityShowcaseAqua3.themepack

2015-01-04 00:54 - 2015-01-04 00:54 - 09543774 _____ () C:\Users\TinTin\Downloads\BlueWater.themepack

2015-01-04 00:53 - 2015-01-04 00:54 - 12749346 _____ () C:\Users\TinTin\Downloads\SnowyNight.themepack

2015-01-04 00:52 - 2015-01-04 00:53 - 23510675 _____ () C:\Users\TinTin\Downloads\WaterscapesMarkNelson.themepack

2015-01-04 00:50 - 2015-01-04 00:51 - 16496739 _____ () C:\Users\TinTin\Downloads\ScenesYosemiteIngoScholtes.themepack

2015-01-04 00:49 - 2015-01-04 00:50 - 11278409 _____ () C:\Users\TinTin\Downloads\Reflections.themepack

2015-01-04 00:42 - 2015-01-04 00:42 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2015-01-04 00:42 - 2015-01-04 00:42 - 00000844 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2015-01-04 00:42 - 2015-01-04 00:42 - 00000000 ____D () C:\Program Files\CCleaner

2015-01-04 00:41 - 2015-01-04 00:42 - 05317104 _____ (Piriform Ltd) C:\Users\TinTin\Downloads\ccsetup501.exe

2015-01-03 00:34 - 2015-01-03 00:46 - 00000000 _RSHD () C:\acroldr

2014-12-27 21:32 - 2014-12-27 21:32 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help

2014-12-27 21:32 - 2014-12-27 21:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help

2014-12-27 20:56 - 2014-12-27 20:56 - 00000000 ____D () C:\Users\TinTin\Desktop\2012 TAX FOLDER

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-23 23:24 - 2014-09-23 23:17 - 00818732 _____ () C:\Windows\System32\PerfStringBackup.INI

2015-01-23 23:20 - 2013-08-22 05:25 - 00000194 _____ () C:\Windows\win.ini

2015-01-23 23:19 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-23 23:17 - 2014-11-27 09:13 - 00000000 ____D () C:\users\TinTin

2015-01-23 23:08 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\sru

2015-01-23 23:06 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\BBI

2015-01-23 22:53 - 2014-12-23 16:21 - 00001169 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-01-23 22:53 - 2014-11-25 09:45 - 00001548 _____ () C:\Users\TinTin\Desktop\Google Chrome.lnk

2015-01-23 22:53 - 2014-11-25 00:57 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1816006716-1691034843-748545821-1001

2015-01-23 22:52 - 2014-12-15 21:04 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite

2015-01-23 22:48 - 2014-11-25 09:43 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816006716-1691034843-748545821-1001UA.job

2015-01-23 18:35 - 2014-11-27 09:24 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{10B68A46-1D1E-4B87-B7D0-2B8C10044920}

2015-01-22 19:20 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness

2015-01-22 19:20 - 2012-07-25 23:59 - 00000000 ____D () C:\Windows\CbsTemp

2015-01-19 13:32 - 2014-09-24 02:03 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-19 13:32 - 2014-09-24 02:03 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-16 19:00 - 2014-11-25 01:28 - 00000000 ____D () C:\Windows\System32\MRT

2015-01-16 18:59 - 2014-11-25 01:28 - 113365784 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

2015-01-04 00:44 - 2014-12-23 17:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2015-01-04 00:43 - 2014-11-27 09:11 - 00000000 ___DC () C:\Windows\Panther

2015-01-04 00:33 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\LiveKernelReports

2015-01-03 00:38 - 2013-08-22 06:44 - 00409712 _____ () C:\Windows\System32\FNTCACHE.DAT

2015-01-03 00:37 - 2014-12-15 21:14 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-31 03:14 - 2014-11-25 01:54 - 00298120 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

 

==================== Known DLLs (Whitelisted) ================

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe

[2014-12-15 21:59] - [2014-10-28 17:22] - 0572416 ____A (Microsoft Corporation) EC498BAE1F0D3E0E401C963F8D76C437

 

C:\Windows\System32\wininit.exe

[2014-12-15 21:59] - [2014-10-28 17:25] - 0145920 ____A (Microsoft Corporation) A570A64292214C43E0BA50E6A72A6380

 

C:\Windows\explorer.exe

[2014-12-15 21:59] - [2014-10-28 19:57] - 2501368 ____A (Microsoft Corporation) 85D47EB257B06094F052E0C8AEFA3BEE

 

C:\Windows\SysWOW64\explorer.exe

[2014-12-15 22:00] - [2014-10-28 19:10] - 2207488 ____A (Microsoft Corporation) 4B37A33F4F5237BF02E537F8D12D1129

 

C:\Windows\System32\svchost.exe

[2014-12-15 21:59] - [2014-10-28 20:11] - 0038792 ____A (Microsoft Corporation) E3A2AD05E24105B35E986CF9CB38EC47

 

C:\Windows\SysWOW64\svchost.exe

[2014-12-15 22:00] - [2014-10-28 19:17] - 0033088 ____A (Microsoft Corporation) D0ABC231C0B3E88C6B612B28ABBF734D

 

C:\Windows\System32\services.exe

[2014-12-15 21:59] - [2014-10-28 19:53] - 0411128 ____A (Microsoft Corporation) 5BF02EBEFEDC706318C96E2E60EDCB91

 

C:\Windows\System32\User32.dll

[2014-12-15 21:59] - [2014-10-28 20:00] - 1540696 ____A (Microsoft Corporation) 25026E350BC3BE37631634EC72B10BD5

 

C:\Windows\SysWOW64\User32.dll

[2014-12-15 22:00] - [2014-10-28 17:04] - 1376256 ____A (Microsoft Corporation) 76C5CF09F53A3B089B5581B9938F8CAE

 

C:\Windows\System32\userinit.exe

[2014-12-15 21:59] - [2014-10-28 17:28] - 0026112 ____A (Microsoft Corporation) 5C131534A3EA4A461A793FB507A8004F

 

C:\Windows\SysWOW64\userinit.exe

[2014-12-15 22:00] - [2014-10-28 17:05] - 0022528 ____A (Microsoft Corporation) D10643FC0095434C819316CA6CD748C0

 

C:\Windows\System32\rpcss.dll

[2014-12-15 21:59] - [2014-10-28 17:19] - 0817664 ____A (Microsoft Corporation) A6F17C299A03BAFEFB9257C462A19E00

 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.

C:\Windows\System32\Drivers\volsnap.sys

[2014-09-23 23:35] - [2014-09-23 23:35] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB

 

 

==================== Restore Points  =========================

 

Restore point made on: 2015-01-03 00:30:12

Restore point made on: 2015-01-16 18:59:30

Restore point made on: 2015-01-22 19:19:58

 

==================== Memory info =========================== 

 

Percentage of memory in use: 13%

Total physical RAM: 3981.68 MB

Available physical RAM: 3432.54 MB

Total Pagefile: 3981.68 MB

Available Pagefile: 3446.81 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

 

==================== Drives ================================

 

Drive c: (Windows OS) (Fixed) (Total:223.13 GB) (Free:198.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: () (Removable) (Total:15.09 GB) (Free:15.09 GB) FAT32

Drive e: (HRM_CCSA_X64FRE_EN-US_DV5) (CDROM) (Total:3.34 GB) (Free:0 GB) UDF

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 000907D4)

Partition 1: (Active) - (Size=223.1 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15.1 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=15.1 GB) - (Type=0C)

 

 

LastRegBack: 2015-01-22 19:19

 

==================== End Of Log ============================

Edited by soarwitheagles777, 24 January 2015 - 10:46 AM.

[Valinorum]

Please do not open multiple topics as you have done here. It wastes a helper's time and creates unforeseen outcomes.


 

• Step #2 Fix with FRST
  This section of the fix has two parts. For the first part please peruse the following --
  
  Make sure that you have access to a clean PC or a functioning user account and still have FRST.exe in your flash drive. If you do not have it, download the suitable version from here to your flash-drive.
  • Open Notepad.exe. Do not use any other text editor software;
  • Copy and Paste the contents inside the code-box to your Notepad --
    

    Start
    2015-01-23 23:00 - 2015-01-23 18:34 - 00048792 _____ (StdLib) C:\Windows\System32\Drivers\{304c2a7d-b0e5-4752-bc7f-90d4456afe97}Gw64.sys
    2015-01-23 22:54 - 2015-01-23 23:06 - 00000308 _____ () C:\Windows\Tasks\WSE_Taplika.job
    2015-01-23 22:54 - 2015-01-23 22:54 - 00002646 _____ () C:\Windows\System32\Tasks\WSE_Taplika
    2015-01-23 22:54 - 2015-01-23 22:54 - 00000000 ____D () C:\Users\TinTin\AppData\Roaming\WSE_Taplika
    2015-01-23 22:53 - 2015-01-23 22:53 - 00000000 ____D () C:\Program Files (x86)\WSE_Taplika
    2015-01-23 22:53 - 2015-01-23 22:53 - 00000000 ____D () C:\Program Files (x86)\Reverse Page
    2015-01-23 22:52 - 2015-01-23 22:52 - 01875944 _____ (Joseph CM) C:\Users\TinTin\AppData\Roaming\CVTPQG.exe
    2015-01-23 22:52 - 2015-01-23 22:52 - 01557480 _____ (Joseph CM) C:\Users\TinTin\AppData\Roaming\JTSHMHM.exe
    2015-01-23 22:52 - 2015-01-23 22:52 - 00000000 ____D () C:\Users\TinTin\AppData\Local\globalUpdate
    2015-01-23 22:52 - 2015-01-23 22:52 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
    LastRegBack: 2015-01-22 19:19
    End

  • Click on File > Save as...
    • Inside the File Name box type fixlist.txt
    • From the Save as type drop down list, choose All Files
  • Copy and Paste fixlist.txt to your flash drive.
  You are ready to move on to the second part. Please peruse --
  • Connect your flash drive to the infected PC;
  • Enter the System Recovery Options and select Command Prompt;
  • Run FRST.exe( or FRST64.exe for 64-bit machine) again as outlined in the previous post;
  • Click on Fix;
  • After the fix a log will be created in the flash drive named FixLog.txt;
  • Copy and Paste the contents of the log in your next reply;
  • Try to boot into Normal Mode.

 

• Required Log(s):
  • FRST Fix Log

Regards,
Valinorum

[Valinorum]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.