Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus: Black screen, white cursor, then ad with phone number to fix co


  • This topic is locked This topic is locked

#1
soarwitheagles777

soarwitheagles777

    New Member

  • Member
  • Pip
  • 2 posts

Hi everyone!

 

Our first time here.  Hope to find some help please.

 

ASUS laptop.  I installed a SSD two months ago with clean install of Windows 8.1 Pro.  Everything worked perfect.

 

My wife was attempting to download her college syllabus this evening.  She obviously downloaded more than she thought....

 

Now, when we attempt to turn on the computer, start screen, then black screen with white cursor, then ad with phone number to fix computer.

 

Not sure how to fix this.  

Please help us if you can.  Her classes just started.

Thank you,

Soar


Edited by soarwitheagles777, 24 January 2015 - 02:38 AM.

  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi soarwitheagles777, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 
  • Step #1 Scan with Farbar Recovery Scan Tool

    Prerequisites:
    • A clean PC or an accessible user account; and
    • A flash-drive with at least 1GB storage.
    First Part:Second Part:
    • Connect the flash-drive to the infected PC;
    • Restart your PC;
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears;
    • Use the arrow keys to select Repair your computer;
    • From the language setting choose US and click Next;
    • Select the operating system you want repair and click Next;
    • Select your user-account and click Next;
    • You will enter into the System Recovery and will be presented the following options --
      • Startup Repair
      • System Restore
      • Windows Complete PC Restore
      • Windows Memory Diagnostic Tool
      • Command Prompt
    • Select Command Prompt
    Third Part:
    • In the Command Prompt window type notepad and press Enter;
    • When the Notepad opens, go to File>Open>My Computer and take a mental note of the flash-drive letter;
    • In the Command Prompt window type e:\frst.exe(for 64-bit system type e:\frst64.exe)
      • Note: Replace e with the drive letter of your flash-drive
    • When the program starts, click on Scan;
    • A log named frst.txt will be created after the scan and will be saved in your flash-drive;
    • Copy and Paste the contents of the log in your next reply
 
  • Required Log(s):
    • FRST.txt
Regards,
Valinorum
  • 0

#3
soarwitheagles777

soarwitheagles777

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Thank you for replying Valinorum.

 

I did run the FRST64 before I came to this forum.  I read about it at another website.  But I do not know what to do after running it.

 

Here's the results from frst64:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by SYSTEM on MININT-UE3IK26 on 24-01-2015 00:24:44
Running from D:\
Platform: WIN_8 (X64) OS Language: English (United States)
Boot Mode: Recovery
Attention: Could not load system hive.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
ATTENTION: Software hive is not loaded.
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-24 00:24 - 2015-01-24 00:24 - 00000000 ____D () C:\FRST
2015-01-23 23:07 - 2015-01-23 23:07 - 00000000 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 23:06 - 2015-01-23 23:19 - 00000308 _____ () C:\Windows\setupact.log
2015-01-23 23:06 - 2015-01-23 23:06 - 00000916 _____ () C:\Windows\PFRO.log
2015-01-23 23:06 - 2015-01-23 23:06 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-23 23:00 - 2015-01-23 18:34 - 00048792 _____ (StdLib) C:\Windows\System32\Drivers\{304c2a7d-b0e5-4752-bc7f-90d4456afe97}Gw64.sys
2015-01-23 22:54 - 2015-01-23 23:06 - 00000308 _____ () C:\Windows\Tasks\WSE_Taplika.job
2015-01-23 22:54 - 2015-01-23 22:54 - 00002646 _____ () C:\Windows\System32\Tasks\WSE_Taplika
2015-01-23 22:54 - 2015-01-23 22:54 - 00000000 ____D () C:\Users\TinTin\AppData\Roaming\WSE_Taplika
2015-01-23 22:53 - 2015-01-23 22:53 - 00000000 ____D () C:\ProgramData\{F8A51066-A827-C1E0-19A1-B162C92362EC}
2015-01-23 22:53 - 2015-01-23 22:53 - 00000000 ____D () C:\Program Files (x86)\WSE_Taplika
2015-01-23 22:53 - 2015-01-23 22:53 - 00000000 ____D () C:\Program Files (x86)\Reverse Page
2015-01-23 22:52 - 2015-01-23 23:23 - 00002118 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-10_user.job
2015-01-23 22:52 - 2015-01-23 23:20 - 00004500 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-4.job
2015-01-23 22:52 - 2015-01-23 23:20 - 00002452 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-5_user.job
2015-01-23 22:52 - 2015-01-23 23:20 - 00002452 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-5.job
2015-01-23 22:52 - 2015-01-23 23:20 - 00001356 _____ () C:\Windows\Tasks\JTSHMHM.job
2015-01-23 22:52 - 2015-01-23 23:20 - 00001354 _____ () C:\Windows\Tasks\CVTPQG.job
2015-01-23 22:52 - 2015-01-23 23:19 - 00005524 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-7.job
2015-01-23 22:52 - 2015-01-23 23:19 - 00005524 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-6.job
2015-01-23 22:52 - 2015-01-23 23:19 - 00003128 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-1.job
2015-01-23 22:52 - 2015-01-23 23:19 - 00002116 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-2.job
2015-01-23 22:52 - 2015-01-23 23:19 - 00000936 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-23 22:52 - 2015-01-23 22:57 - 00000940 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-01-23 22:52 - 2015-01-23 22:52 - 01875944 _____ (Joseph CM) C:\Users\TinTin\AppData\Roaming\CVTPQG.exe
2015-01-23 22:52 - 2015-01-23 22:52 - 01557480 _____ (Joseph CM) C:\Users\TinTin\AppData\Roaming\JTSHMHM.exe
2015-01-23 22:52 - 2015-01-23 22:52 - 00008528 _____ () C:\Windows\System32\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-7
2015-01-23 22:52 - 2015-01-23 22:52 - 00008528 _____ () C:\Windows\System32\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-6
2015-01-23 22:52 - 2015-01-23 22:52 - 00007504 _____ () C:\Windows\System32\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-4
2015-01-23 22:52 - 2015-01-23 22:52 - 00006132 _____ () C:\Windows\System32\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-1
2015-01-23 22:52 - 2015-01-23 22:52 - 00005456 _____ () C:\Windows\System32\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-5
2015-01-23 22:52 - 2015-01-23 22:52 - 00005120 _____ () C:\Windows\System32\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-2
2015-01-23 22:52 - 2015-01-23 22:52 - 00004358 _____ () C:\Windows\System32\Tasks\JTSHMHM
2015-01-23 22:52 - 2015-01-23 22:52 - 00004358 _____ () C:\Windows\System32\Tasks\CVTPQG
2015-01-23 22:52 - 2015-01-23 22:52 - 00003912 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-01-23 22:52 - 2015-01-23 22:52 - 00003676 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-01-23 22:52 - 2015-01-23 22:52 - 00000000 ____D () C:\Users\TinTin\AppData\Local\globalUpdate
2015-01-23 22:52 - 2015-01-23 22:52 - 00000000 ____D () C:\Program Files (x86)\TheHDvid-Codec C+
2015-01-23 22:52 - 2015-01-23 22:52 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-01-23 22:52 - 2015-01-23 22:52 - 00000000 ____D () C:\Program Files (x86)\c74242a8-636c-451c-8947-106c861cfdda
2015-01-23 22:48 - 2015-01-23 22:52 - 00000000 ____D () C:\Program Files (x86)\FLVPlayer
2015-01-23 22:48 - 2015-01-23 22:48 - 00000812 _____ () C:\Users\TinTin\Desktop\FLVPlayer.lnk
2015-01-23 22:09 - 2015-01-23 22:09 - 00065472 _____ () C:\Users\TinTin\Downloads\FLVPlayer-Chrome.exe
2015-01-16 18:32 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-01-16 18:32 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2015-01-16 18:32 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ahcache.sys
2015-01-16 18:32 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-01-16 18:32 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2015-01-16 18:32 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2015-01-16 18:32 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-16 18:32 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\System32\Faultrep.dll
2015-01-16 18:32 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-16 18:32 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2015-01-16 18:32 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\System32\WerFaultSecure.exe
2015-01-16 18:32 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-16 18:32 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2015-01-16 18:32 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-01-16 18:32 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2015-01-04 00:59 - 2015-01-04 00:59 - 11353649 _____ () C:\Users\TinTin\Downloads\Waterfalls.themepack
2015-01-04 00:57 - 2015-01-04 00:58 - 12350831 _____ () C:\Users\TinTin\Downloads\Iceland.themepack
2015-01-04 00:56 - 2015-01-04 00:58 - 16924019 _____ () C:\Users\TinTin\Downloads\CommunityShowcaseDramaticSkies.themepack
2015-01-04 00:56 - 2015-01-04 00:57 - 25780408 _____ () C:\Users\TinTin\Downloads\CommunityShowcaseAqua3.themepack
2015-01-04 00:54 - 2015-01-04 00:54 - 09543774 _____ () C:\Users\TinTin\Downloads\BlueWater.themepack
2015-01-04 00:53 - 2015-01-04 00:54 - 12749346 _____ () C:\Users\TinTin\Downloads\SnowyNight.themepack
2015-01-04 00:52 - 2015-01-04 00:53 - 23510675 _____ () C:\Users\TinTin\Downloads\WaterscapesMarkNelson.themepack
2015-01-04 00:50 - 2015-01-04 00:51 - 16496739 _____ () C:\Users\TinTin\Downloads\ScenesYosemiteIngoScholtes.themepack
2015-01-04 00:49 - 2015-01-04 00:50 - 11278409 _____ () C:\Users\TinTin\Downloads\Reflections.themepack
2015-01-04 00:42 - 2015-01-04 00:42 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-04 00:42 - 2015-01-04 00:42 - 00000844 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-04 00:42 - 2015-01-04 00:42 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-04 00:41 - 2015-01-04 00:42 - 05317104 _____ (Piriform Ltd) C:\Users\TinTin\Downloads\ccsetup501.exe
2015-01-03 00:34 - 2015-01-03 00:46 - 00000000 _RSHD () C:\acroldr
2014-12-27 21:32 - 2014-12-27 21:32 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-12-27 21:32 - 2014-12-27 21:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-12-27 20:56 - 2014-12-27 20:56 - 00000000 ____D () C:\Users\TinTin\Desktop\2012 TAX FOLDER
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 23:24 - 2014-09-23 23:17 - 00818732 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-01-23 23:20 - 2013-08-22 05:25 - 00000194 _____ () C:\Windows\win.ini
2015-01-23 23:19 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-23 23:17 - 2014-11-27 09:13 - 00000000 ____D () C:\users\TinTin
2015-01-23 23:08 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\sru
2015-01-23 23:06 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\BBI
2015-01-23 22:53 - 2014-12-23 16:21 - 00001169 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-23 22:53 - 2014-11-25 09:45 - 00001548 _____ () C:\Users\TinTin\Desktop\Google Chrome.lnk
2015-01-23 22:53 - 2014-11-25 00:57 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1816006716-1691034843-748545821-1001
2015-01-23 22:52 - 2014-12-15 21:04 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2015-01-23 22:48 - 2014-11-25 09:43 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816006716-1691034843-748545821-1001UA.job
2015-01-23 18:35 - 2014-11-27 09:24 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{10B68A46-1D1E-4B87-B7D0-2B8C10044920}
2015-01-22 19:20 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-22 19:20 - 2012-07-25 23:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-19 13:32 - 2014-09-24 02:03 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-19 13:32 - 2014-09-24 02:03 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-16 19:00 - 2014-11-25 01:28 - 00000000 ____D () C:\Windows\System32\MRT
2015-01-16 18:59 - 2014-11-25 01:28 - 113365784 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-01-04 00:44 - 2014-12-23 17:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-01-04 00:43 - 2014-11-27 09:11 - 00000000 ___DC () C:\Windows\Panther
2015-01-04 00:33 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-03 00:38 - 2013-08-22 06:44 - 00409712 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-01-03 00:37 - 2014-12-15 21:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-31 03:14 - 2014-11-25 01:54 - 00298120 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2014-12-15 21:59] - [2014-10-28 17:22] - 0572416 ____A (Microsoft Corporation) EC498BAE1F0D3E0E401C963F8D76C437
 
C:\Windows\System32\wininit.exe
[2014-12-15 21:59] - [2014-10-28 17:25] - 0145920 ____A (Microsoft Corporation) A570A64292214C43E0BA50E6A72A6380
 
C:\Windows\explorer.exe
[2014-12-15 21:59] - [2014-10-28 19:57] - 2501368 ____A (Microsoft Corporation) 85D47EB257B06094F052E0C8AEFA3BEE
 
C:\Windows\SysWOW64\explorer.exe
[2014-12-15 22:00] - [2014-10-28 19:10] - 2207488 ____A (Microsoft Corporation) 4B37A33F4F5237BF02E537F8D12D1129
 
C:\Windows\System32\svchost.exe
[2014-12-15 21:59] - [2014-10-28 20:11] - 0038792 ____A (Microsoft Corporation) E3A2AD05E24105B35E986CF9CB38EC47
 
C:\Windows\SysWOW64\svchost.exe
[2014-12-15 22:00] - [2014-10-28 19:17] - 0033088 ____A (Microsoft Corporation) D0ABC231C0B3E88C6B612B28ABBF734D
 
C:\Windows\System32\services.exe
[2014-12-15 21:59] - [2014-10-28 19:53] - 0411128 ____A (Microsoft Corporation) 5BF02EBEFEDC706318C96E2E60EDCB91
 
C:\Windows\System32\User32.dll
[2014-12-15 21:59] - [2014-10-28 20:00] - 1540696 ____A (Microsoft Corporation) 25026E350BC3BE37631634EC72B10BD5
 
C:\Windows\SysWOW64\User32.dll
[2014-12-15 22:00] - [2014-10-28 17:04] - 1376256 ____A (Microsoft Corporation) 76C5CF09F53A3B089B5581B9938F8CAE
 
C:\Windows\System32\userinit.exe
[2014-12-15 21:59] - [2014-10-28 17:28] - 0026112 ____A (Microsoft Corporation) 5C131534A3EA4A461A793FB507A8004F
 
C:\Windows\SysWOW64\userinit.exe
[2014-12-15 22:00] - [2014-10-28 17:05] - 0022528 ____A (Microsoft Corporation) D10643FC0095434C819316CA6CD748C0
 
C:\Windows\System32\rpcss.dll
[2014-12-15 21:59] - [2014-10-28 17:19] - 0817664 ____A (Microsoft Corporation) A6F17C299A03BAFEFB9257C462A19E00
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2014-09-23 23:35] - [2014-09-23 23:35] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB
 
 
==================== Restore Points  =========================
 
Restore point made on: 2015-01-03 00:30:12
Restore point made on: 2015-01-16 18:59:30
Restore point made on: 2015-01-22 19:19:58
 
==================== Memory info =========================== 
 
Percentage of memory in use: 13%
Total physical RAM: 3981.68 MB
Available physical RAM: 3432.54 MB
Total Pagefile: 3981.68 MB
Available Pagefile: 3446.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: (Windows OS) (Fixed) (Total:223.13 GB) (Free:198.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Removable) (Total:15.09 GB) (Free:15.09 GB) FAT32
Drive e: (HRM_CCSA_X64FRE_EN-US_DV5) (CDROM) (Total:3.34 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 000907D4)
Partition 1: (Active) - (Size=223.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15.1 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15.1 GB) - (Type=0C)
 
 
LastRegBack: 2015-01-22 19:19
 
==================== End Of Log ============================

Edited by soarwitheagles777, 24 January 2015 - 10:46 AM.

  • 0

#4
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Please do not open multiple topics as you have done here. It wastes a helper's time and creates unforeseen outcomes.


 
  • Step #2 Fix with FRST
    This section of the fix has two parts. For the first part please peruse the following --

    Make sure that you have access to a clean PC or a functioning user account and still have FRST.exe in your flash drive. If you do not have it, download the suitable version from here to your flash-drive.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      2015-01-23 23:00 - 2015-01-23 18:34 - 00048792 _____ (StdLib) C:\Windows\System32\Drivers\{304c2a7d-b0e5-4752-bc7f-90d4456afe97}Gw64.sys
      2015-01-23 22:54 - 2015-01-23 23:06 - 00000308 _____ () C:\Windows\Tasks\WSE_Taplika.job
      2015-01-23 22:54 - 2015-01-23 22:54 - 00002646 _____ () C:\Windows\System32\Tasks\WSE_Taplika
      2015-01-23 22:54 - 2015-01-23 22:54 - 00000000 ____D () C:\Users\TinTin\AppData\Roaming\WSE_Taplika
      2015-01-23 22:53 - 2015-01-23 22:53 - 00000000 ____D () C:\Program Files (x86)\WSE_Taplika
      2015-01-23 22:53 - 2015-01-23 22:53 - 00000000 ____D () C:\Program Files (x86)\Reverse Page
      2015-01-23 22:52 - 2015-01-23 22:52 - 01875944 _____ (Joseph CM) C:\Users\TinTin\AppData\Roaming\CVTPQG.exe
      2015-01-23 22:52 - 2015-01-23 22:52 - 01557480 _____ (Joseph CM) C:\Users\TinTin\AppData\Roaming\JTSHMHM.exe
      2015-01-23 22:52 - 2015-01-23 22:52 - 00000000 ____D () C:\Users\TinTin\AppData\Local\globalUpdate
      2015-01-23 22:52 - 2015-01-23 22:52 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
      LastRegBack: 2015-01-22 19:19
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt
      • From the Save as type drop down list, choose All Files
    • Copy and Paste fixlist.txt to your flash drive.
    You are ready to move on to the second part. Please peruse --
    • Connect your flash drive to the infected PC;
    • Enter the System Recovery Options and select Command Prompt;
    • Run FRST.exe( or FRST64.exe for 64-bit machine) again as outlined in the previous post;
    • Click on Fix;
    • After the fix a log will be created in the flash drive named FixLog.txt;
    • Copy and Paste the contents of the log in your next reply;
    • Try to boot into Normal Mode.
 
  • Required Log(s):
    • FRST Fix Log
Regards,
Valinorum
  • 0

#5
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP