Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

View Download Virus ?


  • This topic is locked This topic is locked

#1
kmad61

kmad61

    Member

  • Member
  • PipPip
  • 83 posts

Got an older Dell desktop and cant open any programs or go to internet....A view download box pops up and takes control....The box keeps showing downloaded files over and over.....tried to go in safemode and scan but all things lead to the View download box.

 

Amd 2.2

Vista


  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Hello kmad61,

 

Here are some instructions to help you access the Recovery Environment to run a scan.

There are two options shown below. For the first, you will only need a flash drive or some such, for the second, you will need both a flash drive and a Windows Installation Disk..

If you have a Windows Installation disc for that machine and are unable to use the first option, then option two will be a good one to try.

Now

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

 To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will create a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 


  • 0

#3
kmad61

kmad61

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

Frst log

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015 (ATTENTION: ====> FRST version is 9 days old and could be outdated)
Ran by SYSTEM on MINWINPC on 29-04-2015 13:12:24
Running from d:\
Platform: Windows Vista ™ Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-07-11] ()
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-28] (Google)
HKLM\...\Run: [ECenter] => c:\dell\E-Center\EULALauncher.exe [17920 2006-11-17] ( )
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [dlcxmon.exe] => C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [291720 2006-11-03] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [304008 2006-11-03] ()
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Dell PC Fax\fm3032.exe [312200 2006-11-03] ()
HKLM\...\Run: [DLCXCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,[email protected]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [286720 2007-08-16] (Apple Inc.)
HKLM\...\Run: [EarthLink Installer] => " /C
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [63712 2007-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1174179230\ee\AOLSoftware.exe [50736 2006-09-25] (America Online, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [ISTray] => C:\Program Files\Spyware Doctor\pctsTray.exe [1173384 2008-12-08] (PC Tools)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-29] (AVAST Software)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Windows\sttray.exe [303104 2007-02-07] (SigmaTel, Inc.)
HKU\Default\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [446976 2006-11-11] (Gteko Ltd.)
HKU\Default User\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [446976 2006-11-11] (Gteko Ltd.)
HKU\lynndale\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [446976 2006-11-11] (Gteko Ltd.)
HKU\lynndale\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\lynndale\...\Run: [AOL Fast Start] => "C:\Program Files\AOL 9.0\AOL.EXE" -b
HKU\lynndale\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\lynndale\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2008-01-18] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-28] (Google)

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [0 2014-07-08] () <==== ATTENTION (zero size file/folder)
S2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-22] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-22] (AVAST Software)
S2 dlcx_device; C:\Windows\system32\dlcxcoms.exe [537480 2006-11-03] ( )
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2006-11-07] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-28] (Google)
S2 sdAuxService; C:\Program Files\Spyware Doctor\pctsAuxs.exe [348752 2009-01-07] (PC Tools)
S2 sdCoreService; C:\Program Files\Spyware Doctor\pctsSvc.exe [1095560 2009-01-21] (PC Tools)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-22] ()
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-07-22] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-22] (AVAST Software)
S0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2013-07-17] (ALWIL Software)
S0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [252872 2014-07-22] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-07-22] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-07-22] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-21] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-22] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-07-22] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-07-22] ()
S2 dsunidrv; C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.)
S0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [130936 2009-04-03] (PC Tools)
S3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-07] (SigmaTel, Inc.)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 18:40 - 2015-04-20 18:41 - 00000000 ____D () C:\FRST
2015-04-13 11:38 - 2015-04-13 11:38 - 00000680 _____ () C:\Users\lynndale\AppData\Local\d3d9caps.dat
2015-04-13 11:33 - 2015-04-13 11:23 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\lynndale\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-13 10:56 - 2015-04-13 10:56 - 207090782 _____ () C:\Windows\MEMORY.DMP
2015-04-13 10:56 - 2015-04-13 10:56 - 00140392 _____ () C:\Windows\Minidump\Mini041315-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 17:19 - 2006-11-02 04:47 - 00003568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-27 17:19 - 2006-11-02 04:47 - 00003568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-27 13:36 - 2011-09-25 16:47 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-27 13:24 - 2006-11-02 02:33 - 00759582 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-04-27 13:23 - 2007-03-14 00:54 - 01282403 _____ () C:\Windows\WindowsUpdate.log
2015-04-26 17:14 - 2007-03-17 15:39 - 00000000 ____D () C:\users\lynndale
2015-04-26 17:10 - 2015-01-12 17:10 - 00002447 _____ () C:\Windows\setupact.log

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2015-03-16 22:04:26
Restore point made on: 2015-03-17 20:00:21
Restore point made on: 2015-03-18 20:00:22
Restore point made on: 2015-03-23 11:21:43
Restore point made on: 2015-03-23 12:25:03
Restore point made on: 2015-03-24 20:00:10
Restore point made on: 2015-03-25 20:00:11
Restore point made on: 2015-03-26 08:31:12
Restore point made on: 2015-03-26 22:15:23
Restore point made on: 2015-03-27 20:00:13
Restore point made on: 2015-03-28 20:00:09
Restore point made on: 2015-03-29 15:02:42
Restore point made on: 2015-03-30 20:00:12
Restore point made on: 2015-03-30 22:15:22
Restore point made on: 2015-03-31 20:00:13
Restore point made on: 2015-04-01 20:00:14
Restore point made on: 2015-04-26 18:26:45
Restore point made on: 2015-04-27 13:49:38

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 3069.88 MB
Available physical RAM: 2703.23 MB
Total Pagefile: 2968.47 MB
Available Pagefile: 2823.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1988.36 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:138.96 GB) (Free:79.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (KINGSTON) (Removable) (Total:3.72 GB) (Free:3.7 GB) FAT32
Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:0.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 50000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

LastRegBack: 2015-04-27 13:25

==================== End Of Log ============================


  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Hello Kmad61,

 

Download the attached fixlist.txt file and save it to the flashdrive.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Please enter System Recovery Options, as we've done previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

After that try rebooting your machine. If it doesn't work you may have to run repair my computer.

Come back and tell me how it went. :)

Attached Files


  • 0

#5
kmad61

kmad61

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

When I booted up I got to password screen and was unable to type the letters.....Keyboard is lit up.

 

 

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2015
Ran by SYSTEM at 2015-05-03 10:59:18 Run:2
Running from d:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-29] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-22] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-22] (AVAST Software)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-22] ()
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-07-22] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-22] (AVAST Software)
S0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2013-07-17] (ALWIL Software)
S0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [252872 2014-07-22] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-07-22] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-07-22] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-21] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-22] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-07-22] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-07-22] ()
C:\Program Files\AVAST Software
C:\Windows\system32\drivers\aswHwid.sys
C:\Windows\system32\drivers\aswKbd.sys
C:\Windows\system32\drivers\aswMonFlt.sys
C:\Windows\System32\DRIVERS\aswNdis.sys
C:\Windows\System32\Drivers\aswNdis2.sys
C:\Windows\System32\Drivers\aswRvrt.sys
C:\Windows\system32\drivers\aswSnx.sys
C:\Windows\system32\drivers\aswSP.sys
C:\Windows\system32\drivers\aswTdi.sys
C:\Windows\System32\Drivers\aswVmm.sys

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe => value deleted successfully.
avast! Antivirus => Service deleted successfully.
avast! Firewall => Service deleted successfully.
aswHwid => Service deleted successfully.
aswKbd => Service deleted successfully.
aswMonFlt => Service deleted successfully.
aswNdis => Service deleted successfully.
aswNdis2 => Service deleted successfully.
aswRdr => Service deleted successfully.
aswRvrt => Service deleted successfully.
aswSnx => Service deleted successfully.
aswSP => Service deleted successfully.
aswTdi => Service deleted successfully.
aswVmm => Service deleted successfully.
C:\Program Files\AVAST Software => Moved successfully.
C:\Windows\system32\drivers\aswHwid.sys => Moved successfully.
C:\Windows\system32\drivers\aswKbd.sys => Moved successfully.
C:\Windows\system32\drivers\aswMonFlt.sys => Moved successfully.
C:\Windows\System32\DRIVERS\aswNdis.sys => Moved successfully.
C:\Windows\System32\Drivers\aswNdis2.sys => Moved successfully.
C:\Windows\System32\Drivers\aswRvrt.sys => Moved successfully.
C:\Windows\system32\drivers\aswSnx.sys => Moved successfully.
C:\Windows\system32\drivers\aswSP.sys => Moved successfully.
C:\Windows\system32\drivers\aswTdi.sys => Moved successfully.
C:\Windows\System32\Drivers\aswVmm.sys => Moved successfully.

==== End of Fixlog 10:59:43 ====


  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

If you can boot into Safe Mode try signing in as Administrator, see link below:

http://windows.micro...e=windows-vista

If that doesn't work then:

If you have your installation disk or if your system has a pre-installed recovery option then try a Startup Repair.

Go to Startup Repair for information on how to use Startup Repair in Vista.

If neither of those work then using System Recovery Options as you did for running FRST do this:

On the System Recovery Options menu you will get the following options:

        Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt

  • Access the Command Prompt option.
  •     In the command window type in notepad and press Enter.
  •     The notepad opens. Under File menu select Open.
  •     Select "Computer" and find your hard drive letter and close the notepad.
  •     In the command window type CD\ and press Enter
  • Note: Replace letter C with the drive letter of your hard drive.
  • Type the following command, and then press ENTER:
     
    sfc /scannow
  • Please note that there is a single space between sfc and /scannow.
  •     When prompted, type in Y and press Enter.

Allow System File Scanner to complete its run.

After that has done it's work see you can boot up.

If you are unable to boot up after that then try this:

On the System Recovery Options menu you will get the following options:

        Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt

  • Select Command Prompt
  •    In the command window type in notepad and press Enter.
  •    The notepad opens. Under File menu select Open.
  •    Select "Computer" and find your hard drive letter and close the notepad.
  •    In the command window type C: and press Enter
  •    Note: Replace letter C with the drive letter of your hard drive.
  •    Type in chkdsk /b and press Enter (notice the gap... it should be there.)
  •    When prompted, type in Y and press Enter.
  •    Allow chkdsk to perform all 5 stages. This may take some time, so please be patient.
  •    When complete, close the Command Prompt window, and click on the Restart button to restart your computer.

 

If you are able to boot up from any of the above methods then download the latest version of FRST to your machines desktop and run a FRST scan with the Additions box ticked - see instructions below:

Important - We ask that the tools we use be downloaded to your computers desktop.

If you are unsure about how to do that, please press the Show button beside Spoiler below to see guides for the most popular browsers:

Spoiler

Next

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) and a log in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.
     

  • 0

#7
kmad61

kmad61

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

did a system restore back 3 mo and pc booted to desktop and the view download box poped up and took over the machine.back to square 1


  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

 

did a system restore back 3 mo

 

My bad, I should have told you not to carry out any actions other than those I posted. It might not be the problem but if there was corruption (in this case of Avast) or malware in System Restore you may have reintroduced it.

 

For next time, if the actions outlined don't work please come back and tell me. :)

 

Now

 

Let's see if we can get another look at things.

 

The copy of FRST you have on your flash drive is out of date.

Please download the latest version of Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will create a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 

 

 


  • 0

#9
kmad61

kmad61

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Fresh frst log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015 (ATTENTION: ====> FRST version is 15 days old and could be outdated)
Ran by SYSTEM on MINWINPC on 05-05-2015 13:05:16
Running from d:\
Platform: Windows Vista ™ Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-07-11] ()
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-28] (Google)
HKLM\...\Run: [ECenter] => c:\dell\E-Center\EULALauncher.exe [17920 2006-11-17] ( )
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [dlcxmon.exe] => C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [291720 2006-11-03] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [304008 2006-11-03] ()
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Dell PC Fax\fm3032.exe [312200 2006-11-03] ()
HKLM\...\Run: [DLCXCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,[email protected]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [286720 2007-08-16] (Apple Inc.)
HKLM\...\Run: [EarthLink Installer] => " /C
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [63712 2007-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1174179230\ee\AOLSoftware.exe [50736 2006-09-25] (America Online, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [ISTray] => C:\Program Files\Spyware Doctor\pctsTray.exe [1173384 2008-12-08] (PC Tools)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-29] (AVAST Software)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Windows\sttray.exe [303104 2007-02-07] (SigmaTel, Inc.)
HKU\Default\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [446976 2006-11-11] (Gteko Ltd.)
HKU\Default User\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [446976 2006-11-11] (Gteko Ltd.)
HKU\lynndale\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [446976 2006-11-11] (Gteko Ltd.)
HKU\lynndale\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\lynndale\...\Run: [AOL Fast Start] => "C:\Program Files\AOL 9.0\AOL.EXE" -b
HKU\lynndale\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\lynndale\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2008-01-18] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-28] (Google)

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [0 2014-07-08] () <==== ATTENTION (zero size file/folder)
S2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-22] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-22] (AVAST Software)
S2 dlcx_device; C:\Windows\system32\dlcxcoms.exe [537480 2006-11-03] ( )
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2006-11-07] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-28] (Google)
S2 sdAuxService; C:\Program Files\Spyware Doctor\pctsAuxs.exe [348752 2009-01-07] (PC Tools)
S2 sdCoreService; C:\Program Files\Spyware Doctor\pctsSvc.exe [1095560 2009-01-21] (PC Tools)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-22] ()
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-07-22] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-22] (AVAST Software)
S0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [252872 2014-07-22] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-07-22] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-07-22] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2015-05-04] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414392 2015-05-04] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-07-22] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-07-22] ()
S2 dsunidrv; C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.)
S0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [130936 2009-04-03] (PC Tools)
S3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-07] (SigmaTel, Inc.)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 09:03 - 2006-11-02 01:45 - 00044544 _____ (Microsoft Corporation) C:\Users\lynndale\Downloads\rundll32.exe
2015-05-04 13:38 - 2015-05-04 13:38 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
2015-04-20 18:40 - 2015-05-04 13:38 - 00000000 ____D () C:\FRST
2015-04-13 11:38 - 2015-04-13 11:38 - 00000680 _____ () C:\Users\lynndale\AppData\Local\d3d9caps.dat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 07:24 - 2006-11-02 04:47 - 00003568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-05 07:24 - 2006-11-02 04:47 - 00003568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-05 03:39 - 2011-09-25 16:47 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-04 23:00 - 2007-03-14 00:54 - 01367131 _____ () C:\Windows\WindowsUpdate.log
2015-05-04 19:22 - 2011-09-25 16:45 - 00000000 ____D () C:\Program Files\Spyware Doctor
2015-05-04 19:22 - 2007-03-17 15:39 - 00000000 ____D () C:\users\lynndale
2015-05-04 19:22 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\spool
2015-05-04 19:22 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\Msdtc
2015-05-04 19:22 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\registration
2015-05-04 19:22 - 2006-11-02 02:22 - 84672512 _____ () C:\Windows\System32\config\system_previous
2015-05-04 19:22 - 2006-11-02 02:22 - 44253184 _____ () C:\Windows\System32\config\software_previous
2015-05-04 19:20 - 2011-09-25 17:27 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-04 19:16 - 2006-11-02 02:22 - 00057344 _____ () C:\Windows\System32\config\sam_previous
2015-05-04 19:16 - 2006-11-02 02:22 - 00024576 _____ () C:\Windows\System32\config\security_previous
2015-05-04 15:29 - 2013-12-10 12:57 - 00001901 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2015-05-04 15:29 - 2013-09-20 18:51 - 00001841 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2015-05-04 15:29 - 2006-11-02 02:33 - 00759582 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-05-04 15:28 - 2011-09-25 17:29 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys
2015-05-04 15:28 - 2011-09-25 17:29 - 00414392 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2015-05-04 15:26 - 2015-01-12 17:10 - 00002481 _____ () C:\Windows\setupact.log
2015-05-04 15:11 - 2006-11-02 02:22 - 50855936 _____ () C:\Windows\System32\config\components_previous
2015-05-04 13:12 - 2006-11-02 02:22 - 00204800 _____ () C:\Windows\System32\config\default_previous

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2015-03-26 08:31:12
Restore point made on: 2015-03-26 22:15:23
Restore point made on: 2015-03-27 20:00:13
Restore point made on: 2015-03-28 20:00:09
Restore point made on: 2015-03-29 15:02:42
Restore point made on: 2015-03-30 20:00:12
Restore point made on: 2015-03-30 22:15:22
Restore point made on: 2015-03-31 20:00:13
Restore point made on: 2015-04-01 20:00:14
Restore point made on: 2015-04-26 18:26:45
Restore point made on: 2015-04-27 13:49:38
Restore point made on: 2015-04-29 18:20:03
Restore point made on: 2015-05-01 06:38:05
Restore point made on: 2015-05-03 08:14:53
Restore point made on: 2015-05-04 09:50:49
Restore point made on: 2015-05-04 15:27:11
Restore point made on: 2015-05-04 16:22:28

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 3069.88 MB
Available physical RAM: 2702.82 MB
Total Pagefile: 2968.47 MB
Available Pagefile: 2825.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1988.34 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:138.96 GB) (Free:79.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (KINGSTON) (Removable) (Total:3.72 GB) (Free:3.7 GB) FAT32
Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:0.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 50000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2015-05-05 03:51

==================== End Of Log ============================
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

I see you haven't updated your copy of FRST as I requested lol.

Also I see you have an active topic at PCMech.com receiving help from Broni for the same issue.

You should not be receiving help from two different forums for the same problem. It was there that you were asked to try a System Restore.

As the topic at PCMech is the older one and still active (last post 11:58 today) please complete there before seeking help elsewhere.


  • 0

#11
kmad61

kmad61

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
There have been multiple people trying to figure this pc out including yourself and Broni.Its funny cause after 2 weeks iam back to square one and nobody has made any progress.
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Broni is a very experienced helper. I think you should continue with him until you are finished.

 

I only looked quickly at the logs there but I didn't see this one which you might follow up:

 

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [0 2014-07-08] () <==== ATTENTION (zero size file/folder)

 

That raises questions in my mind.

 

Also you might discuss with Broni whether there could be some corrupted program trying to continually download... say your anti-virus. 

 

I am sure Broni will have canvassed that one but as I said I don't remember seeing the AdobeFlashPlayer in the logs there... it was only a quick look though so I could well be wrong.

 

Meantime I will close this topic. It can be reopened later if needed.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP