[magnia]

My Windows 7 Home machine keeps restarting after POST. 

 

Yesterday, a freeware program was installed on it which came with adware and malware attached. 

I was unable to install malware bytes or open Microsoft security essentials. I managed to run adwcleaner

which reduced the amount of popups I was getting when opening chrome. 

 

Today, It wouldnt get past POST. I can post the freeware and the website it was downloaded from if required.

 

Heres the FRST scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01

Ran by SYSTEM on MININT-CC4UI5V on 29-06-2015 17:25:53

Running from g:\

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Recovery

 

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

 

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-03] (Adobe Systems Incorporated)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-22] (NVIDIA Corporation)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-21] (Microsoft Corporation)

HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-11-18] (SoftEther VPN Project at University of Tsukuba, Japan.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-18] (CANON INC.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\Ronnie\...\Run: [f.lux] => C:\Users\Ronnie\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)

HKU\Ronnie\...\Run: [AdobeBridge] => [X]

HKU\Ronnie\...\Run: [GoogleChromeAutoLaunch_24A7CE357C1F94EEF73C73E4C15D795F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-19] (Google Inc.)

HKU\Ronnie\...\Run: [BackUp3568255147] => C:\Users\Ronnie\AppData\Roaming\BackUp3568255147.exe [610304 2009-07-13] (OneScreen)

AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [154256 2015-05-27] (NVIDIA Corporation)

Startup: C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk [2014-05-26]

ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe [69448 2015-05-28] (Google Inc.)

S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-02-18] (EasyAntiCheat Ltd)

S3 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project)

S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-22] (NVIDIA Corporation)

S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-21] (Microsoft Corporation)

S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-21] (Microsoft Corporation)

S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4750760 2013-01-21] (INCA Internet Co., Ltd.)

S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-22] (NVIDIA Corporation)

S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-22] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-08] (Electronic Arts)

S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-25] ()

S2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2015-03-21] ()

S2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-11-18] (SoftEther VPN Project at University of Tsukuba, Japan.)

S2 SpotfluxConnectionManager; C:\Program Files (x86)\spotflux\services\SpotfluxConnectionManager.exe [76800 2014-05-05] (Microsoft)

S2 SpotfluxUpdateService; C:\Program Files (x86)\spotflux\services\SpotfluxUpdateService.exe [20992 2014-05-05] (Microsoft)

S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [757144 2013-08-15] (Tunngle.net GmbH)

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-26] (Wacom Technology, Corp.)

S3 WMZuneComm; "D:\Program Files\Zune\WMZuneComm.exe" [X]

S3 ZuneNetworkSvc; "D:\Program Files\Zune\ZuneNss.exe" [X]

S3 ZuneWlanCfgSvc; "D:\Program Files\Zune\ZuneWlanCfgSvc.exe" [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-16] (DT Soft Ltd)

S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2013-06-29] (FNet Co., Ltd.)

S1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-12-03] (FNet Co., Ltd.)

S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)

S3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [44272 2013-01-17] (Logitech Inc.)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-16] (Microsoft Corporation)

S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0062.sys [28768 2014-11-18] (SoftEther VPN Project at University of Tsukuba, Japan.)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-16] (Microsoft Corporation)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-22] (NVIDIA Corporation)

S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)

S3 SaiK0CCB; C:\Windows\System32\DRIVERS\SaiK0CCB.sys [180544 2012-09-19] (Saitek)

S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-29] (Saitek)

S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-29] (Saitek)

S3 SaiU0CCB; C:\Windows\System32\DRIVERS\SaiU0CCB.sys [47168 2012-09-19] (Saitek)

S3 SEE; C:\Windows\System32\drivers\see.sys [38240 2014-11-18] (SoftEther VPN Project at University of Tsukuba, Japan.)

S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-15] (Tunngle.net)

S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-05-05] (Spotflux, Inc.)

S3 BS3568255147; \??\C:\Users\Ronnie\AppData\Local\Temp\NTFS.sys [X]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-06-28 07:35 - 2015-06-28 07:35 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ronnie\Downloads\mbam-setup-2.1.6.1022.exe

2015-06-28 07:35 - 2015-06-28 07:35 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ronnie\Downloads\mbam-setup-2.1.6.1022 (1).exe

2015-06-28 07:33 - 2015-06-28 07:33 - 00050688 _____ (Atribune.org) C:\Users\Ronnie\Downloads\ATF-Cleaner.exe

2015-06-28 07:25 - 2015-06-28 07:25 - 00098966 _____ C:\Users\Ronnie\Downloads\Addition.txt

2015-06-28 07:24 - 2015-06-29 17:25 - 00000000 ____D C:\FRST

2015-06-28 07:24 - 2015-06-28 07:25 - 00044345 _____ C:\Users\Ronnie\Downloads\FRST.txt

2015-06-28 06:58 - 2015-06-28 06:58 - 00000000 ____D C:\Users\Ronnie\Downloads\Chameleon

2015-06-28 06:56 - 2015-06-28 07:15 - 00000000 ____D C:\AdwCleaner

2015-06-28 06:56 - 2015-06-28 06:56 - 06289130 _____ C:\Users\Ronnie\Downloads\mbam-chameleon-3.1.16.0.zip

2015-06-28 06:24 - 2015-06-28 06:24 - 00000743 _____ C:\Users\Ronnie\Desktop\Start Emsisoft Emergency Kit.lnk

2015-06-28 06:24 - 2015-06-28 06:24 - 00000000 ____D C:\EEK

2015-06-28 06:23 - 2015-06-28 06:23 - 02112512 _____ (Farbar) C:\Users\Ronnie\Downloads\FRST64.exe

2015-06-28 06:21 - 2015-06-28 06:23 - 158718800 _____ C:\Users\Ronnie\Downloads\EmsisoftEmergencyKit.exe

2015-06-28 06:21 - 2015-06-28 06:22 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ronnie\Downloads\123.exe

2015-06-28 06:19 - 2015-06-28 06:20 - 02244096 _____ C:\Users\Ronnie\Downloads\AdwCleaner.exe

2015-06-28 06:18 - 2015-06-28 06:18 - 01133044 _____ C:\Windows\System32\CFG3568255147

2015-06-28 06:06 - 2015-06-28 06:06 - 00262144 _____ C:\Windows\Minidump\062915-31761-01.dmp

2015-06-28 06:04 - 2015-06-28 06:04 - 00003446 _____ C:\Windows\System32\Tasks\Umusxnojla

2015-06-28 06:03 - 2015-06-28 06:03 - 00000000 _____ C:\Windows\SysWOW64\track

2015-06-28 06:02 - 2015-06-28 06:02 - 00000000 _____ C:\Windows\prleth.sys

2015-06-28 06:02 - 2015-06-28 06:02 - 00000000 _____ C:\Windows\hgfs.sys

2015-06-28 06:01 - 2015-06-28 06:01 - 00000000 ____D C:\Users\Ronnie\Documents\Optimizer Pro

2015-06-28 05:54 - 2015-06-28 05:54 - 00000843 _____ C:\Users\Ronnie\AppData\Local\recently-used.xbel

2015-06-28 05:52 - 2015-06-28 05:52 - 00003332 _____ C:\Windows\System32\Tasks\PaintTool SAI

2015-06-28 02:48 - 2015-06-28 02:48 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf

2015-06-28 02:48 - 2015-06-28 02:48 - 00000000 ____D C:\Users\Ronnie\AppData\Local\Wacom

2015-06-28 02:48 - 2015-06-28 02:48 - 00000000 ____D C:\Users\Ronnie\.android

2015-06-28 02:45 - 2015-06-28 06:09 - 00000000 ____D C:\Program Files (x86)\TabletPlugins

2015-06-28 02:45 - 2015-06-28 02:48 - 00000000 ____D C:\Users\Ronnie\AppData\Roaming\WTablet

2015-06-28 02:45 - 2015-06-28 02:45 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_wachidrouter_01009.Wdf

2015-06-28 02:45 - 2015-06-28 02:45 - 00000000 ____D C:\Program Files\TabletPlugins

2015-06-28 02:45 - 2015-06-28 02:45 - 00000000 ____D C:\Program Files\Tablet

2015-06-28 02:45 - 2015-02-26 14:16 - 02029336 _____ (Wacom Technology, Corp.) C:\Windows\System32\WacomMT.dll

2015-06-28 02:45 - 2015-02-26 14:16 - 01997592 _____ (Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.dll

2015-06-28 02:45 - 2015-02-26 14:16 - 01990936 _____ (Wacom Technology, Corp.) C:\Windows\System32\Wacom_Touch_Tablet.dll

2015-06-28 02:45 - 2015-02-26 14:16 - 01863960 _____ (Wacom Technology, Corp.) C:\Windows\System32\Wintab32.dll

2015-06-28 02:45 - 2015-02-26 14:16 - 01626392 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll

2015-06-28 02:45 - 2015-02-26 14:16 - 01618712 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll

2015-06-28 02:45 - 2015-02-26 14:16 - 01612056 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll

2015-06-28 02:45 - 2015-02-26 14:16 - 01497368 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll

2015-06-28 02:45 - 2014-10-25 12:52 - 00100664 _____ (Wacom Technology) C:\Windows\System32\Drivers\wachidrouter.sys

2015-06-28 02:45 - 2014-10-25 12:52 - 00015160 _____ (Wacom Technology) C:\Windows\System32\Drivers\wacomrouterfilter.sys

2015-06-28 02:45 - 2014-10-25 12:52 - 00014136 _____ (Windows ® Win 7 DDK provider) C:\Windows\System32\Drivers\hidkmdf.sys

2015-06-28 02:45 - 2012-12-11 14:12 - 01721576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wdfcoinstaller01009.dll

2015-06-27 00:58 - 2015-06-27 01:05 - 00000000 ____D C:\Users\Ronnie\Documents\Darkest

2015-06-26 21:46 - 2015-06-26 21:46 - 00123243 _____ C:\Users\Ronnie\Documents\Mariel tan clinical reference.zip

2015-06-26 21:46 - 2015-06-26 04:46 - 00000168 ____N C:\Users\Ronnie\Documents\ATT00001

2015-06-22 18:42 - 2015-06-22 18:46 - 85317504 _____ C:\Users\Ronnie\Downloads\serviio-1.5.2-win-setup.exe

2015-06-21 08:34 - 2015-06-21 08:34 - 00000000 ____D C:\Users\Ronnie\Downloads\chrome_extension_1.5.1

2015-06-21 08:33 - 2015-06-21 08:33 - 00089435 _____ C:\Users\Ronnie\Downloads\chrome_extension_1.5.1.zip

2015-06-18 12:29 - 2015-06-18 12:29 - 00032079 _____ C:\Users\Ronnie\Downloads\steamSummerMinigame-master.zip

2015-06-18 12:29 - 2015-06-18 12:29 - 00000000 ____D C:\Users\Ronnie\Downloads\steamSummerMinigame-master

2015-06-15 15:20 - 2015-06-15 15:20 - 00000749 _____ C:\Users\Ronnie\Desktop\World of Warships.lnk

2015-06-15 15:19 - 2015-06-15 15:19 - 07052760 _____ (Wargaming.net ) C:\Users\Ronnie\Downloads\WoWS_internet_install_na.exe

2015-06-10 04:38 - 2015-05-27 23:04 - 42719888 _____ C:\Windows\System32\nvcompiler.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 37741712 _____ C:\Windows\SysWOW64\nvcompiler.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 30480528 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 22946960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 17486856 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 16185352 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 14987528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 14495448 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 13304280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 11830512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 10995528 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys

2015-06-10 04:38 - 2015-05-27 23:04 - 02986392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 02932368 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 01898312 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6435306.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 01557832 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6435306.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 01099808 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 01059984 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 01050440 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 00982856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 00150648 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll

2015-06-10 04:38 - 2015-05-27 23:04 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2015-06-08 21:45 - 2015-06-08 21:45 - 00001664 _____ C:\Users\Public\Desktop\Dungeon Fighter Online.lnk

2015-06-08 21:43 - 2015-06-08 21:45 - 03064944 _____ (Neople) C:\Users\Ronnie\Downloads\DFO_Install.exe

2015-06-08 15:41 - 2015-06-08 15:41 - 00025218 _____ C:\Users\Ronnie\Documents\[DeadFish] Dungeon ni Deai wo Motomeru no wa Machigatteiru Darou ka - 09 [720p][AAC].mp4.torrent

2015-06-08 15:41 - 2015-06-08 15:41 - 00021199 _____ C:\Users\Ronnie\Documents\[BakedFish] Dungeon ni Deai wo Motomeru no wa Machigatteiru Darou ka - 10 [720p][AAC].mp4.torrent

2015-06-08 15:38 - 2015-06-08 15:38 - 00015756 _____ C:\Users\Ronnie\Documents\[BakedFish] Gunslinger Stratos- The Animation - 09 [720p][AAC].mp4.torrent

2015-06-08 15:37 - 2015-06-08 15:37 - 00019382 _____ C:\Users\Ronnie\Documents\[BakedFish] Arslan Senki (2015) - 09 [720p][AAC].mp4.torrent

2015-06-08 11:55 - 2015-06-08 11:55 - 00026176 _____ C:\Users\Ronnie\Documents\[BakedFish] Kekkai Sensen - 10 [720p][AAC].mp4.torrent

2015-06-08 11:55 - 2015-06-08 11:55 - 00026169 _____ C:\Users\Ronnie\Documents\[HorribleSubs] Gunslinger Stratos - 10 [720p].mkv.torrent

2015-06-08 11:54 - 2015-06-08 11:54 - 00035123 _____ C:\Users\Ronnie\Documents\[HorribleSubs] Arslan Senki - 10 [720p].mkv.torrent

2015-06-02 11:16 - 2015-06-26 21:47 - 00028160 ___SH C:\Users\Ronnie\Documents\Thumbs.db

2015-06-02 11:15 - 2015-06-02 11:15 - 00196645 _____ C:\Users\Ronnie\Documents\heroes code

2015-06-01 01:57 - 2015-06-01 01:57 - 00034495 _____ C:\Users\Ronnie\Downloads\[DeadFish] Kekkai Sensen - 08 [720p][AAC].mp4.torrent

2015-06-01 01:57 - 2015-06-01 01:57 - 00028336 _____ C:\Users\Ronnie\Downloads\[BakedFish] Kekkai Sensen - 09 [720p][AAC].mp4.torrent

2015-06-01 01:56 - 2015-06-01 01:56 - 00027858 _____ C:\Users\Ronnie\Downloads\[DeadFish] Dungeon ni Deai wo Motomeru no wa Machigatteiru Darou ka - 08 [720p][AAC].mp4.torrent

2015-05-31 23:28 - 2015-04-03 05:21 - 00048784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2015-05-31 23:28 - 2015-04-03 05:21 - 00038032 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys

2015-05-30 07:23 - 2015-05-30 07:23 - 00026239 _____ C:\Users\Ronnie\Downloads\[HorribleSubs] DanMachi - 09 [720p].mkv.torrent

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-06-28 07:37 - 2014-11-18 12:45 - 00000000 ____D C:\Program Files\SoftEther VPN Client

2015-06-28 07:19 - 2009-07-13 20:45 - 00021888 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-06-28 07:19 - 2009-07-13 20:45 - 00021888 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-06-28 07:16 - 2009-07-13 21:13 - 00786558 _____ C:\Windows\System32\PerfStringBackup.INI

2015-06-28 07:15 - 2012-12-03 21:13 - 01193198 _____ C:\Windows\WindowsUpdate.log

2015-06-28 07:11 - 2014-07-01 21:36 - 00089286 _____ C:\Windows\setupact.log

2015-06-28 07:11 - 2012-12-03 22:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-06-28 07:10 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-06-28 06:55 - 2012-12-03 22:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-06-28 06:45 - 2012-12-06 03:42 - 00000000 ____D C:\Users\Ronnie\AppData\Local\TSVNCache

2015-06-28 06:40 - 2014-07-02 05:03 - 00337920 ___SH C:\Users\Ronnie\Downloads\Thumbs.db

2015-06-28 06:11 - 2014-07-12 12:38 - 00006882 _____ C:\Windows\PFRO.log

2015-06-28 06:08 - 2012-12-03 22:02 - 00002259 _____ C:\Users\Ronnie\Desktop\Google Chrome.lnk

2015-06-28 06:06 - 2014-02-28 06:36 - 00000000 ____D C:\Windows\Minidump

2015-06-28 05:54 - 2013-12-01 08:55 - 00000000 ____D C:\Users\Ronnie\AppData\Local\gtk-2.0

2015-06-28 05:03 - 2013-12-01 08:21 - 00000000 ____D C:\Users\Ronnie\.gimp-2.8

2015-06-28 02:48 - 2012-12-03 21:13 - 00000000 ____D C:\users\Ronnie

2015-06-27 06:12 - 2012-12-03 23:30 - 00000000 ____D C:\Users\Ronnie\AppData\Roaming\uTorrent

2015-06-27 00:54 - 2013-12-20 09:15 - 00000000 ____D C:\Users\Ronnie\AppData\Local\Battle.net

2015-06-27 00:08 - 2014-10-22 09:07 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm

2015-06-23 07:17 - 2013-12-20 09:15 - 00000000 ____D C:\Program Files (x86)\Battle.net

2015-06-23 05:47 - 2015-01-16 06:24 - 00000328 _____ C:\Users\Ronnie\Desktop\IDS.txt

2015-06-22 19:27 - 2012-12-04 18:38 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-06-22 19:27 - 2012-12-04 18:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-06-22 19:05 - 2014-05-26 04:11 - 00000000 ____D C:\Program Files\Serviio

2015-06-17 14:45 - 2015-05-26 00:10 - 00000000 ____D C:\Users\Ronnie\Documents\The Witcher 3

2015-06-15 15:20 - 2014-01-14 04:42 - 00000000 ____D C:\Games

2015-06-15 13:23 - 2013-12-20 09:17 - 00000000 ____D C:\Program Files (x86)\Hearthstone

2015-06-15 10:30 - 2012-12-03 22:01 - 00000000 ____D C:\Users\Ronnie\AppData\Local\Deployment

2015-06-10 04:39 - 2012-12-03 22:14 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2015-06-10 04:39 - 2012-12-03 22:10 - 00000000 ____D C:\ProgramData\NVIDIA

2015-06-10 04:38 - 2015-04-27 10:09 - 00000000 ____D C:\ProgramData\boost_interprocess

2015-06-08 11:37 - 2009-07-13 21:08 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-06-07 19:56 - 2012-12-03 22:01 - 00000000 ____D C:\Program Files (x86)\Google

2015-06-04 02:26 - 2015-05-26 00:10 - 00000000 ____D C:\Users\Ronnie\AppData\Roaming\NVIDIA

 

==================== Known DLLs (Whitelisted) ================

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== Restore Points =========================

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 9%

Total physical RAM: 8104.58 MB

Available physical RAM: 7311.8 MB

Total Pagefile: 8102.78 MB

Available Pagefile: 7311.13 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:111.79 GB) (Free:9.62 GB) NTFS

Drive d: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive e: (New Volume) (Fixed) (Total:931.41 GB) (Free:37.61 GB) NTFS

Drive f: (GRMCHPXFREO_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF

Drive g: () (Removable) (Total:14.91 GB) (Free:13.07 GB) NTFS

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 507B0452)

Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2F741404)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

 

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 00000000)

 

Partition: GPT Partition Type.

 

 

LastRegBack: 2015-06-22 21:21

 

==================== End of log ============================

Edited by magnia, 29 June 2015 - 01:39 AM.

[Advertisements]

Greetings and

My nickname is Ruggie and I will be assisting you in cleaning your computer.

• Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
• When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
• If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

 

Let's get you booted first of all.

 

Offline FRST Fix

On your working computer
 

• Download the attached  fixlist.txt   596bytes   461 downloads and save it to your flash drive <<< very important - it must be in the same location as FRST.exe/FRST64.exe
• Like you did previously, ensure you are in the recovery environment and re-run FRST/FRST64
• Press the Fix button.
• It will produce a log called fixlog.txt on your flash drive.
• Please copy and paste the contents of that log back here.
• Reboot your machine and see if if boots as it should.
  
  NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

 

[ruggie_uk]

Greetings and

My nickname is Ruggie and I will be assisting you in cleaning your computer.

• Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
• When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
• If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

 

Let's get you booted first of all.

 

Offline FRST Fix

On your working computer
 

• Download the attached  fixlist.txt   596bytes   461 downloads and save it to your flash drive <<< very important - it must be in the same location as FRST.exe/FRST64.exe
• Like you did previously, ensure you are in the recovery environment and re-run FRST/FRST64
• Press the Fix button.
• It will produce a log called fixlog.txt on your flash drive.
• Please copy and paste the contents of that log back here.
• Reboot your machine and see if if boots as it should.
  
  NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

 

[magnia]

Hi Ruggie, thanks for taking the time to help me out.

 

I followed your instructions but my computer is still not booting up.

 

Here's the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01

Ran by SYSTEM at 2015-06-29 18:16:20 Run:1

Running from g:\

Boot Mode: Recovery

==============================================

 

fixlist content:

*****************

start

HKU\Ronnie\...\Run: [BackUp3568255147] => C:\Users\Ronnie\AppData\Roaming\BackUp3568255147.exe [610304 2009-07-13] (OneScreen)

HKU\Ronnie\...\Run: [AdobeBridge] => [X]

S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4750760 2013-01-21] (INCA Internet Co., Ltd.)

C:\Windows\SysWOW64\GameMon.des

S3 BS3568255147; \??\C:\Users\Ronnie\AppData\Local\Temp\NTFS.sys [X]

C:\Users\Ronnie\AppData\Local\Temp\NTFS.sys

HKU\Ronnie\...\Run: [GoogleChromeAutoLaunch_24A7CE357C1F94EEF73C73E4C15D795F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-19] (Google Inc.)

end

*****************

 

HKU\Ronnie\Software\Microsoft\Windows\CurrentVersion\Run\\BackUp3568255147 => value removed successfully

HKU\Ronnie\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully

npggsvc => Service removed successfully

C:\Windows\SysWOW64\GameMon.des => moved successfully.

BS3568255147 => Service removed successfully

"C:\Users\Ronnie\AppData\Local\Temp\NTFS.sys" => File/Folder not found.

HKU\Ronnie\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_24A7CE357C1F94EEF73C73E4C15D795F => value removed successfully

 

==== End of Fixlog 18:16:20 ====

[ruggie_uk]

Ok, let's take a step back.

From the system recovery menu. Select system restore and choose a point before your problem started.
It may be better for us to try that first and then clean your system after.

[magnia]

I've been using the windows 7 installation disc to access Command prompt and other options.

 

Selecting the system restore option gives me this error:

 

"To use System Restore, you must specify which windows installation to restore.

 

Restart your computer, select an operating system, and then select System Restore."

 

 

In the menu prior to this one I get these options:

 

Use recovery tools... and Restore your computer...

 

My operating system is also unlisted here. I can click on Load Drivers, which asks me to insert installation media or Next,

which takes me to the "System Recovery options" menu where I can select startup repair, system restore etc.

 

EDIT: The "Restore your computer using a system image..." option allows me to select an old system image backup.

Edited by magnia, 29 June 2015 - 03:06 AM.

[ruggie_uk]

Ok, this tells me there is something else we can try.

Go to command prompt. Type notepad.exe and then click file - open.
In the browser, locate which partition is your main windows drive (it may not be listed as c: so we need to check)
Once you know what it is, close notepad and in the command prompt, type: chkdsk c: /r    (replace c: with whatever drive it is)

 

It will take a fair while, let me know if it boots once completed please.

[magnia]

Done, but computer still won't boot.

[ruggie_uk]

Go back into recovery, will the computer now be identified and allow system restore?

[magnia]

Selecting system restore is displaying the same error as before. The operating system is still not listed in the recovery menu.

[ruggie_uk]

This is usually caused by a corrupted windows, hence why it doesn't show up in the list. Chkdsk normally cures this particular problem, but obvious;y hasn't on this occasion. Was the drive letter definitely correct when it was run? If you are sure, then from the recovery menu, try the startup repair option now. it may manage to fix the issue and let us move on.

[magnia]

Normally the drive letter would be C but opening My Computer through Notepad displays C: as the 100mb Partition and D: as the drive with windows on it.

I ran chkdsk for D: earlier, also ran startup repair now but the computer still won't boot.

[ruggie_uk]

Can you copy and paste the logs that startup repair creates please. you may need to copy and paste the contents.

Also it can be worth trying a few times, as sometimes the repairs are successive.

 

What exactly is happening right now with the boot, what stage does it get to?

[magnia]

Here's what I see when I turn on the computer:

 

Followed by:

 

 

And then the computer restarts.

 

 

 

I wasn't sure where to look for the Startup repair logs, I copied this from a file called SRTrail:

 

Startup Repair diagnosis and repair log

---------------------------

Number of repair attempts: 1

 

Session details

---------------------------

System Disk = \Device\Harddisk0

Windows directory = 

AutoChk Run = 0

Number of root causes = 1

 

Test Performed: 

---------------------------

Name: Check for updates

Result: Completed successfully. Error code =  0x0

Time taken = 0 ms

 

Test Performed: 

---------------------------

Name: System disk test

Result: Completed successfully. Error code =  0x0

Time taken = 0 ms

 

Test Performed: 

---------------------------

Name: Disk failure diagnosis

Result: Completed successfully. Error code =  0x0

Time taken = 577 ms

 

Test Performed: 

---------------------------

Name: Disk metadata test

Result: Completed successfully. Error code =  0x0

Time taken = 31 ms

 

Test Performed: 

---------------------------

Name: Target OS test

Result: Completed successfully. Error code =  0x0

Time taken = 78 ms

 

Root cause found: 

---------------------------

Boot configuration is corrupt.

 

Repair action: Partition table repair

Result: Failed. Error code =  0x490

Time taken = 202 ms

 

---------------------------

---------------------------

 

[ruggie_uk]

That's perfect thanks.

Ok as the automatic stuff didn't work, let's do it manually.

 

Please return to the recovery command prompt and type the following.

 

bootrec /fixboot

 

Then press enter and try a reboot again.

 

If this doesn't work, return to command prompt and we will try the next option.

[magnia]

It said "element not found", computer still not booting.