Inactive Computer rebooting every 10-30 minutes, corrupt/unreadable .exe files

C

CoreyBZE

Posts: 14   +0
Hello, new to the forum and new to trouble shooting virus/malware complications.

I have an HP dv6000 Pavillion computer running vista-home premium on win32 with 4GB-RAM.

When I start up the computer a couple of notifications popup on the right side of my menu bar stating the networx.exe, jusched.exe, and a couple other .exe files are corrupt and unreadable and to please run the Microsoft chkdsk scanner. I tried running this scanner but the program doesn't even launch. The folder to the jusched.exe file is located under C:\Program files\Common files\Roxio\Shared Files but when I navigate here the folder is empty, and when I run a search and locate the jusched.exe file and press 'delete' it says I am unable to do so. I have tried running scans with both AVG and Malwarebytes on the Common Files folder but neither software detects an error.

I've tried running AVG anti-virus on the entire C drive but it doesn't find anything. I ran Malwarebytes on the entire C drive but it is unable to complete the scan before the computer shuts down. I have read on other forums of running Farbar Recovery Scan but I am unfamiliar with this. Any help would be greatly appreciated. I do not have a full backup of my laptop's contents so I would really like to avoid wiping my computer clean if possible.

Thank you for any assistance in advance.
Corey
 
Welcome aboard
yahooo.gif


Do you have any reason to believe your computer is actually infected?
 
Yes, I believe I may have accidentally ran a program masked as a "Java" update. That is the only thing I can think of given that the computer rebooting and corruption errors began popping up shortly after - e.g., the following morning.
 
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Thanks Broni. Running the MBAM scan now. For the DDS scan I have a question about disabling my antivirus protection. In the directions for the DDS tool it states: "After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet." By disabling do I just have to "exit" the MBAM or AVG programs or does this mean to uninstall the program?

Thank you for the clarification.
 
Free version of MBAM doesn't run in real time so you don't have to worry about.
Disable AVG though.
 
Contents of the MBAM Scan:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.05.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Cory :: COREY-PC [administrator]

Protection: Enabled

12/5/2012 11:22:16 AM
mbam-log-2012-12-05 (11-22-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225228
Time elapsed: 9 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\ADDICT-THING\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.

(end)


---------------------

Running the DDS Scan now after computer restart
 
Contents of DDS.txt File:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.7.2
Run by Cory at 11:39:56 on 2012-12-05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1564 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\rpcnet.exe
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Users\Cory\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\AVG\AVG2012\avgcfgex.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?hl=en&tab=vw
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [Google Update] "c:\users\cory\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "c:\users\cory\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vongot~1.lnk - c:\windows\installer\{8c3ae2d1-854d-4650-a73d-c7cc7ee36b80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\cory\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {AC3FC1E2-26B3-46E5-8EC2-B1D5E4C90331} - hxxp://www.microseven.com/software/M7IE.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
TCP: NameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{630707CE-97FE-4D65-A6A0-7A2598704B1D} : DHCPNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{EC302945-AED3-4D1F-96C8-3D97C28F4FC1} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-8 26984]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-9-7 21504]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-12-21 13336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-4 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-4 676936]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-5-5 583360]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-4 22856]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 167264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-12-04 20:01:03 -------- d-----w- c:\users\cory\appdata\roaming\Malwarebytes
2012-12-04 20:00:54 -------- d-----w- c:\programdata\Malwarebytes
2012-12-04 20:00:51 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-04 20:00:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-14 19:33:28 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 19:32:55 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-09 04:24:04 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
.
==================== Find3M ====================
.
2012-12-05 17:34:44 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-12-05 17:34:42 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-10-20 17:25:55 58288 ------w- c:\windows\system32\rpcnet.exe
2012-10-09 03:49:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 03:49:17 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-26 17:41:31 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-09 01:39:39 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-09 01:39:36 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-09 01:39:36 746984 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 11:42:00.89 ===============
 
Contents of Attach.txt File:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/31/2007 1:10:59 PM
System Uptime: 12/5/2012 11:33:13 AM (0 hours ago)
.
Motherboard: Quanta | | 30CC
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1000/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 141 GiB total, 3.091 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 0.422 GiB free.
E: is FIXED (NTFS) - 1 GiB total, 0.877 GiB free.
F: is CDROM ()
G: is Removable
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
ACDSee Pro 3
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
Apple Application Support
Apple Software Update
AVG 2012
AVG Security Toolbar
Baldur's Gate(TM) II - Throne of Bhaal (TM)
CCleaner
Cisco AnyConnect VPN Client
Cisco AnyConnect VPN Client Start Before Login Components
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diablo II
Download Manager 2.3.10
Dropbox
ESU for Microsoft Vista
Facebook Video Calling 1.2.0.287
Free YouTube Downloader 3.5.126
Free YouTube to MP3 Converter version 3.11.17.319
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.6
HP Total Care Advisor
HP Update
HP User Guides 0057
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
Icewind Dale II
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
iTunes
Java 7 Update 7
Java Auto Updater
Java(TM) SE Runtime Environment 6
LightScribe 1.4.136.1
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Motorola SM56 Data Fax Modem
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
NetWorx 5.2.4
OGA Notifier 2.0.0048.0
PowerISO
PSSWCORE
QuickPlay SlingPlayer 0.4.6
QuickTime
R for Windows 2.11.1
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Rosetta Stone V3
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VLC media player 2.0.1
Vongo
Windows Mobile Device Updater Component
Yahoo! Messenger
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== End Of File ===========================
 
Computer still automatically restarting itself every so often despite the successful quarantine / removal following the MBAM scan.
 
  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Errors came up upon running the roguekiller.exe and aswMBR.exe programs stating they are "corrupt." Likely the virus or malware falsely labeling them as such but just thought I should mention it. Here are the results:

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Cory [Admin rights]
Mode : Remove -- Date : 12/05/2012 12:02:31

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] RtHDVCpl.exe -- C:\WINDOWS\RtHDVCpl.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160821AS +++++
--- User ---
[MBR] 9f39aa781f315766724b9a0327af36cd
[BSP] c39d26b2944779cb28c982f13ef7cac7 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 144145 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 295210440 | Size: 7346 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 310257664 | Size: 1133 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: FLASH Drive SM_USB20 USB Device +++++
--- User ---
[MBR] 9ce65dd10b564194fc9c920b30411fe1
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 3863 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_12052012_02d1202.txt >>
RKreport[1]_S_12052012_02d1202.txt ; RKreport[2]_D_12052012_02d1202.txt
 
And the other:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-05 12:03:20
-----------------------------
12:03:20.603 OS Version: Windows 6.0.6002 Service Pack 2
12:03:20.603 Number of processors: 2 586 0xF0D
12:03:20.607 ComputerName: COREY-PC UserName: Cory
12:03:22.018 Initialize success
12:03:26.534 AVAST engine download error: 0
12:03:32.870 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:03:32.874 Disk 0 Vendor: ST916082 3.BH Size: 152627MB BusType: 3
12:03:32.886 Disk 0 MBR read successfully
12:03:32.890 Disk 0 MBR scan
12:03:32.895 Disk 0 unknown MBR code
12:03:32.900 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 144145 MB offset 63
12:03:32.929 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 7346 MB offset 295210440
12:03:32.943 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1133 MB offset 310257664
12:03:32.975 Disk 0 scanning sectors +312578048
12:03:33.051 Disk 0 scanning C:\Windows\system32\drivers
12:03:42.536 Service scanning
12:04:04.218 Modules scanning
12:04:10.761 Disk 0 trace - called modules:
12:04:10.794 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
12:04:10.803 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x877c0458]
12:04:10.812 3 CLASSPNP.SYS[8a99e8b3] -> nt!IofCallDriver -> [0x84b6f298]
12:04:10.821 5 acpi.sys[8268c6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85520028]
12:04:10.830 Scan finished successfully
12:04:31.539 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
12:04:31.567 The log file has been saved successfully to "G:\aswMBR.txt"
 
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

==============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Computer restarted itself during the scanning process of combofix. Will attempt to rerun program upon start up.
 
Computer restarts are getting worse - quicker than before. Made it to Stage 3_Completed with Combofix then computer restarted again. Will try it a 3rd time.
 
Let's try something else...

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-12-2012
Ran by SYSTEM at 05-12-2012 14:01:45
Running from G:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [x]
HKLM\...\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [634880 2007-01-16] (Motorola Inc.)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
HKLM\...\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [x]
HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" [398728 2008-01-29] (Symantec Corporation)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-10-03] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [468264 2007-12-19] (CyberLink Corp.)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()
HKLM\...\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [x]
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction [36960 2012-07-18] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto [3246992 2012-09-18] (SoftPerfect Research)
HKU\Cory\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2153472 2009-04-10] (Microsoft Corporation)
HKU\Cory\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1773568 2007-03-20] (Hewlett-Packard)
HKU\Cory\...\Run: [Google Update] "C:\Users\Cory\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-17] (Google Inc.)
HKU\Cory\...\Run: [Facebook Update] "C:\Users\Cory\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1773568 2007-03-20] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1773568 2007-03-20] (Hewlett-Packard)
HKLM\...\Runonce: [Launcher] %WINDIR%\SMINST\launcher.exe [x]
Tcpip\Parameters: [DhcpNameServer] 68.94.156.1 68.94.157.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Vongo Tray.lnk
ShortcutTarget: Vongo Tray.lnk -> C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe (Macrovision Corporation)

==================== Services (Whitelisted) ===================

2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [554352 2007-09-12] (Symantec Corporation)
3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
2 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\avgidsagent.exe" [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2999664 2007-09-12] (Symantec Corporation)
2 LiveUpdate Notice Service; "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" [537992 2008-04-10] (Symantec Corporation)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
2 QPCapSvc; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [271760 2007-12-19] ()
2 QPSched; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [112016 2007-12-19] ()
2 rpcnet; C:\Windows\system32\rpcnet.exe [58288 2012-10-20] (Absolute Software Corp.)
2 vToolbarUpdater13.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
2 LiveUpdate Notice Ex; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
3 RoxMediaDB9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe" [x]

==================== Drivers (Whitelisted) ====================

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [237408 2012-07-26] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301920 2012-08-24] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [26984 2012-11-08] (AVG Technologies)
1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-29] (Malwarebytes Corporation)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\Users\Cory\AppData\Local\Temp\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-12-05 14:01 - 2012-12-05 14:01 - 00000000 ____D C:\FRST
2012-12-05 11:46 - 2012-12-05 11:47 - 00000000 ___SD C:\32788R22FWJFW
2012-12-05 11:00 - 2012-12-05 11:00 - 00000000 ____D C:\Qoobox
2012-12-05 11:00 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-12-05 11:00 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-12-05 11:00 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-12-05 11:00 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-12-05 11:00 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-12-05 11:00 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-12-05 11:00 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-12-05 11:00 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-12-05 10:59 - 2012-12-05 10:59 - 00000000 ____D C:\Windows\erdnt
2012-12-05 10:59 - 2012-12-05 10:30 - 05009321 ____R (Swearware) C:\Users\Cory\Desktop\ComboFix.exe
2012-12-05 10:14 - 2012-12-05 10:15 - 00000000 ____D C:\Users\Cory\Desktop\Malware Protection Stuff
2012-12-04 13:29 - 2012-12-05 11:40 - 00002964 ____A C:\Windows\PFRO.log
2012-12-04 12:01 - 2012-12-04 12:01 - 00000000 ____D C:\Users\Cory\Application Data\Malwarebytes
2012-12-04 12:01 - 2012-12-04 12:01 - 00000000 ____D C:\Users\Cory\AppData\Roaming\Malwarebytes
2012-12-04 12:00 - 2012-12-04 12:00 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-04 12:00 - 2012-12-04 12:00 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-12-04 12:00 - 2012-12-04 12:00 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-12-04 12:00 - 2012-09-29 17:54 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-02 23:56 - 2012-12-02 23:56 - 00000000 ____D C:\Users\Cory\Desktop\Belize Work Cam
2012-11-21 18:00 - 2012-11-23 18:16 - 00000000 ____D C:\Users\Cory\Desktop\November Photos
2012-11-20 09:04 - 2012-04-08 12:04 - 673695744 ____A C:\Users\Cory\Desktop\Scarface 4 minutes.mts
2012-11-19 18:21 - 2012-11-19 18:21 - 00000000 ____D C:\Users\Cory\Application Data\GTek
2012-11-19 18:21 - 2012-11-19 18:21 - 00000000 ____D C:\Users\Cory\AppData\Roaming\GTek
2012-11-14 11:33 - 2012-09-25 08:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-14 11:32 - 2012-10-12 06:29 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-13 09:33 - 2012-11-13 09:33 - 00104779 ____A C:\Users\Cory\Downloads\Camera Check protocol documents VB.zip
2012-11-08 20:24 - 2012-11-08 20:23 - 00026984 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys

==================== One Month Modified Files and Folders ========

2012-12-05 11:56 - 2007-05-14 03:50 - 00000279 ____A C:\Users\Public\Documents\hpqp.ini
2012-12-05 11:56 - 2007-05-14 03:50 - 00000279 ____A C:\Users\All Users\Documents\hpqp.ini
2012-12-05 11:56 - 2006-11-02 05:01 - 00032578 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-05 11:56 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-05 11:55 - 2007-05-14 04:17 - 00000000 ____D C:\Windows\SMINST
2012-12-05 11:53 - 2010-09-18 16:13 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-05 11:53 - 2010-08-26 12:32 - 00058288 ____A (Absolute Software Corp.) C:\Windows\System32\rpcnet.dll
2012-12-05 11:53 - 2010-06-11 20:50 - 00017408 ____A C:\Windows\System32\rpcnetp.exe
2012-12-05 11:53 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-05 11:53 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-05 11:48 - 2012-06-27 04:44 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-05 11:47 - 2012-12-05 11:46 - 00000000 ___SD C:\32788R22FWJFW
2012-12-05 11:40 - 2012-12-04 13:29 - 00002964 ____A C:\Windows\PFRO.log
2012-12-05 11:34 - 2006-11-02 02:33 - 00755906 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-05 11:33 - 2007-08-31 11:10 - 01612258 ____A C:\Windows\WindowsUpdate.log
2012-12-05 11:13 - 2012-03-10 14:26 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4025681765-3106409962-2676753595-1000UA.job
2012-12-05 11:00 - 2012-12-05 11:00 - 00000000 ____D C:\Qoobox
2012-12-05 10:59 - 2012-12-05 10:59 - 00000000 ____D C:\Windows\erdnt
2012-12-05 10:30 - 2012-12-05 10:59 - 05009321 ____R (Swearware) C:\Users\Cory\Desktop\ComboFix.exe
2012-12-05 10:15 - 2012-12-05 10:14 - 00000000 ____D C:\Users\Cory\Desktop\Malware Protection Stuff
2012-12-05 09:31 - 2012-05-12 17:37 - 00000000 ____D C:\Users\All Users\Application Data\ADDICT-THING
2012-12-05 09:31 - 2012-05-12 17:37 - 00000000 ____D C:\Users\All Users\ADDICT-THING
2012-12-05 09:19 - 2010-10-14 21:22 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-12-05 09:19 - 2010-10-14 17:52 - 00000000 ____D C:\Users\All Users\MFAData
2012-12-05 09:19 - 2010-10-14 17:52 - 00000000 ____D C:\Users\All Users\Application Data\MFAData
2012-12-04 12:06 - 2011-03-27 12:33 - 00000000 ____D C:\Users\Cory\Application Data\HpUpdate
2012-12-04 12:06 - 2011-03-27 12:33 - 00000000 ____D C:\Users\Cory\AppData\Roaming\HpUpdate
2012-12-04 12:01 - 2012-12-04 12:01 - 00000000 ____D C:\Users\Cory\Application Data\Malwarebytes
2012-12-04 12:01 - 2012-12-04 12:01 - 00000000 ____D C:\Users\Cory\AppData\Roaming\Malwarebytes
2012-12-04 12:00 - 2012-12-04 12:00 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-04 12:00 - 2012-12-04 12:00 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-12-04 12:00 - 2012-12-04 12:00 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-12-04 12:00 - 2010-09-22 13:54 - 00000680 ____A C:\Users\Cory\Local Settings\d3d9caps.dat
2012-12-04 12:00 - 2010-09-22 13:54 - 00000680 ____A C:\Users\Cory\Local Settings\Application Data\d3d9caps.dat
2012-12-04 12:00 - 2010-09-22 13:54 - 00000680 ____A C:\Users\Cory\AppData\Local\d3d9caps.dat
2012-12-02 23:56 - 2012-12-02 23:56 - 00000000 ____D C:\Users\Cory\Desktop\Belize Work Cam
2012-12-01 18:20 - 2010-09-18 16:28 - 00001971 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-12-01 18:20 - 2010-09-18 16:28 - 00001971 ____A C:\Users\All Users\Desktop\Google Chrome.lnk
2012-11-29 11:47 - 2010-08-22 13:46 - 00090112 ____A C:\Users\Cory\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-29 11:47 - 2010-08-22 13:46 - 00090112 ____A C:\Users\Cory\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-29 11:47 - 2010-08-22 13:46 - 00090112 ____A C:\Users\Cory\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-29 10:31 - 2010-12-16 20:58 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025681765-3106409962-2676753595-1000UA.job
2012-11-29 10:31 - 2010-09-18 16:13 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-28 18:41 - 2012-03-10 14:26 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4025681765-3106409962-2676753595-1000Core.job
2012-11-28 07:46 - 2012-04-24 09:02 - 00000318 ____A C:\Windows\Tasks\HPCeeScheduleForCory.job
2012-11-27 16:03 - 2010-12-16 20:58 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4025681765-3106409962-2676753595-1000Core.job
2012-11-23 21:48 - 2012-05-14 15:10 - 00000000 ____D C:\Users\Cory\Application Data\vlc
2012-11-23 21:48 - 2012-05-14 15:10 - 00000000 ____D C:\Users\Cory\AppData\Roaming\vlc
2012-11-23 18:16 - 2012-11-21 18:00 - 00000000 ____D C:\Users\Cory\Desktop\November Photos
2012-11-20 20:52 - 2012-02-20 17:22 - 00000000 ____D C:\Users\Cory\My Documents\Lamanai
2012-11-20 20:52 - 2012-02-20 17:22 - 00000000 ____D C:\Users\Cory\Documents\Lamanai
2012-11-20 10:10 - 2010-06-11 19:57 - 00000000 ____D C:\users\Cory
2012-11-20 10:09 - 2010-12-15 12:59 - 00000052 ____A C:\Windows\System32\DOErrors.log
2012-11-19 18:21 - 2012-11-19 18:21 - 00000000 ____D C:\Users\Cory\Application Data\GTek
2012-11-19 18:21 - 2012-11-19 18:21 - 00000000 ____D C:\Users\Cory\AppData\Roaming\GTek
2012-11-15 02:37 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2012-11-15 02:15 - 2006-11-02 04:47 - 00437200 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-15 01:55 - 2007-05-14 03:45 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-15 01:55 - 2007-05-14 03:45 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-11-15 01:07 - 2006-11-02 02:24 - 64010424 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-11-15 01:04 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\System
2012-11-15 01:04 - 2006-11-02 02:23 - 00000219 ____A C:\Windows\win.ini
2012-11-14 15:02 - 2010-11-30 12:56 - 00000000 ____D C:\Users\Cory\Application Data\Skype
2012-11-14 15:02 - 2010-11-30 12:56 - 00000000 ____D C:\Users\Cory\AppData\Roaming\Skype
2012-11-13 15:22 - 2010-10-03 11:16 - 00000000 ____D C:\Users\Cory\My Documents\Resumes
2012-11-13 15:22 - 2010-10-03 11:16 - 00000000 ____D C:\Users\Cory\Documents\Resumes
2012-11-13 09:33 - 2012-11-13 09:33 - 00104779 ____A C:\Users\Cory\Downloads\Camera Check protocol documents VB.zip
2012-11-11 14:34 - 2010-10-05 09:33 - 00002613 ____A C:\Users\Cory\Desktop\Microsoft Word 2010.lnk
2012-11-11 10:22 - 2012-01-02 21:13 - 00000000 ____D C:\Users\Cory\My Documents\System_Restore_Docs
2012-11-11 10:22 - 2012-01-02 21:13 - 00000000 ____D C:\Users\Cory\Documents\System_Restore_Docs
2012-11-10 09:07 - 2012-09-01 14:39 - 26079592 ____A C:\Users\Cory\Desktop\LFRC_Wildcat_Presentation_2012_Anco.pptx
2012-11-08 20:24 - 2012-04-30 17:06 - 00000000 ____D C:\Users\Cory\Local Settings\AVG Secure Search
2012-11-08 20:24 - 2012-04-30 17:06 - 00000000 ____D C:\Users\Cory\Local Settings\Application Data\AVG Secure Search
2012-11-08 20:24 - 2012-04-30 17:06 - 00000000 ____D C:\Users\Cory\AppData\Local\AVG Secure Search
2012-11-08 20:24 - 2012-02-14 17:18 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-11-08 20:24 - 2012-02-14 17:18 - 00000000 ____D C:\Users\All Users\Application Data\AVG Secure Search
2012-11-08 20:24 - 2012-02-14 17:18 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2012-11-08 20:24 - 2012-02-14 17:18 - 00000000 ____D C:\Program Files\AVG Secure Search
2012-11-08 20:23 - 2012-11-08 20:24 - 00026984 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2012-11-08 09:09 - 2012-10-13 12:17 - 00784176 ____A C:\Users\Cory\Desktop\LFRC_PhotoData.xlsx


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-03 19:27:52
Restore point made on: 2012-11-05 10:21:03
Restore point made on: 2012-11-06 08:13:22
Restore point made on: 2012-11-07 13:58:40
Restore point made on: 2012-11-08 20:10:23
Restore point made on: 2012-11-11 08:54:58
Restore point made on: 2012-11-15 01:01:15
Restore point made on: 2012-11-18 10:56:33
Restore point made on: 2012-11-23 07:58:36
Restore point made on: 2012-11-27 21:51:27
Restore point made on: 2012-11-28 11:28:11
Restore point made on: 2012-12-05 10:42:37

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4085.63 MB
Available physical RAM: 3505.3 MB
Total Pagefile: 3751.53 MB
Available Pagefile: 3579.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.54 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:140.77 GB) (Free:3.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (HP_RECOVERY) (Fixed) (Total:7.17 GB) (Free:0.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: () (Fixed) (Total:1.11 GB) (Free:0.78 GB) NTFS
5 Drive g: (CA_BLUGOOSE) (Removable) (Total:3.77 GB) (Free:2.45 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 1532 KB
Disk 1 Online 3864 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 141 GB 32 KB
Partition 2 Primary 7347 MB 141 GB
Partition 3 Primary 1133 MB 148 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 141 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D HP_RECOVERY NTFS Partition 7347 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E NTFS Partition 1133 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3864 MB 32 KB

=========================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 G CA_BLUGOOSE FAT32 Removable 3864 MB Healthy

=========================================================

Last Boot: 2012-12-05 11:39

==================== End Of Log ============================
 
I am curious, could I have run the Combofix tool from the command line the same way I had just run Farbar scan?
 
No but it doesn't matter at this point.
I don't see anything malicious there.
The other scans were not finding anything either.

At this point...

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck :)
 
You must log in or register to reply here.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
478
eriksnyman1
E
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
Daniel Sims
Google Drive users report losing files from the last few months
Replies
12
Views
347
GodisanAtheist
GodisanAtheist

Latest posts

Back