Windows has encountered a critical problem and will restart immediately

Inactive
By emanalo
Aug 18, 2012
  1. Hi, please help me, as the title says, my pc is having a problem. Been red this http://www.techspot.com/community/t...-problem-and-will-restart-immediately.182170/ and obviously stock on fixlist.txt part.

    my FRST.txt is this,

    Scan result of Farbar Recovery Scan Tool Version: 15-08-2012
    Ran by SYSTEM at 17-08-2012 23:11:02
    Running from E:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [] [x]
    HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
    HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]
    HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
    HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1489760 2010-04-06] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
    HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
    HKLM\...\Run: [petmsh] rundll32.exe "C:\Users\Faye Oriola\AppData\Roaming\petmsh.dll",UlStripWhitespace [134656 2012-06-12] (Duplex Secure Ltd.)
    HKLM\...\Run: [vcnrv] "C:\Windows\System32\rundll32.exe" "C:\Users\Faye Oriola\AppData\Roaming\vcnrv.dll",ComputeTangentFrame [388608 2012-07-04] (Midiman/M-Audio)
    HKLM\...\Run: [wstarc] "C:\Windows\System32\rundll32.exe" "C:\Users\Faye Oriola\AppData\Roaming\wstarc.dll",Vec3ProjectArray [442368 2012-07-22] (Midiman/M-Audio)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-06-28] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2010-02-22] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
    HKLM-x32\...\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [x]
    HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x]
    HKLM-x32\...\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2010-02-24] (TOSHIBA CORPORATION.)
    HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-13] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [232616 2012-01-17] (Visicom Media Inc. (Powered by Panda Security))
    HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
    HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
    HKU\Faye Oriola\...\Run: [Google Update] "C:\Users\Faye Oriola\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-02-23] (Google Inc.)
    HKU\Faye Oriola\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
    HKU\Faye Oriola\...\Run: [SPMTray] C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe [203920 2011-06-10] (Avanquest Software)
    HKU\Faye Oriola\...\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [x]
    HKU\Faye Oriola\...\Run: [lime pro] "C:\Program Files (x86)\Lime PRO\LimePro.exe" -h [x]
    HKU\Faye Oriola\...\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun [2408448 2011-06-22] (W3i, LLC)
    HKU\Faye Oriola\...\Run: [Facebook Update] "C:\Users\Faye Oriola\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    AppInit_DLLs:
    Tcpip\..\Interfaces\{6F3A87F2-AA4D-4571-BCA6-BE82DF6B39B3}: [NameServer]10.198.220.124 202.126.40.5
    Tcpip\..\Interfaces\{772CED4D-751D-477F-A3E7-96386ABBD7BA}: [NameServer]10.198.220.124 202.126.40.5
    Tcpip\..\Interfaces\{E56702E7-0E94-4687-8DC1-DA1DED7D6DC1}: [NameServer]10.198.220.124 202.126.40.5
    HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\n. ATTENTION! ====> ZeroAccess
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
    Startup: C:\Users\Faye Oriola\Start Menu\Programs\Startup\Facebook Messenger.lnk
    ShortcutTarget: Facebook Messenger.lnk -> (No File)
    Startup: C:\Users\Faye Oriola\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
    ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

    ==================== Services (Whitelisted) ======


    ========================== Drivers (Whitelisted) =============

    3 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
    3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
    3 tosporte; C:\Windows\System32\Drivers\tosporte.sys [54664 2009-06-17] (TOSHIBA Corporation)
    3 tosrfbd; C:\Windows\System32\Drivers\tosrfbd.sys [212072 2009-09-24] (TOSHIBA CORPORATION)
    3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [50664 2009-06-19] (TOSHIBA Corporation)
    1 Tosrfcom; C:\Windows\System32\Drivers\Tosrfcom.sys [81768 2009-07-28] (TOSHIBA Corporation)
    3 tosrfec; C:\Windows\System32\Drivers\tosrfec.sys [19824 2009-07-13] (TOSHIBA Corporation)
    3 Tosrfhid; C:\Windows\System32\Drivers\Tosrfhid.sys [94336 2009-06-19] (TOSHIBA Corporation.)
    3 tosrfnds; C:\Windows\System32\Drivers\tosrfnds.sys [26472 2009-07-24] (TOSHIBA Corporation.)
    3 TosRfSnd; C:\Windows\System32\Drivers\TosRfSnd.sys [63856 2009-08-05] (TOSHIBA Corporation)
    3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [x]
    3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIVX.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-17 23:10 - 2012-08-17 23:11 - 00000000 ____D C:\FRST
    2012-07-30 23:34 - 2012-07-30 23:34 - 00000000 ____D C:\Users\Faye Oriola\AppData\Roaming\Mozilla
    2012-07-30 23:01 - 2012-07-30 23:01 - 00001055 ____A C:\Users\Public\Desktop\Globe Broadband.lnk
    2012-07-30 23:01 - 2012-07-30 23:01 - 00000000 ____D C:\Program Files (x86)\Globe Broadband
    2012-07-30 23:01 - 2009-12-07 18:53 - 00117504 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbmdm.sys
    2012-07-30 23:01 - 2009-12-07 18:36 - 00246224 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbnet.sys
    2012-07-30 23:01 - 2009-10-12 14:23 - 00114304 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbdev.sys
    2012-07-30 23:01 - 2007-08-09 03:10 - 00029696 ____A (Huawei Tech. Co., Ltd.) C:\Windows\System32\Drivers\ewdcsc.sys
    2012-07-22 20:12 - 2012-07-22 20:12 - 00442368 ____A (Midiman/M-Audio) C:\Users\Faye Oriola\AppData\Roaming\wstarc.dll

    ============ 3 Months Modified Files ========================

    2012-08-17 22:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-17 22:06 - 2009-07-13 20:51 - 00108038 ____A C:\Windows\setupact.log
    2012-08-17 21:47 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-17 21:47 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-17 21:46 - 2012-06-26 21:17 - 02191102 ____A C:\Windows\SysWOW64\debug.log
    2012-08-10 21:16 - 2012-05-09 16:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-10 21:16 - 2009-07-13 21:13 - 00854932 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-31 10:33 - 2011-02-23 17:17 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4241103913-2303428475-3004842903-1001UA.job
    2012-07-31 10:33 - 2011-02-23 17:17 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4241103913-2303428475-3004842903-1001Core.job
    2012-07-30 23:04 - 2011-04-24 19:06 - 00860126 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-30 23:01 - 2012-07-30 23:01 - 00001055 ____A C:\Users\Public\Desktop\Globe Broadband.lnk
    2012-07-22 20:12 - 2012-07-22 20:12 - 00442368 ____A (Midiman/M-Audio) C:\Users\Faye Oriola\AppData\Roaming\wstarc.dll
    2012-07-22 18:52 - 2012-06-26 21:17 - 00000952 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4241103913-2303428475-3004842903-1001UA.job
    2012-07-22 16:05 - 2012-06-26 21:17 - 00000930 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4241103913-2303428475-3004842903-1001Core.job
    2012-07-22 15:52 - 2010-12-22 12:48 - 01132806 ____A C:\Windows\WindowsUpdate.log
    2012-07-12 12:45 - 2012-06-13 18:41 - 00002448 ____A C:\Users\Faye Oriola\Desktop\Google Chrome.lnk
    2012-07-12 12:30 - 2012-05-09 16:55 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-12 12:30 - 2012-05-09 16:55 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-11 13:19 - 2009-07-13 20:45 - 00433848 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-11 12:51 - 2011-11-17 08:29 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-08 09:06 - 2012-07-06 13:17 - 00110832 ____A C:\Windows\iis7.log
    2012-07-08 08:54 - 2010-12-22 13:35 - 00282410 ____A C:\Windows\PFRO.log
    2012-07-04 07:08 - 2012-07-04 07:08 - 00388608 ____A (Midiman/M-Audio) C:\Users\Faye Oriola\AppData\Roaming\vcnrv.dll
    2012-06-22 23:37 - 2011-02-23 17:15 - 00114928 ____A C:\Users\Faye Oriola\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-22 12:50 - 2012-06-22 12:50 - 00001140 ____A C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
    2012-06-22 12:45 - 2012-06-22 12:43 - 00302425 ____A C:\Users\Faye Oriola\AppData\Local\funmoods-speeddial.crx
    2012-06-22 12:45 - 2012-06-22 12:43 - 00031470 ____A C:\Users\Faye Oriola\AppData\Local\funmoods.crx
    2012-06-20 21:26 - 2010-12-22 13:32 - 00032527 ____A C:\Windows\DirectX.log
    2012-06-12 18:36 - 2012-06-12 18:36 - 00134656 ____A (Duplex Secure Ltd.) C:\Users\Faye Oriola\AppData\Roaming\petmsh.dll
    2012-06-12 18:36 - 2012-06-12 18:36 - 00000012 ____A C:\Windows\srun.log
    2012-06-11 19:08 - 2012-07-11 13:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 21:43 - 2012-07-10 18:28 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-10 18:28 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 22:06 - 2012-07-10 18:28 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-10 18:28 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-10 18:27 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-10 18:28 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-10 18:28 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-10 18:27 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-02 14:19 - 2012-06-21 14:17 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 14:17 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 14:17 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 14:17 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 14:17 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:19 - 2012-06-21 14:16 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:15 - 2012-06-21 14:17 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 14:17 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:15 - 2012-06-21 14:16 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 11:36 - 2009-07-13 21:08 - 00032566 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-02 04:49 - 2012-07-11 12:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-11 12:47 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-11 12:47 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-11 12:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:05 - 2012-07-11 12:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:04 - 2012-07-11 12:48 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:04 - 2012-07-11 12:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:03 - 2012-07-11 12:47 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-11 12:47 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-11 12:47 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-11 12:48 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-11 12:48 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-11 12:48 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-11 12:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-11 12:47 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-11 12:47 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-11 12:47 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-11 12:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-11 12:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-11 12:47 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-11 12:48 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-11 12:47 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-11 12:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-11 12:48 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-11 12:47 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-11 12:48 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-11 12:48 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-11 12:48 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 21:50 - 2012-07-10 18:28 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-10 18:28 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-10 18:27 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-10 18:28 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-10 18:28 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-10 18:28 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-10 18:27 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-10 18:28 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-10 18:27 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-27 15:55 - 2012-05-27 15:55 - 00001861 ____A C:\Users\Faye Oriola\Desktop\vGrabber.lnk


    ZeroAccess:
    C:\Windows\Installer\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}
    C:\Windows\Installer\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\@
    C:\Windows\Installer\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\L
    C:\Windows\Installer\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\n
    C:\Windows\Installer\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\U
    C:\Windows\Installer\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\L\00000004.@
    C:\Windows\Installer\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\L\1afb2d56
    C:\Windows\Installer\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\L\201d3dde
    C:\Windows\Installer\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\L\55490ac4
    C:\Windows\Installer\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\U\00000004.@
    C:\Windows\Installer\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\U\00000008.@
    C:\Windows\Installer\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\U\000000cb.@
    C:\Windows\Installer\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\U\80000000.@
    C:\Windows\Installer\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\U\80000032.@
    C:\Windows\Installer\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\U\80000064.@

    ZeroAccess:
    C:\Users\Faye Oriola\AppData\Local\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}
    C:\Users\Faye Oriola\AppData\Local\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\@
    C:\Users\Faye Oriola\AppData\Local\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\L
    C:\Users\Faye Oriola\AppData\Local\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\n
    C:\Users\Faye Oriola\AppData\Local\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\U
    C:\Users\Faye Oriola\AppData\Local\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\L\00000004.@
    C:\Users\Faye Oriola\AppData\Local\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\U\00000004.@
    C:\Users\Faye Oriola\AppData\Local\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\U\00000008.@
    C:\Users\Faye Oriola\AppData\Local\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\U\000000cb.@
    C:\Users\Faye Oriola\AppData\Local\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\U\80000000.@
    C:\Users\Faye Oriola\AppData\Local\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\U\80000032.@
    C:\Users\Faye Oriola\AppData\Local\{ca7f0b07-a062-1a24-265c-1a0d34043c4d}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 14%
    Total physical RAM: 3835.68 MB
    Available physical RAM: 3272.29 MB
    Total Pagefile: 3833.83 MB
    Available Pagefile: 3263.77 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:268.35 GB) (Free:89.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (YUJIN) (Removable) (Total:3.73 GB) (Free:2.05 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 3824 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 1500 MB 1024 KB
    Partition 2 Primary 268 GB 1501 MB
    Partition 3 Primary 18 GB 269 GB
    Partition 4 Primary 10 GB 287 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 D System NTFS Partition 1500 MB Healthy Hidden

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 C NTFS Partition 268 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ==================================================================================

    Disk: 0
    Partition 4
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3823 MB 20 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E YUJIN FAT32 Removable 3823 MB Healthy

    ==================================================================================

    Last Boot: 2012-07-21 00:41

    ======================= End Of Log ==========================
  2. emanalo

    emanalo Newcomer, in training Topic Starter

    still waiting
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    FRST Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  4. emanalo

    emanalo Newcomer, in training Topic Starter

    Hi, thank you for your help and fast reply :)

    Fixlog.txt goes like this


    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 15-08-2012
    Ran by SYSTEM at 2012-08-18 04:20:18 Run:1
    Running from E:\

    ==============================================

    C:\Windows\Installer\{ca7f0b07-a062-1a24-265c-1a0d34043c4d} moved successfully.
    C:\Users\Faye Oriola\AppData\Local\{ca7f0b07-a062-1a24-265c-1a0d34043c4d} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

    ==== End of Fixlog ====

    the mentioned problem seems fixed. But my computer start up slowly. But again, a million thanks to you.
  5. emanalo

    emanalo Newcomer, in training Topic Starter

    I've got error message box saying

    There was a problem startingC:\Users\Faye Oriola\AppData\Roaming\petmsh.dll
    The specified module could not be found

    amd then another message box saying

    TOSHIBA service Station has stopped working
    Windows is checking for solution
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    That's fine. Let's see if we can fix that...

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.