[mary58]

No I can't

[Advertisements]

Please retry xPUD_MBRfix and post the mlog.txt. Let me know the outcome

[JSntgRvr]

Please retry xPUD_MBRfix and post the mlog.txt. Let me know the outcome

[mary58]

Below is the mbrlog When I try to boot I'm still getting the 'Windows failed to start' screen where I can either Launch Startup Repair or Start Windows Normally.



Fri Feb 17 16:01:02 UTC 2012

User has chosen Windows 7 boot code

Sat Feb 18 12:36:21 UTC 2012

User has chosen Windows 7 boot code
User has chosen drive sda
Backing up mbr to backup_sda.bin

Boot code structure before fix
/dev/sda has an x86 boot sector,
it is a Microsoft 7 master boot record, like the one this
program creates with the switch -7 on a hard disk device.

Boot code structure after repairing
/dev/sda has an x86 boot sector,
it is a Microsoft 7 master boot record, like the one this
program creates with the switch -7 on a hard disk device.

[mary58]

I tried tapping F8 again and it brought up a screen with 3 safe mode options (I chose the regular one), but then it went back to the 'windows failed to start' screen. I tried that a couple more times but now it just goes to the 'windows failed to start' screen.

[JSntgRvr]

Which Operating System uses the computer your are communicating with me?

[mary58]

This one is XP we also have one that's Vista.

[JSntgRvr]

I believe that the only way we can try to recover the boot process in your computer is throughout a Recovery Environment, meaning, we must have access to the Repair Console to check other areas of the boot process. There is no legal process I can use to reach that environment. Since the introduction of Vista, especially in Windows 7, systems come with features to produce these Cds as you can see in this link. I am sure you may come across with the availability of these compiled CDs or DVDs in the web, but their legal status or effectiveness is questionable. The CD must be of the same Operating System, (64bit or 32 bit) to be able to work.

Can you come across this or an install CD (Same Operating System)?

The computer had the Master boot Record infected, although now seems clear, however when you reached the Advanced Menu, there was no option for "Repair My Computer". That usually happens when the Boot Configuration Data Store (BCD) is either corrupted or not existent. The only way I know to check this is throughout the Repair Console.

[mary58]

After a few tries of tapping F8, I finally got back to the Advanced menu, and there was a "repair my computer" option. As soon as I get my son's password so I can log on,I will proceed and let you know the outcome. Thanks again.

[mary58]

I am at the screen which gives these options:
Startup Repair
System Restore
System Image Recovery
Window Memory Diagnostic
Command Prompt
Recovery Manager

I'll wait for your response before proceeding.

[JSntgRvr]

Allright! You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Click on Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

[mary58]

Here is the FRST log

Scan result of Farbar Recovery Scan Tool Version: 17-02-2012 (L)
Ran by SYSTEM at 2012-02-19 13:56:52
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6245408 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM-x32\...\Run: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe" [243544 2010-04-13] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2010-11-17] (Apple Inc.)
HKLM-x32\...\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-12-03] (Google)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave [828944 2011-08-03] (GlavSoft LLC.)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Frank\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Frank\...\Run: [JumiController] C:\Program Files (x86)\Jumi\jumi.exe [3406336 2011-05-16] (Jumi Technologies)
HKU\Frank\...\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" [4771184 2011-05-28] (BitTorrent, Inc.)
HKU\Frank\...\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe [2717000 2011-08-23] (Connectify)
HKU\Frank\...\Policies\system: [disableregistrytools] 0
HKU\Mary\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Mary\...\Run: [JumiController] C:\Program Files (x86)\Jumi\jumi.exe [3406336 2011-05-16] (Jumi Technologies)
HKU\Mary\...\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" [4771184 2011-05-28] (BitTorrent, Inc.)
HKU\Mary\...\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe [2717000 2011-08-23] (Connectify)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

==================== Services (Whitelisted) ======

2 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [140272 2010-05-21] (CinemaNow, Inc.)
2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [13312 2011-08-20] ()
3 GoogleDesktopManager-051210-111108; "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-12-03] (Google)
2 HP Wireless Assistant Service; "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" [103992 2010-06-18] (Hewlett-Packard Company)
2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26680 2010-11-09] (Hewlett-Packard Development Company, L.P.)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 tvnserver; "C:\Program Files (x86)\TightVNC\tvnserver.exe" -service [828944 2011-08-03] (GlavSoft LLC.)
3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [953904 2010-11-23] (Symantec Corporation)
3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [67072 2009-07-13] (Microsoft Corporation)
1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [31344 2011-09-02] (Connectify)
3 connctfy; C:\Windows\System32\DRIVERS\connctfy.sys [34880 2010-08-11] (Connectify)
3 connctfyMP; C:\Windows\System32\DRIVERS\connctfy.sys [34880 2010-08-11] (Connectify)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-12-02] (Symantec Corporation)
3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [7296 2003-09-23] (GARMIN Corp.)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110117.001\IDSvia64.sys [476792 2010-11-08] (Symantec Corporation)
3 jumi; C:\Windows\System32\DRIVERS\jumi.sys [15160 2010-06-03] (Windows ® Codename Longhorn DDK provider)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110118.017\ENG64.SYS [117880 2010-12-29] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110118.017\EX64.SYS [1791096 2010-12-29] (Symantec Corporation)
2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NISx64\1207000.00D\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1207000.00D\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\NISx64\1207000.00D\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-19 13:56 - 2012-02-19 13:57 - 0000000 ____D C:\FRST
2012-02-14 18:57 - 2009-07-13 17:14 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-02-14 18:44 - 2012-02-14 18:44 - 0023372 ____A C:\Users\Frank\Downloads\7ick.jpg
2012-02-13 17:07 - 2012-02-13 17:21 - 0017076 ____A C:\Users\Frank\Desktop\Technicalreport outlinedraft.docx
2012-02-13 10:17 - 2012-02-14 18:54 - 0000000 ____D C:\Users\Frank\AppData\Roaming\EEBD2
2012-02-12 20:12 - 2012-02-12 20:12 - 0033136 ____A C:\Users\Frank\Desktop\FranklinPeeplesResumedraftwriting227currentversion.docx
2012-02-12 19:16 - 2012-02-12 19:16 - 0000000 ____D C:\Program Files (x86)\D28F9
2012-02-12 19:15 - 2012-02-12 19:15 - 0000000 ____D C:\Windows\Sun
2012-02-12 19:15 - 2012-02-12 19:15 - 0000000 ____D C:\Program Files (x86)\LP
2012-02-12 17:17 - 2012-02-12 18:09 - 0014353 ____A C:\Users\Frank\Desktop\Coverletterfinal.docx
2012-02-11 23:06 - 2012-02-11 23:06 - 0000162 ___AH C:\Users\Frank\Downloads\~$102716789.dotm
2012-02-11 23:06 - 2012-02-11 23:06 - 0000162 ___AH C:\Users\Frank\Documents\~$anklinPeeplesResumedraftwriting227currentversion.docx
2012-02-11 23:04 - 2012-02-12 20:11 - 0032908 ____A C:\Users\Frank\Documents\FranklinPeeplesResumedraftwriting227currentversion.docx
2012-02-11 23:04 - 2012-02-11 23:04 - 0032427 ____H C:\Users\Frank\Documents\~WRL0348.tmp
2012-02-11 22:15 - 2012-02-11 22:15 - 0081236 ____A C:\Users\Frank\Downloads\TS102716789.dotm
2012-02-11 22:14 - 2012-02-11 22:14 - 0107205 ____A C:\Users\Frank\Downloads\TS101953378.dotm
2012-02-11 16:58 - 2012-02-11 16:58 - 0000000 ____A C:\Users\Frank\Downloads\iphone_sms.html
2012-02-10 11:28 - 2012-02-10 12:06 - 0000332 ____A C:\Windows\Tasks\HPCeeScheduleForFrank.job
2012-02-09 17:03 - 2012-02-09 17:03 - 0000000 ____A C:\Users\Frank\Desktop\Resumedraftwriting227.docx
2012-02-09 11:02 - 2012-02-09 11:02 - 0013947 ____A C:\Users\Frank\Documents\Skills Write-up.docx
2012-02-08 09:15 - 2012-02-08 09:16 - 0038999 ____A C:\Users\Frank\Downloads\memes-joseph-gump.jpg
2012-02-07 11:33 - 2012-02-07 16:06 - 0013724 ____A C:\Users\Frank\Desktop\Cover letter.docx
2012-02-06 20:49 - 2012-02-06 20:49 - 0000000 ____A C:\Users\Frank\Desktop\New Microsoft Word Document (2).docx
2012-02-06 20:12 - 2012-02-06 20:12 - 0000162 ___AH C:\Users\Frank\Desktop\~$RFOLDER.docx
2012-02-06 19:22 - 2012-02-06 19:22 - 0000000 ____A C:\Users\Frank\Desktop\SARFOLDER.docx
2012-02-06 16:40 - 2012-02-06 21:32 - 0000000 ____D C:\Users\Frank\Desktop\Iphone pics backup
2012-02-05 19:41 - 2012-02-05 19:41 - 0000000 ____H C:\Users\Frank\Desktop\~WRL1404.tmp
2012-02-02 14:35 - 2012-02-02 14:35 - 0000000 ____D C:\DFU
2012-02-02 11:36 - 2012-02-02 11:24 - 338579762 ____A C:\Users\Frank\Desktop\iPhone1,2_4.2.1_8C148_Restore.zip.ipsw
2012-02-02 11:04 - 2012-02-02 11:24 - 338579762 ____A C:\Users\Frank\Downloads\iPhone1,2_4.2.1_8C148_Restore.ipsw
2012-02-02 10:59 - 2012-02-02 11:00 - 0000246 ____A C:\Users\Frank\umbrella0.log
2012-02-02 10:59 - 2012-02-02 11:00 - 0000246 ____A C:\Users\Frank\Downloads\umbrella.log
2012-02-02 10:59 - 2012-02-02 11:00 - 0000080 ____A C:\Windows\System32\Drivers\etc\hosts.umbrella
2012-02-02 10:58 - 2012-02-02 10:58 - 0000000 ____D C:\Users\Frank\AppData\Roaming\redsn0w
2012-02-02 10:58 - 2012-02-02 10:58 - 0000000 ____D C:\Users\Frank\.shsh
2012-02-02 10:56 - 2012-02-02 10:56 - 0000000 ____D C:\Program Files (x86)\7-Zip
2012-02-02 10:55 - 2012-02-02 10:55 - 1138397 ____A C:\Users\Frank\Downloads\7z922.exe
2012-02-02 10:53 - 2012-02-02 10:53 - 2246144 ____A () C:\Users\Frank\Downloads\tinyumbrella-5.10.06.exe
2012-02-02 10:52 - 2012-02-02 10:52 - 13970183 ____A C:\Users\Frank\Downloads\redsn0w_win_0.9.6rc19.zip
2012-02-02 10:33 - 2012-02-02 10:34 - 2410584 ____A (iMesh Inc. ) C:\Users\Frank\Downloads\iMeshV11.exe
2012-01-24 19:16 - 2012-01-31 07:38 - 0014050 ____A C:\Users\Frank\Desktop\MBTIWriteUp.docx
2012-01-24 14:59 - 2012-01-24 14:59 - 0000000 ____A C:\Users\Frank\Desktop\New Microsoft Word Document.docx
2012-01-23 16:53 - 2012-01-23 16:53 - 0000162 ___AH C:\Users\Frank\Desktop\~$nComposici.docx
2012-01-22 17:32 - 2012-01-22 17:32 - 0096086 ____A C:\Users\Frank\Desktop\445px-Unclesamwantyousar.jpg
2012-01-22 17:29 - 2012-01-22 17:29 - 0090446 ____A C:\Users\Frank\Desktop\445px-Unclesamwantyou blank.jpg
2012-01-22 14:11 - 2012-01-22 18:13 - 0013935 ____H C:\Users\Frank\Desktop\~WRL0005.tmp
2012-01-22 14:00 - 2012-01-22 14:09 - 0000000 ____D C:\Users\Frank\Desktop\Search And Rescue
2012-01-22 13:25 - 2012-01-22 17:28 - 0101390 ____A C:\Users\Frank\Desktop\445px-Unclesamwantyou.jpg

============ 3 Months Modified Files and Folders =============

2012-02-19 13:57 - 2012-02-19 13:56 - 0000000 ____D C:\FRST
2012-02-14 19:12 - 2011-02-27 07:46 - 0000000 ____D C:\Users\Frank\AppData\Roaming\BitTorrent
2012-02-14 19:12 - 2010-08-17 00:34 - 2005061 ____A C:\Windows\WindowsUpdate.log
2012-02-14 19:05 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-14 19:05 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-14 18:59 - 2011-05-28 18:54 - 0000392 ____A C:\Windows\Tasks\FinalTorrent Update Checker.job
2012-02-14 18:57 - 2011-02-19 18:32 - 0000000 ____D C:\Program Files (x86)\Connectify
2012-02-14 18:57 - 2010-12-02 16:21 - 0000000 ____D C:\Users\Frank\AppData\Roaming\Dropbox
2012-02-14 18:56 - 2010-12-02 15:40 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-02-14 18:56 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-14 18:56 - 2009-07-13 20:51 - 0121550 ____A C:\Windows\setupact.log
2012-02-14 18:55 - 2010-08-17 00:26 - 2361589760 __ASH C:\hiberfil.sys
2012-02-14 18:55 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-02-14 18:54 - 2012-02-13 10:17 - 0000000 ____D C:\Users\Frank\AppData\Roaming\EEBD2
2012-02-14 18:54 - 2011-05-28 19:19 - 0000000 ____D C:\Users\Frank\AppData\Roaming\FinalTorrent
2012-02-14 18:54 - 2011-04-15 09:27 - 0000000 ____D C:\users\Mary
2012-02-14 18:54 - 2010-12-02 14:38 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-02-14 18:54 - 2010-12-02 14:19 - 0000000 ____D C:\users\Frank
2012-02-14 18:54 - 2010-08-17 01:23 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-02-14 18:54 - 2010-08-17 00:48 - 0000000 ____D C:\Users\All Users\Norton
2012-02-14 18:54 - 2010-08-17 00:48 - 0000000 ____D C:\ProgramData\Norton
2012-02-14 18:54 - 2010-08-17 00:46 - 0000000 ____D C:\Users\All Users\CinemaNow
2012-02-14 18:54 - 2010-08-17 00:46 - 0000000 ____D C:\ProgramData\CinemaNow
2012-02-14 18:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-02-14 18:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-02-14 18:52 - 2011-11-10 13:35 - 0000000 ____D C:\Users\Frank\AppData\Roaming\SoftGrid Client
2012-02-14 18:44 - 2012-02-14 18:44 - 0023372 ____A C:\Users\Frank\Downloads\7ick.jpg
2012-02-13 17:21 - 2012-02-13 17:07 - 0017076 ____A C:\Users\Frank\Desktop\Technicalreport outlinedraft.docx
2012-02-12 20:12 - 2012-02-12 20:12 - 0033136 ____A C:\Users\Frank\Desktop\FranklinPeeplesResumedraftwriting227currentversion.docx
2012-02-12 20:11 - 2012-02-11 23:04 - 0032908 ____A C:\Users\Frank\Documents\FranklinPeeplesResumedraftwriting227currentversion.docx
2012-02-12 19:16 - 2012-02-12 19:16 - 0000000 ____D C:\Program Files (x86)\D28F9
2012-02-12 19:15 - 2012-02-12 19:15 - 0000000 ____D C:\Windows\Sun
2012-02-12 19:15 - 2012-02-12 19:15 - 0000000 ____D C:\Program Files (x86)\LP
2012-02-12 18:09 - 2012-02-12 17:17 - 0014353 ____A C:\Users\Frank\Desktop\Coverletterfinal.docx
2012-02-11 23:06 - 2012-02-11 23:06 - 0000162 ___AH C:\Users\Frank\Downloads\~$102716789.dotm
2012-02-11 23:06 - 2012-02-11 23:06 - 0000162 ___AH C:\Users\Frank\Documents\~$anklinPeeplesResumedraftwriting227currentversion.docx
2012-02-11 23:04 - 2012-02-11 23:04 - 0032427 ____H C:\Users\Frank\Documents\~WRL0348.tmp
2012-02-11 22:44 - 2010-12-02 15:40 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-02-11 22:15 - 2012-02-11 22:15 - 0081236 ____A C:\Users\Frank\Downloads\TS102716789.dotm
2012-02-11 22:14 - 2012-02-11 22:14 - 0107205 ____A C:\Users\Frank\Downloads\TS101953378.dotm
2012-02-11 16:58 - 2012-02-11 16:58 - 0000000 ____A C:\Users\Frank\Downloads\iphone_sms.html
2012-02-10 12:06 - 2012-02-10 11:28 - 0000332 ____A C:\Windows\Tasks\HPCeeScheduleForFrank.job
2012-02-10 11:25 - 2010-12-04 10:49 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-02-10 11:13 - 2010-12-02 21:08 - 0029672 ____A C:\Windows\PFRO.log
2012-02-09 21:24 - 2010-08-17 00:48 - 0002489 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-02-09 21:24 - 2010-08-17 00:48 - 0000000 ____D C:\Windows\System32\Drivers\NISx64
2012-02-09 17:03 - 2012-02-09 17:03 - 0000000 ____A C:\Users\Frank\Desktop\Resumedraftwriting227.docx
2012-02-09 11:02 - 2012-02-09 11:02 - 0013947 ____A C:\Users\Frank\Documents\Skills Write-up.docx
2012-02-08 21:46 - 2010-12-02 15:49 - 0002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-02-08 09:16 - 2012-02-08 09:15 - 0038999 ____A C:\Users\Frank\Downloads\memes-joseph-gump.jpg
2012-02-07 16:06 - 2012-02-07 11:33 - 0013724 ____A C:\Users\Frank\Desktop\Cover letter.docx
2012-02-06 21:32 - 2012-02-06 16:40 - 0000000 ____D C:\Users\Frank\Desktop\Iphone pics backup
2012-02-06 20:49 - 2012-02-06 20:49 - 0000000 ____A C:\Users\Frank\Desktop\New Microsoft Word Document (2).docx
2012-02-06 20:12 - 2012-02-06 20:12 - 0000162 ___AH C:\Users\Frank\Desktop\~$RFOLDER.docx
2012-02-06 19:22 - 2012-02-06 19:22 - 0000000 ____A C:\Users\Frank\Desktop\SARFOLDER.docx
2012-02-06 15:55 - 2012-01-12 14:42 - 0000000 ____D C:\Users\Frank\Desktop\Winter2012
2012-02-05 19:41 - 2012-02-05 19:41 - 0000000 ____H C:\Users\Frank\Desktop\~WRL1404.tmp
2012-02-05 19:32 - 2009-07-13 21:13 - 0727310 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-02 14:35 - 2012-02-02 14:35 - 0000000 ____D C:\DFU
2012-02-02 11:24 - 2012-02-02 11:36 - 338579762 ____A C:\Users\Frank\Desktop\iPhone1,2_4.2.1_8C148_Restore.zip.ipsw
2012-02-02 11:24 - 2012-02-02 11:04 - 338579762 ____A C:\Users\Frank\Downloads\iPhone1,2_4.2.1_8C148_Restore.ipsw
2012-02-02 11:00 - 2012-02-02 10:59 - 0000246 ____A C:\Users\Frank\umbrella0.log
2012-02-02 11:00 - 2012-02-02 10:59 - 0000246 ____A C:\Users\Frank\Downloads\umbrella.log
2012-02-02 11:00 - 2012-02-02 10:59 - 0000080 ____A C:\Windows\System32\Drivers\etc\hosts.umbrella
2012-02-02 11:00 - 2011-12-17 15:00 - 0000080 ____A C:\Windows\System32\Drivers\etc\hosts
2012-02-02 10:58 - 2012-02-02 10:58 - 0000000 ____D C:\Users\Frank\AppData\Roaming\redsn0w
2012-02-02 10:58 - 2012-02-02 10:58 - 0000000 ____D C:\Users\Frank\.shsh
2012-02-02 10:56 - 2012-02-02 10:56 - 0000000 ____D C:\Program Files (x86)\7-Zip
2012-02-02 10:55 - 2012-02-02 10:55 - 1138397 ____A C:\Users\Frank\Downloads\7z922.exe
2012-02-02 10:53 - 2012-02-02 10:53 - 2246144 ____A () C:\Users\Frank\Downloads\tinyumbrella-5.10.06.exe
2012-02-02 10:52 - 2012-02-02 10:52 - 13970183 ____A C:\Users\Frank\Downloads\redsn0w_win_0.9.6rc19.zip
2012-02-02 10:34 - 2012-02-02 10:33 - 2410584 ____A (iMesh Inc. ) C:\Users\Frank\Downloads\iMeshV11.exe
2012-02-01 11:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-01-31 07:38 - 2012-01-24 19:16 - 0014050 ____A C:\Users\Frank\Desktop\MBTIWriteUp.docx
2012-01-24 14:59 - 2012-01-24 14:59 - 0000000 ____A C:\Users\Frank\Desktop\New Microsoft Word Document.docx
2012-01-23 16:53 - 2012-01-23 16:53 - 0000162 ___AH C:\Users\Frank\Desktop\~$nComposici.docx
2012-01-23 10:09 - 2010-12-02 14:23 - 0074648 ____A C:\Users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-22 18:13 - 2012-01-22 14:11 - 0013935 ____H C:\Users\Frank\Desktop\~WRL0005.tmp
2012-01-22 17:32 - 2012-01-22 17:32 - 0096086 ____A C:\Users\Frank\Desktop\445px-Unclesamwantyousar.jpg
2012-01-22 17:29 - 2012-01-22 17:29 - 0090446 ____A C:\Users\Frank\Desktop\445px-Unclesamwantyou blank.jpg
2012-01-22 17:28 - 2012-01-22 13:25 - 0101390 ____A C:\Users\Frank\Desktop\445px-Unclesamwantyou.jpg
2012-01-22 14:11 - 2011-09-26 13:41 - 0000000 ____D C:\Users\Frank\Desktop\Fall
2012-01-22 14:10 - 2011-09-01 20:10 - 0000000 ____D C:\Users\Frank\Desktop\RandomPics
2012-01-22 14:09 - 2012-01-22 14:00 - 0000000 ____D C:\Users\Frank\Desktop\Search And Rescue
2012-01-22 14:08 - 2011-04-18 06:03 - 0000000 ____D C:\Users\Frank\Desktop\Entertainment
2012-01-22 14:06 - 2011-09-01 20:11 - 0000000 ____D C:\Users\Frank\Desktop\Spring
2012-01-16 17:47 - 2012-01-16 17:47 - 0000000 ____D C:\Users\Frank\AppData\Local\Microsoft Help
2012-01-16 17:47 - 2012-01-16 17:47 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-01-16 17:47 - 2012-01-16 17:47 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-01-16 17:24 - 2012-01-16 17:24 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-01-15 19:44 - 2012-01-15 19:44 - 0000162 ___AH C:\Users\Frank\Desktop\~$w Microsoft Word Document (6).docx
2012-01-11 11:51 - 2012-01-11 11:51 - 0000162 ___AH C:\Users\Frank\Desktop\~$styApp.docx
2012-01-11 11:44 - 2009-07-13 21:08 - 0032546 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-10 22:24 - 2011-09-25 17:11 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-01-10 15:28 - 2012-01-10 15:28 - 0065536 __ASH C:\Windows\System32\config\components{3bab4f6b-1d22-11e1-a927-00027220553c}.TxR.blf
2012-01-07 10:46 - 2011-02-19 18:35 - 0000000 ____D C:\Users\Frank\AppData\Local\Connectify
2012-01-06 12:09 - 2012-01-06 12:09 - 0110760 ____A C:\Users\Frank\Downloads\red-roses-photo.jpg
2011-12-29 09:11 - 2010-12-02 16:26 - 0001016 ____A C:\Users\Frank\Desktop\Dropbox.lnk
2011-12-29 09:11 - 2010-12-02 16:26 - 0000996 ____A C:\Users\Frank\Start Menu\Programs\Startup\Dropbox.lnk
2011-12-29 09:11 - 2010-12-02 16:26 - 0000996 ____A C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2011-12-29 09:11 - 2010-12-02 16:26 - 0000000 ___RD C:\Users\Frank\Documents\My Dropbox
2011-12-26 17:29 - 2011-12-13 22:14 - 0005153 ____A C:\Users\Frank\Documents\Promotion Request.odt
2011-12-26 14:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-12-23 16:22 - 2011-12-23 16:22 - 4685371 ____A C:\Users\Frank\Downloads\Linn County Sheriff's Search and RescueSomebodyisGonna get hurt because of you
2011-12-23 16:21 - 2011-12-23 16:21 - 0055656 ____A C:\Users\Frank\Downloads\rRonvvrNV1M.swf
2011-12-23 16:04 - 2011-12-23 16:00 - 0000000 ____D C:\Users\Frank\Documents\Any Video Converter
2011-12-23 16:00 - 2011-12-23 16:00 - 0001236 ____A C:\Users\Frank\Desktop\Any Video Converter.lnk
2011-12-23 16:00 - 2011-12-23 16:00 - 0000000 ____D C:\Users\Frank\AppData\Roaming\AnvSoft
2011-12-23 15:59 - 2011-12-23 15:59 - 0000000 ____D C:\Program Files (x86)\AnvSoft
2011-12-23 15:57 - 2011-12-23 15:56 - 23795304 ____A (Any-Video-Converter.com ) C:\Users\Frank\Downloads\avc-free.exe
2011-12-23 15:49 - 2011-12-23 15:49 - 3575207 ____A C:\Users\Frank\Downloads\Linn County Sheriff's Search and Rescue.mp4
2011-12-23 13:02 - 2011-12-17 14:35 - 0000000 ____D C:\Windows\ERDNT
2011-12-18 16:18 - 2011-05-28 18:31 - 0000000 ____D C:\Program Files (x86)\Yontoo Layers
2011-12-18 15:45 - 2011-12-16 10:19 - 0000000 ____D C:\Program Files (x86)\Application Updater
2011-12-18 15:36 - 2011-12-18 15:36 - 0000000 ____D C:\Program Files (x86)\ESET
2011-12-18 15:35 - 2011-12-18 15:35 - 2322184 ____A (ESET) C:\Users\Frank\Desktop\esetsmartinstaller_enu.exe
2011-12-17 16:17 - 2011-12-17 16:17 - 0000000 __SHD C:\$RECYCLE.BIN
2011-12-17 15:12 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2011-12-17 15:12 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2011-12-17 15:04 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2011-12-17 15:01 - 2011-12-17 15:01 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2011-12-17 15:01 - 2011-12-17 15:01 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2011-12-17 15:01 - 2011-12-17 15:01 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2011-12-17 15:01 - 2011-12-17 15:01 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2011-12-17 15:01 - 2011-12-17 15:01 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2011-12-17 15:01 - 2011-12-17 15:01 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2011-12-17 15:01 - 2011-12-17 15:01 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2011-12-17 15:01 - 2011-12-17 15:01 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2011-12-17 15:01 - 2011-12-17 15:01 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2011-12-17 15:01 - 2011-12-17 15:01 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2011-12-17 15:01 - 2009-07-13 18:34 - 60030976 ____A C:\Windows\System32\config\SOFTWARE.bak
2011-12-17 15:01 - 2009-07-13 18:34 - 15990784 ____A C:\Windows\System32\config\SYSTEM.bak
2011-12-17 15:01 - 2009-07-13 18:34 - 0786432 ____A C:\Windows\System32\config\DEFAULT.bak
2011-12-17 15:01 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2011-12-17 15:01 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2011-12-17 14:15 - 2010-12-02 18:48 - 0000000 ____D C:\Users\Frank\AppData\Local\CrashDumps
2011-12-16 18:28 - 2011-05-28 19:04 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-16 17:47 - 2011-12-15 18:04 - 0009406 __ASH C:\Users\Frank\AppData\Local\78d8k151h2hqn5y15r3vi
2011-12-16 17:47 - 2011-12-15 18:04 - 0009406 __ASH C:\Users\All Users\78d8k151h2hqn5y15r3vi
2011-12-16 17:47 - 2011-12-15 18:04 - 0009406 __ASH C:\ProgramData\78d8k151h2hqn5y15r3vi
2011-12-16 10:24 - 2011-12-16 10:24 - 0000000 ____A C:\Users\All Users\7UCm7eR0t.dat
2011-12-16 10:24 - 2011-12-16 10:24 - 0000000 ____A C:\ProgramData\7UCm7eR0t.dat
2011-12-16 10:19 - 2011-12-16 10:19 - 0000000 ____D C:\Program Files (x86)\YouTube Downloader Toolbar
2011-12-16 10:19 - 2010-12-02 14:19 - 0000000 ____D C:\Users\Frank\AppData\LocalLow
2011-12-15 21:46 - 2011-12-15 21:46 - 0013288 ____A C:\Users\Frank\Desktop\Top ten Politically correct Christmas Carols.docx
2011-12-15 21:46 - 2011-12-15 21:46 - 0000162 ___AH C:\Users\Frank\Desktop\~$p ten Politically correct Christmas Carols.docx
2011-12-15 21:36 - 2011-12-15 21:36 - 0584192 ____A (OldTimer Tools) C:\Users\Frank\Downloads\OTL.exe
2011-12-15 17:00 - 2011-12-15 16:54 - 0009652 __ASH C:\Users\Frank\AppData\Local\wrtxqe4s5omf0cvp3ugj1w488u8g
2011-12-15 17:00 - 2011-12-15 16:54 - 0009652 __ASH C:\Users\All Users\wrtxqe4s5omf0cvp3ugj1w488u8g
2011-12-15 17:00 - 2011-12-15 16:54 - 0009652 __ASH C:\ProgramData\wrtxqe4s5omf0cvp3ugj1w488u8g
2011-12-15 16:54 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2011-12-15 14:36 - 2011-12-15 14:36 - 0000162 ___AH C:\Users\Frank\Desktop\~$w Microsoft Word Document (4).docx
2011-12-15 10:38 - 2009-07-13 20:45 - 0323512 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-14 13:53 - 2011-12-14 13:52 - 0214244 ____A C:\Users\Frank\Downloads\Camoscarve.jpg
2011-12-13 13:55 - 2011-12-13 13:55 - 0011949 ____A C:\Users\Frank\Documents\Resume12-13-11.odt
2011-12-13 12:25 - 2011-12-13 12:25 - 0000000 ____D C:\Users\Frank\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2011-12-13 12:25 - 2011-11-10 13:35 - 0000000 ____D C:\Users\Frank\AppData\Local\SoftGrid Client
2011-12-13 12:24 - 2011-12-13 12:24 - 0000000 ____D C:\Users\All Users\Virtualized Applications
2011-12-13 12:24 - 2011-12-13 12:24 - 0000000 ____D C:\ProgramData\Virtualized Applications
2011-12-13 09:33 - 2011-12-13 09:33 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-12-12 21:07 - 2011-12-12 21:07 - 0000162 ___AH C:\Users\Frank\Desktop\~$omotion Request.docx
2011-12-08 18:18 - 2011-12-08 18:18 - 0107799 ____A C:\Users\Frank\Downloads\Photo12072020.jpg
2011-12-08 10:59 - 2011-12-08 10:59 - 0864464 ____A C:\Windows\Minidump\120811-26535-01.dmp
2011-12-08 10:59 - 2011-02-19 19:57 - 416185304 ____A C:\Windows\MEMORY.DMP
2011-12-08 10:59 - 2011-02-19 19:57 - 0000000 ____D C:\Windows\Minidump
2011-12-07 10:53 - 2011-12-07 10:53 - 0000078 ____A C:\Users\Frank\Desktop\Roads.txt
2011-12-05 13:13 - 2011-11-30 13:57 - 0013725 ____H C:\Users\Frank\Desktop\~WRL0660.tmp
2011-12-04 12:35 - 2011-12-04 12:35 - 0000000 ____A C:\Users\Frank\AppData\Local\{80B1F172-F2B9-41A4-A098-7842A938D87E}
2011-12-02 17:39 - 2011-11-11 10:45 - 0000000 ____D C:\Users\All Users\VirtualizedApplications
2011-12-02 17:39 - 2011-11-11 10:45 - 0000000 ____D C:\ProgramData\VirtualizedApplications
2011-11-30 22:00 - 2011-11-30 21:59 - 0759664 ____A (Adobe Systems Incorporated) C:\Users\Frank\Downloads\install_flashplayer11x64_mssd_aih.exe
2011-11-30 13:57 - 2011-11-30 13:57 - 0000162 ___AH C:\Users\Frank\Desktop\~$Stress.docx
2011-11-30 13:57 - 2011-11-30 13:57 - 0000000 ____H C:\Users\Frank\Desktop\~WRL0003.tmp
2011-11-27 14:01 - 2011-11-27 14:01 - 0000162 ___AH C:\Users\Frank\Desktop\~$licy Claim.docx
2011-11-24 11:53 - 2011-11-24 11:53 - 0000000 ____A C:\Users\Frank\Desktop\New Microsoft Word Document (3).docx
2011-11-23 20:52 - 2011-12-14 10:34 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-23 14:39 - 2011-11-23 14:39 - 0000162 ___AH C:\Users\Frank\Desktop\~$yplate.docx

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 21%
Total physical RAM: 3002.92 MB
Available physical RAM: 2364.24 MB
Total Pagefile: 3001.07 MB
Available Pagefile: 2356.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:216.47 GB) (Free:147.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:16.12 GB) (Free:2.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.92 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 953 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 216 GB 200 MB
Partition 3 Primary 16 GB 216 GB
Partition 4 Primary 103 MB 232 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 216 GB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 16 GB Healthy

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 953 MB 64 KB

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H KINGSTON FAT Removable 953 MB Healthy


==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2012-02-11 13:27

======================= End Of Log ==========================

[JSntgRvr]

Download the enclosed file.

Safe it in the USB drive next to FRST.

Run FRST as you did before, except this time around click on the Fix button and wait.

The tool will make a log in the flash drive (Fixlog.txt). Please post it to your reply.

If successful, boot in Normal mode. If able to, run Combofix.

[mary58]

Below it the fixlog. The machine booted and I will run combofix next.

Here is the fixlog:

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 17-02-2012 (L)
Ran by SYSTEM at 2012-02-19 14:57:33 R:1
Running from H:\

==============================================


The operation completed successfully.
The operation completed successfully.

========= bcdedit /enum all /v =========


Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
extendedinput Yes
default {c279be76-9b51-11de-9b93-a29d207e6d0e}
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
displayorder {c279be76-9b51-11de-9b93-a29d207e6d0e}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {0c3755a5-a9e1-11df-93e8-ad95c5ca18c4}

Windows Boot Loader
-------------------
identifier {0c3755a5-a9e1-11df-93e8-ad95c5ca18c4}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{0c3755a6-a9e1-11df-93e8-ad95c5ca18c4}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{0c3755a6-a9e1-11df-93e8-ad95c5ca18c4}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Windows Boot Loader
-------------------
identifier {572bcd60-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[boot]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
path \windows\system32\boot\winload.exe
description Microsoft Windows PE 2.0
osdevice ramdisk=[boot]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
systemroot \windows
detecthal Yes
winpe Yes
ems Yes

Windows Boot Loader
-------------------
identifier {c279be76-9b51-11de-9b93-a29d207e6d0e}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {0c3755a5-a9e1-11df-93e8-ad95c5ca18c4}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
nx OptIn

Resume from Hibernate
---------------------
identifier {c279be75-9b51-11de-9b93-a29d207e6d0e}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {0c3755a6-a9e1-11df-93e8-ad95c5ca18c4}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Setup Ramdisk Options
---------------------
identifier {ae5534e0-a924-466c-b836-758539a3ee3a}
description Ramdisk Options
ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi

========= End of CMD: =========


==== End of Fixlog ====

[mary58]

Here is the ComboFix log:


ComboFix 12-02-19.02 - Frank 02/19/2012 15:28:50.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1755 [GMT -8:00]
Running from: c:\users\Frank\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\53CE\888.tmp_1329325688.arl
c:\users\Frank\Documents\~WRL0348.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-19 to 2012-02-19 )))))))))))))))))))))))))))))))
.
.
2012-02-19 23:42 . 2012-02-19 23:42 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-02-19 23:40 . 2012-02-19 23:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-19 23:40 . 2012-02-19 23:40 -------- d-----w- c:\users\Mary\AppData\Local\temp
2012-02-19 23:40 . 2012-02-19 23:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-19 23:01 . 2012-02-19 23:01 -------- d-----w- c:\programdata\Recovery
2012-02-19 21:56 . 2012-02-19 21:57 -------- d-----w- C:\FRST
2012-02-15 02:57 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-02-13 18:17 . 2012-02-15 02:54 -------- d-----w- c:\users\Frank\AppData\Roaming\EEBD2
2012-02-13 03:16 . 2012-02-13 03:16 -------- d-----w- c:\program files (x86)\D28F9
2012-02-13 03:15 . 2012-02-13 03:15 -------- d-----w- c:\windows\Sun
2012-02-02 22:35 . 2012-02-02 22:35 -------- d-----w- C:\DFU
2012-02-02 18:58 . 2012-02-02 18:58 -------- d-----w- c:\users\Frank\.shsh
2012-02-02 18:58 . 2012-02-02 18:58 -------- d-----w- c:\users\Frank\AppData\Roaming\redsn0w
2012-02-02 18:56 . 2012-02-02 18:56 -------- d-----w- c:\program files (x86)\7-Zip
2012-01-31 15:27 . 2012-02-10 05:23 -------- d-----w- c:\windows\system32\drivers\NISx64\1207000.00D
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-13 17:33 . 2011-12-13 17:33 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-14 18:34 3145216 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 19:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 19:51 3911776 ----a-w- c:\program files (x86)\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"JumiController"="c:\program files (x86)\Jumi\jumi.exe" [2011-05-16 3406336]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2011-05-29 4771184]
"Connectify"="c:\program files (x86)\Connectify\Connectify.exe" [2011-08-23 2717000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe" [2010-04-14 243544]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-12-03 30192]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2011-08-03 828944]
.
c:\users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]
R3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\DRIVERS\bthprint.sys [x]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-12-03 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2010-11-23 953904]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110117.001\IDSvia64.sys [2010-11-09 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe [2011-08-20 13312]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2011-08-03 828944]
S3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-19 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files (x86)\FinalTorrent\FTCheckForUpdates.exe [2011-05-29 23:50]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 23:40]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 23:40]
.
2012-02-19 c:\windows\Tasks\HPCeeScheduleForFrank.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\0pt6nfzz.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Connectify\ConnectifyD.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-02-19 15:52:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-19 23:52
.
Pre-Run: 157,886,595,072 bytes free
Post-Run: 157,832,761,344 bytes free
.
- - End Of File - - 971C87E702E06202A816EC33159D0461

[JSntgRvr]

Lets scan for remnants:

Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• First please Disable any Antivirus you have active, as shown in This topic.
• Note: Don't forget to re-enable it after the scan.
• Next hold down Control then click on the following link to open a new window to ESET online scannner.
• Select the option YES, I accept the Terms of Use then click on Start.
  
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

• All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  
  

  Scan for potentially unwanted applications
  Scan for potentially unsafe applications
  Enable Anti-Stealth Technology

• Now click on Start.
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on Finish.
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Security check

Download and run Security Check by screen317 and post its report.