shappyrohman

Ok, I will look into doing that. Thank you very much for your help

At this point I am starting to think the problem is not a virus, but perhaps a graphics core or hard drive problem. It is a fairly old laptop (almost 5 years)

I am now in Normal mode. I finished the Threat Scan and nothing showed up. However, upon reboot I was prompted to do a Disk Check. 34% into the check, the ChkDsk froze.

Update: This time I did the Threat Scan in Safe Mode and my computer completely shut off near the end. Not sure what it means

I was in the middle of doing a Threat Scan with Malwarebytes when my computer crashed again. It was scanning through the file system objects. I didn't see which file it reached, but I recall seeing that it had just scanned system32 files. I am now in Safe Mode and am running the Threat Scan. I will post again when I have a result.

The problem lately has been that my laptop crashes without warning or reason. Sometimes it is the "blue screen of death" and other times the screen is covered with pixelated squares (hard to describe). If I try to restart my computer in Normal mode it crashes without getting past the Starting Windows screen. If I start it in Safe Mode w Networking it works perfectly. My laptop has never crashed in Safe Mode, only in Normal Mode. Also, I cannot open Malwarebytes, even when I Run as Administrator, which led me to believe there was a virus in my computer. The other thing worth mentioning is that I am using an American laptop while I study in France. It may be that the different voltage is causing these problems, but my laptop works fine in Safe Mode so I don't believe that is the issue. After performing the fix you recommended, I booted up my laptop in Normal Mode and it is currently working. However, I tried to open Malwarebytes and it still does not open. Below I have attached the fixlog.txt. Let me know what you think Fixlog.txt

Thank you, I downloaded Farbar and performed a scan. I have attached the 2 txt logs below. Addition.txt FRST.txt

Recently, my computer has been crashing with either a blue screen or a bizarre pixelation of the screen. I am traveling so I assumed it may have just been the euro-electricity, but that was a bad assumption. I haven't downloaded any new programs, but I did download an album from a rap group (don't worry, they were giving it out for free) and it came in a zip file. My laptop runs fine in safe mode but crashes if I Start Normally. I tried to open Malwarebytes, but it refuses to open, probably because of the virus. I also tried using Malwarebytes Chameleon to open up Malwarebytes, but all 13 tests failed to get it to start, so I couldn't perform a scan. However, I did notice that the quick scans performed by Chameleon kept pausing on files labeled SysWow64. I came to the forums here and saw that Syswow64 is a known trojan. Also, many people recommended RogueKiller, so I downloaded the program and ran the scan. Below is the report from Rkiller. Can anybody help me with this virus? I would really appreciate it! Rkiller report : (Note: when the file hh.exe was terminated, the window for Malwarebyte Chameleon closed, so I think that was the program terminated.) RogueKiller V9.3.0.0 [Oct 6 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : https://www.surlatoile.org/RogueKiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7600 ) 64 bits versionStarted in : Safe mode with network supportUser : Jared [Admin rights]Mode : Scan -- Date : 10/06/2014 17:07:49 ¤¤¤ Bad processes : 1 ¤¤¤[suspicious.Path] hh.exe -- C:\Windows\hh.exe[7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 14 ¤¤¤[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> FOUND[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> FOUND[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-260108978-2359899843-1326174590-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> FOUND[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-260108978-2359899843-1326174590-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{348DC075-403B-4FFA-B4D8-C5C80EF1AC50} | DhcpNameServer : 66.112.235.200 66.112.235.250 10.0.12.3 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{81AF372D-6727-4BEC-9DE1-50CAF5031093} | DhcpNameServer : 209.222.18.222 209.222.18.218 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{348DC075-403B-4FFA-B4D8-C5C80EF1AC50} | DhcpNameServer : 66.112.235.200 66.112.235.250 10.0.12.3 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{81AF372D-6727-4BEC-9DE1-50CAF5031093} | DhcpNameServer : 209.222.18.222 209.222.18.218 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{348DC075-403B-4FFA-B4D8-C5C80EF1AC50} | DhcpNameServer : 66.112.235.200 66.112.235.250 10.0.12.3 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{81AF372D-6727-4BEC-9DE1-50CAF5031093} | DhcpNameServer : 209.222.18.222 209.222.18.218 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤[suspicious.Path] AVG-Secure-Search-Update_JUNE2013_HP_rmv.job -- C:\Windows\TEMP\{4E2872C7-DB4E-40B4-B69C-14612131BD99}.exe (--uninstall=1) -> FOUND[suspicious.Path] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job -- C:\Windows\TEMP\{13266B46-6284-426C-8DF0-12B55E6C19B7}.exe (--uninstall=1) -> FOUND ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000035f]) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤[PUM.HomePage][FIREFX:Config] 3u47xkko.default : user_pref("browser.startup.homepage", "http://speedial.com/?f=1&a=spd_wnzp_14_21_ch&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyB0C0A0DzztBtAzzzyyBtN0D0Tzu0SzzyByEtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0A0EyB0B0DtBtAtGyB0AyD0AtGyBtB0C0EtG0E0B0DtAtGyEzzzzyEtAtCtAtCyD0BtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCyDyC0D0F0EyEtGzytBzyzztGzztA0AzytGzyyC0E0BtGyB0E0DyD0D0AyCtByDtA0CtD2Q&cr=49106506&ir="); -> FOUND ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 +++++--- User ---[MBR] 245af315d665ce2a0bab0396f1b8b0f1[bSP] 35c77ff41e9fa70318e806537ccb5a24 : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 29362176 | Size: 100 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29566976 | Size: 462502 MBUser = LL1 ... OKUser = LL2 ... OK Please let me know if I should supply any more information or have a chance to save my laptop! Thank you,Jared