Inactive PC Performance & Stability analysis report problem - can't remove

[bkforney]

Update with Log info

Okay, I've included everything from the latest scans suggested.

Google and Bing are still "redirecting" me to wrong sites.


Results of Latet OTL run

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3717288034-1702617038-4112659361-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3717288034-1702617038-4112659361-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3717288034-1702617038-4112659361-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3717288034-1702617038-4112659361-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
C:\Users\forney\AppData\Local\803808b4m065g277c680o6vxb8k8 moved successfully.
C:\ProgramData\803808b4m065g277c680o6vxb8k8 moved successfully.
C:\Users\forney\AppData\Local\frv1or1fs82413s4j270s3 moved successfully.
C:\ProgramData\frv1or1fs82413s4j270s3 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: forney
->Temp folder emptied: 13930465 bytes
->Temporary Internet Files folder emptied: 15215105 bytes
->Java cache emptied: 73710324 bytes
->Flash cache emptied: 12380 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50266 bytes
RecycleBin emptied: 3832832 bytes

Total Files Cleaned = 102.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: forney
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12172011_170004

Files\Folders moved on Reboot...
C:\Users\forney\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PKSHCF07\160x600_1[1].htm not found!
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PKSHCF07\ddc[1].htm not found!
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PKSHCF07\ddc[2].htm not found!
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PKSHCF07\iframe3[1].htm not found!
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PKSHCF07\launch[1].htm moved successfully.
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PKSHCF07\pixel[1].htm not found!
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PKSHCF07\st[1] moved successfully.
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PKSHCF07\st[2] moved successfully.
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXKWM40F\728x90_1[1].htm not found!
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXKWM40F\728x90_3[1].htm not found!
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXKWM40F\ad[1].htm moved successfully.
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXKWM40F\beacon[2].htm not found!
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXKWM40F\blank[2].html moved successfully.
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXKWM40F\blank[3].html moved successfully.
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXKWM40F\blank[4].html moved successfully.
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXKWM40F\ddc[1].htm not found!
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXKWM40F\ddc[2].htm not found!
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXKWM40F\ddc[3].htm not found!
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXKWM40F\ddc[4].htm not found!
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXKWM40F\engine[1].htm not found!
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXKWM40F\fc[1].htm moved successfully.
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXKWM40F\openmail.app[1].htm moved successfully.
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXKWM40F\pixel[1].htm not found!
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXKWM40F\pixel[2].htm not found!
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXKWM40F\showthread[1].htm moved successfully.
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXKWM40F\st[2] moved successfully.
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXKWM40F\st[3] not found!
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7CJ57OX\04SB90sfSt8MrjHDtDMsxA[1].eot moved successfully.
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7CJ57OX\ad[3].htm moved successfully.
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7CJ57OX\dref=http%253A%252F%252Fwomenshealthbase.com%252Fssos_ad%252Fad[1].htm not found!
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7CJ57OX\openmail.app[1].htm moved successfully.
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7CJ57OX\pDM9CVwNx1ufBHCEatJA3PY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7CJ57OX\womenshealthbase_com[1].htm not found!
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JFE3GRX\beacon[2].htm not found!
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JFE3GRX\beacon[3].htm not found!
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JFE3GRX\cs[1].htm moved successfully.
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JFE3GRX\ddc[1].htm moved successfully.
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JFE3GRX\ddc[2].htm not found!
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JFE3GRX\iframe3[2].htm moved successfully.
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JFE3GRX\pixel[1].htm not found!
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JFE3GRX\pixel[2].htm not found!
File\Folder C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JFE3GRX\pixel[3].htm not found!
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JFE3GRX\swfobject[1].js moved successfully.
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JFE3GRX\top-10-sleep-myths[1].htm moved successfully.
C:\Users\forney\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...


Results of Checkup

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
McAfee Internet Security
McAfee Virtual Technician
McAfee Online Backup
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 30
````````````````````````````````
Process Check:
objlist.exe by Laurent
mcafee VIRUSS~1 mcvsshld.exe
mcafee VIRUSS~1 mcvsmap.exe
McAfee Online Backup MOBK755backup.exe
``````````End of Log````````````


ESAT log

C:\Users\forney\Music\Amanda's Music\1,2,3,4 plain white ts.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\forney\Music\Amanda's Music\1,2,3,4 plain white ts[unreleased rare track].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\forney\Music\Amanda's Music\Dave Matthews band - When The World Ends.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\forney\Music\Amanda's Music\i wanna all american rejects [cd rip].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\forney\Music\Amanda's Music\open the door carolina liar[high quality].snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\forney\Music\Amanda's Music\till kingdom come coldplay.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\forney\Music\Amanda's Music\white shadows coldplays [extended version].wav a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined

 

[Broni]

Google and Bing are still "redirecting" me to wrong sites.

What browser?

 

[bkforney]

Additional Info

Well, was using IE (hadn't tried Firefox)..

However, now I am getting a memory exception when the machine boots and can't get past that.. I've tried to recover to a previous checkpoint but get the Memory error..

 

[Broni]

What is the exact message?

 

[bkforney]

Resposne

I will have to post on Friday when I get back to the machine..

 

[Broni]

OK..................

 

[bkforney]

Error message on Booting

When I start up the lap top, I get the Windows 7 window and then it flashes a message that I can't read. And then it drops me into the system restore process.

When I tried to do a checkpoint restore, I got the following error message:

RSTRUI.exe application error

The instruction at 0xfb34584d referenced memory at 0x00000008. The memory could not be ready. Click ok to terminate the program.

I ran system diagnostics on the hard drive, the memory and got no failures.

 

[Broni]

Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

On the System Recovery Options menu you will get the following options:

• Startup Repair
• System Restore
• Windows Complete PC Restore
• Windows Memory Diagnostic Tool
• Command Prompt

Choose Command Prompt
You should see X:\SOURCES>...

Execute the following commands in bold.
Press Enter after every one of them.

bootrec /fixmbr (<--- there is a "space" after "bootrec")

bootrec /fixboot

exit

Restart computer.

 

[bkforney]

same problem

I executed the bootrec commands and they indicated that they executed successfully. Upon restart, the same thing happens, screen flasses saying "a problem occurred" and then ot goes right into the repair screen again..

 

[Broni]

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

• When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
• Reboot your system using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
• Your system should now display a REATOGO-X-PE desktop.
• Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
• Double-click on the OTLPE icon.
• When asked Do you wish to load the remote registry, select Yes
• When asked Do you wish to load remote user profile(s) for scanning, select Yes
• Ensure the box Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.

 

[bkforney]

BSOD Message now

Created the bootable CD and it started to run, then got BSOD "a problem has been detected. Never got a chance to run OTL

Technical Information:

STOP: 0x00000007E (0xC0000005, 0xf73B8d66, 0xF78D9EA4, 0xF78D9BA0)

acpi.sys - Address F73B8D66 base at F73AD000, DateStamp 41107d27

 

[Broni]

What exactly starts to run?
Are you sure you're booting from the CD?
How far does it go?

 

[bkforney]

Info About BSOD

I had created the bootable CD and the REATOGO-X-PE job had started and then it came up with the BSOD with the info that I posted earlier.. I changed the boot order to go to CD first so feel sure that it was the CD drive.

 

[Broni]

When you really boot from the CD at some point you should see this message:
"Press any key to boot from CD".
Did you see it?

 

[bkforney]

BSOD on Reatogo-X-PE

I am certain that it is loading from the CD. It shows a "starting reatogo-x-pe. After it appears to load, the CD seems to be in a cyclical seek / read mode and then it Flashes a quick message that I can't read and then give the BSOD.

 

[Broni]

Maybe bad download or bad burn.

See if you can boot some other working computer with it.

 

[bkforney]

Response

I booted another computer with the disk and it started up with no problems..

 

[Broni]

It may be something wrong with the CD drive on bad computer or with some other hardware.

Do you have any other bootable disk (like Windows disk) to try on bad computer?

 

[bkforney]

Response

I tried another boot disc and the same thing happened. Then I put in the Repair disk that I made when I got the computer and it started up (in repair mode) okay from the CDdrive.. I've tried the repair before with no luck..

 

[Broni]

I suggest hard drive diagnostic.
It'll create another bootable disk so we'll see....

Run hard drive diagnostics: http://www.tacktech.com/display.cfm?ttid=287 (or http://www.bleepingcomputer.com/forums/index.php?showtopic=28744&hl=hard+drive+diagnostic)
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), to make the CD bootable.
For Toshiba hard drives, see here: http://sdd.toshiba.com/main.aspx?Pa...rivesUSandCanada/SoftwareUtilities#diagnostic

Note : If you do not know how to set your computer to boot from CD follow the steps HERE

 

[bkforney]

Response

Okay, dumb question.. How do I determine manufacture of the hard drive. I looked on the laptop and tried to find on line what HP uses for their harddrives, but wasn't successful

 

[Broni]

You'll have to turn the laptop up side down, unscrew hard drive bay door and take a look.
Go to HP site, look at the manual.

 

[bkforney]

Hard Drive test

Ran the short and long drive tests for the seagate hard drive and it passed with no issues..

Attempted to reboot and it did the same thing (unable to boot because of a problem) and put me right into the repair screen. unable to correct the issue..

 

[Broni]

Download new OTLPE file, burn new CD and try to boot again.