Hello again,
It turns out that the partition on the harddrive was corrupt. This prevented the harddrive from even being recognized by my other computer and from the windows 7 installer from finding my harddrive but I managed to fix the problem. I booted a copy of PartedMagic (linux) copied all the contents of my harddrive over, then reformatted, then copied the contents back. This fixed the windows booting problem surprisingly enough. I can now boot into windows 7 normally without issue.
There are a couple of .txt files that open every time I boot my computer (both titled the same with the same contents).
The contents is as follows:
desktop.ini
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
My ESET Nod 32 antivirus has a couple files in the quarantine:
C:\\ProgramData\XapxUnRSMme.exe (a variant of Win32/trojanDownloader.Prodatect.BL trojan)
\Device\SCDEmu\SCDEmuCd0\DVT\Nuance_Keymaker.exe (probably a variant of Win32/Agent.LOMRODF trojan)
I followed the "UPDATED 5-step Viruses/Spyware/Malware Preliminary Removal Instructions."
All went fine except when I try to run dds.scr I just get a huge text file with a lot of garbled text. Windows thinks that it is an AutoCAD script file. I'm not sure how to fix this.
I have attached log files for:Malwarebytes, and GMER
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.22.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Simon :: LAPTOP [administrator]
2/22/2012 2:30:23 PM
mbam-log-2012-02-22 (14-30-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185067
Time elapsed: 5 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\PROGRAMDATA\kt5jE4WDjK8jOR.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 -
http://www.gmer.net
Rootkit scan 2012-02-22 15:21:56
Windows 6.1.7601 Service Pack 1
Running: 8yew3fmw.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027138ba4c8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3955c0026
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3957c9cdb
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3957c9cdb@7cc537f3a9a5 0x38 0x57 0x37 0x61 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3957c9cdb@e0f84727782b 0x64 0xCD 0xAA 0x90 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027138ba4c8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3955c0026 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3957c9cdb (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3957c9cdb@7cc537f3a9a5 0x38 0x57 0x37 0x61 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3957c9cdb@e0f84727782b 0x64 0xCD 0xAA 0x90 ...
---- EOF - GMER 1.0.15 ----