Inactive Google redirect, BSOD prevents normal startup of windows

Status
Not open for further replies.
S

Syoka

Posts: 14   +0
Hi there, I had recently had a really bad run-in with what I think is some sort of virus recently and was going to wipe my computer as a last resort. Then I found techspot and decided to see if anyone here would be able to help me before I lose all my data. :(

So here goes:
I'm running windows 7 professional, 32 bit on a satellite series toshiba. I think I first got the virus when i clicked a sketchy link a couple weeks back (I was looking for new tv show episodes). A bunch of popups came up and then Java started to load. After it loaded, my computer restarted on its own.

Since then, when I click any google search result, I'll often get redirected to a different site (it seems many people have had this issue). When I'm on a trusted site, sometimes I'll get tabs opening with an advertisement for some site. I can longer start up windows normally because it will give me BSOD soon after I log on. The BSOD error that I get the most often is IRQL_NOT_LESS_THAN_OR_EQUAL. On safe mode, I rarely get bsod (twice in the past 2 weeks).

I tried to run the scans for 8-step prelim removal instructions but Malwarebyte's scan resulted in BSOD after 5 minutes with error message DRIVER_IRQL_NOT_LESS_THAN_OR_EQUAL. TFC also gave me a blue screen, although I didn't catch the error message that time. The same thing happened with DDS. The only scan I was successfully able to complete is GMER and the log is below. I had run all the scans on safe mode with networking (with internet disconnected).

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-16 17:23:48
Windows 6.1.7600
Running: 9uq8o8sp.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3B 0xF4 0x9F 0x50 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3B 0xF4 0x9F 0x50 ...

---- EOF - GMER 1.0.15 ----

Thanks in advance for the help!

-Syo
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
After several attempts, I managed to complete the scans and use FTC.
Thanks so much for your help! :)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5777

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

17/02/2011 11:13:39 AM
mbam-log-2011-02-17 (11-13-39).txt

Scan type: Quick scan
Objects scanned: 177122
Time elapsed: 4 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
Run by Bowen at 11:38:07.83 on 17/02/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.3964.3299 [GMT -5:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\notepad.exe
C:\Users\Bowen\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData

\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [LCR] C:\Program Files (x86)\XemiComputers\Lecture Recorder\LCR.exe
uRun: [Google Update] "C:\Users\Bowen\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Bamboo Dock] "C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe -update plugin
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -

launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: QQ - C:\Program Files (x86)\Tencent\QQIntl\Bin\AddEmotion.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre6\bin

\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:

\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:

\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} -

hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Bowen\AppData\Roaming\Mozilla\Firefox\Profiles\nj7kp4h2.default\
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components

\SkypeFfComponent.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_23.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Bowen\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08

-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions

\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox

\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer

\BrowserRecordPlugin\Firefox\Ext

============= SERVICES / DRIVERS ===============

R1 AvgTdiA;AVG Free8 Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2009-9-28 317520]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers

\NETw5s64.sys [2010-1-13 7675392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2009-9-28 269904]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2009-9-28 35536]
S2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-7-15 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-21 136176]
S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-10-13 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-8-11 15928]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2009-10-1 72216]
S2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-12-22 7329648]
S2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-12-22 719216]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers

\netw5v64.sys [2009-6-10 5434368]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service

[?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-12-22 18288]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-25 1255736]

=============== File Associations ===============

txtfile=C:\Windows\notepad.exe %1

=============== Created Last 30 ================

2011-02-06 22:59:47 181608 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10137.bin
2011-02-06 21:06:22 83249512 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc1C39.tmp
2011-02-06 20:35:40 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-06 20:35:40 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-24 20:23:04 -------- d-----w- C:\PROGRA~3\Fun4IM
2011-01-24 20:23:02 -------- d-----w- C:\Program Files (x86)\Windows Searchqu Toolbar
2011-01-24 20:23:02 -------- d-----w- C:\Program Files (x86)\Fun4IM
2011-01-20 23:43:25 83249512 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc960E.tmp

==================== Find3M ====================

2010-12-21 18:50:40 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2010-12-21 18:50:40 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2010-12-21 18:50:40 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2010-12-21 18:50:40 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-12-20 23:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-05 16:52:22 488960 ----a-w- C:\Windows\System32\pythoncom27.dll
2010-12-05 16:52:22 137216 ----a-w- C:\Windows\System32\pywintypes27.dll
2010-12-05 16:51:50 2978816 ----a-w- C:\Windows\System32\python27.dll
2010-11-25 20:31:04 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2010-11-25 20:31:04 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

============= FINISH: 11:39:19.96 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 28/09/2009 10:33:27 PM
System Uptime: 17/02/2011 11:32:08 AM (0 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz |

CPU | 1995/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 214 GiB total, 95.179 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 3.247 GiB free.
E: is CDROM ()
F: is Removable
H: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr

Class GUID:
Description:
Device ID: ACPI\TOS1901\2&DABA3FF&1
Manufacturer:
Name:
PNP Device ID: ACPI\TOS1901\2&DABA3FF&1
Service:

==== System Restore Points ===================

RP158: 15/12/2010 3:00:20 AM - Windows Update
RP160: 19/12/2010 1:32:50 PM - Restore Operation
RP161: 20/12/2010 3:00:18 AM - Windows Update
RP162: 21/12/2010 11:50:23 AM - Windows Update
RP163: 28/12/2010 6:24:36 PM - Scheduled Checkpoint
RP164: 30/12/2010 11:27:55 PM - Installed ActiveState

ActivePython 2.7.1.3 (64-bit)
RP165: 07/01/2011 5:34:30 PM - Scheduled Checkpoint
RP167: 13/01/2011 12:44:29 PM - Windows Modules Installer
RP168: 13/01/2011 1:54:56 PM - Windows Modules Installer
RP170: 15/01/2011 11:10:06 AM - Windows Modules Installer
RP171: 22/01/2011 3:43:22 PM - Scheduled Checkpoint
RP172: 06/02/2011 3:34:45 PM - Installed Java(TM) 6 Update

23

==== Installed Programs ======================

AAC Decoder
Adobe AIR
Adobe Community Help
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Professional CS5
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.2
Adobe Shockwave Player 11.5
aMSN 0.97.2
ApexDC++ 1.3.0 (32-bit)
Apple Application Support
Apple Software Update
µTorrent
Audacity 1.3.12 (Unicode)
AutoUpdate
AVG Free 9.0
Bamboo
Bamboo Dock
Bamboo Dock 3.3
CGoban 3
DAEMON Tools Toolbar
Dev-C++ 5 beta 9 release (4.9.9.2)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Garena 2010
Google Chrome
Google Earth Plug-in
Google Update Helper
H.264 Decoder
ImgBurn
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java(TM) 6 Update 23
Junk Mail filter update
League of Legends
Left 4 Dead 2
Left 4 Dead 2 Add-on Support
LogMeIn
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
MapleStory
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86

8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.4974
Microsoft Visual C++ 2010 Express - ENU
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
mIRC
MKV Splitter
Mozilla Firefox (3.6.13)
MSN Polygamy 8.1
MSVCRT
Nexon Game Manager
OpenAL
Pando Media Booster
PDF Settings CS5
PLT Scheme v4.2.2
PowerISO
QuickTime
Racket v5.0.2
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client

Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Extended

(KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007

(KB979441)
Security Update for Microsoft Office PowerPoint 2007

(KB982158)
Security Update for Microsoft Office PowerPoint Viewer

(KB2413381)
Security Update for Microsoft Office Publisher 2007

(KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007

(KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.0
Starcraft
Steam
StepMania 3.9a (remove only)
Tencent QQ
Ubuntu
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features

(KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2483110)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 8.0 Runtime Setup Package (x64)
Warcraft III
Warcraft III: All Products
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
World of Warcraft
Xfire (remove only)
Xvid 1.2.1 final uninstall

==== Event Viewer Messages From Past Week ========

17/02/2011 11:35:18 AM, Error: Service Control Manager

[7001] - The Computer Browser service depends on the Server

service which failed to start because of the following

error: The dependency service or group failed to start.
17/02/2011 11:33:14 AM, Error: Service Control Manager

[7001] - The HomeGroup Provider service depends on the

Function Discovery Provider Host service which failed to

start because of the following error: The dependency

service or group failed to start.
17/02/2011 11:33:13 AM, Error: Microsoft-Windows-

DistributedCOM [10005] - DCOM got error "1084" attempting

to start the service WSearch with arguments "" in order to

run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
17/02/2011 11:33:13 AM, Error: Microsoft-Windows-

DistributedCOM [10005] - DCOM got error "1084" attempting

to start the service WSearch with arguments "" in order to

run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
17/02/2011 11:33:08 AM, Error: Microsoft-Windows-

DistributedCOM [10005] - DCOM got error "1084" attempting

to start the service EventSystem with arguments "" in order

to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
17/02/2011 11:32:59 AM, Error: Microsoft-Windows-

DistributedCOM [10005] - DCOM got error "1084" attempting

to start the service ShellHWDetection with arguments "" in

order to run the server: {DD522ACC-F821-461A-A407-

50B198B896DC}
17/02/2011 11:32:50 AM, Error: Service Control Manager

[7026] - The following boot-start or system-start driver(s)

failed to load: AvgLdx64 AvgMfx64 discache SCDEmu spldr

Wanarpv6
17/02/2011 11:32:17 AM, Error: atapi [11] - The driver

detected a controller error on \Device\Ide\IdePort0.
17/02/2011 11:17:42 AM, Error: Microsoft-Windows-

DistributedCOM [10005] - DCOM got error "1068" attempting

to start the service fdPHost with arguments "" in order to

run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
17/02/2011 11:17:42 AM, Error: Microsoft-Windows-

DistributedCOM [10005] - DCOM got error "1068" attempting

to start the service fdPHost with arguments "" in order to

run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
17/02/2011 11:17:01 AM, Error: Microsoft-Windows-WER-

SystemErrorReporting [1001] - The computer has rebooted

from a bugcheck. The bugcheck was: 0x0000001e

(0xffffffffc0000005, 0xfffff800020c6cd8, 0x0000000000000000,

0xffffffffffffffff). A dump was saved in: C:\Windows

\MEMORY.DMP. Report Id: 021711-31637-01.
16/02/2011 5:29:59 PM, Error: Microsoft-Windows-WER-

SystemErrorReporting [1001] - The computer has rebooted

from a bugcheck. The bugcheck was: 0x0000000a

(0x0000000000000000, 0x0000000000000002, 0x0000000000000000,

0xfffff800020f52b3). A dump was saved in: C:\Windows

\MEMORY.DMP. Report Id: 021611-33587-01.
16/02/2011 5:00:20 PM, Error: Microsoft-Windows-WER-

SystemErrorReporting [1001] - The computer has rebooted

from a bugcheck. The bugcheck was: 0x000000d1

(0xfffff880063b26f8, 0x0000000000000002, 0x0000000000000001,

0xfffff88000e92074). A dump was saved in: C:\Windows

\MEMORY.DMP. Report Id: 021611-32401-01.
16/02/2011 4:54:45 PM, Error: Microsoft-Windows-WER-

SystemErrorReporting [1001] - The computer has rebooted

from a bugcheck. The bugcheck was: 0x0000001e

(0xffffffffc0000005, 0xfffff800020b07e7, 0x0000000000000000,

0x000000007efa0000). A dump was saved in: C:\Windows

\MEMORY.DMP. Report Id: 021611-33477-01.
16/02/2011 12:07:43 PM, Error: Microsoft-Windows-WER-

SystemErrorReporting [1001] - The computer has rebooted

from a bugcheck. The bugcheck was: 0x0000001e

(0xffffffffc0000005, 0xfffff80002e5d7e7, 0x0000000000000000,

0x000007fffffa0000). A dump was saved in: C:\Windows

\MEMORY.DMP. Report Id: 021611-37705-01.
15/02/2011 12:41:56 AM, Error: Service Control Manager

[7001] - The Network List Service service depends on the

Network Location Awareness service which failed to start

because of the following error: The dependency service or

group failed to start.
15/02/2011 12:24:32 AM, Error: Microsoft-Windows-

DistributedCOM [10005] - DCOM got error "1068" attempting

to start the service netprofm with arguments "" in order to

run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
15/02/2011 12:24:32 AM, Error: Microsoft-Windows-

DistributedCOM [10005] - DCOM got error "1068" attempting

to start the service netman with arguments "" in order to

run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
15/02/2011 12:24:00 AM, Error: Service Control Manager

[7026] - The following boot-start or system-start driver(s)

failed to load: AFD AvgLdx64 AvgMfx64 AvgTdiA CSC DfsC

discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr

tdx vwififlt Wanarpv6 WfpLwf
15/02/2011 12:24:00 AM, Error: Microsoft-Windows-WER-

SystemErrorReporting [1001] - The computer has rebooted

from a bugcheck. The bugcheck was: 0x0000003b

(0x00000000c0000005, 0xfffff80002091448, 0xfffff88005fd9ad0,

0x0000000000000000). A dump was saved in: C:\Windows

\MEMORY.DMP. Report Id: 021511-46519-01.
15/02/2011 12:23:59 AM, Error: Service Control Manager

[7001] - The SMB MiniRedirector Wrapper and Engine service

depends on the Redirected Buffering Sub Sysytem service

which failed to start because of the following error: A

device attached to the system is not functioning.
15/02/2011 12:23:59 AM, Error: Service Control Manager

[7001] - The SMB 2.0 MiniRedirector service depends on the

SMB MiniRedirector Wrapper and Engine service which failed

to start because of the following error: The dependency

service or group failed to start.
15/02/2011 12:23:59 AM, Error: Service Control Manager

[7001] - The SMB 1.x MiniRedirector service depends on the

SMB MiniRedirector Wrapper and Engine service which failed

to start because of the following error: The dependency

service or group failed to start.
15/02/2011 12:23:59 AM, Error: Service Control Manager

[7001] - The Network Location Awareness service depends on

the Network Store Interface Service service which failed to

start because of the following error: The dependency

service or group failed to start.
15/02/2011 12:23:59 AM, Error: Service Control Manager

[7001] - The IP Helper service depends on the Network Store

Interface Service service which failed to start because of

the following error: The dependency service or group failed

to start.
15/02/2011 12:23:58 AM, Error: Service Control Manager

[7001] - The Workstation service depends on the Network

Store Interface Service service which failed to start

because of the following error: The dependency service or

group failed to start.
15/02/2011 12:23:58 AM, Error: Service Control Manager

[7001] - The WebDav Client Redirector Driver service

depends on the Redirected Buffering Sub Sysytem service

which failed to start because of the following error: A

device attached to the system is not functioning.
15/02/2011 12:23:58 AM, Error: Service Control Manager

[7001] - The WebClient service depends on the WebDav Client

Redirector Driver service which failed to start because of

the following error: The dependency service or group failed

to start.
15/02/2011 12:23:58 AM, Error: Service Control Manager

[7001] - The TCP/IP NetBIOS Helper service depends on the

Ancillary Function Driver for Winsock service which failed

to start because of the following error: A device attached

to the system is not functioning.
15/02/2011 12:23:58 AM, Error: Service Control Manager

[7001] - The Network Store Interface Service service

depends on the NSI proxy service driver. service which

failed to start because of the following error: A device

attached to the system is not functioning.
15/02/2011 12:23:58 AM, Error: Service Control Manager

[7001] - The DNS Client service depends on the NetIO Legacy

TDI Support Driver service which failed to start because of

the following error: A device attached to the system is not

functioning.
15/02/2011 12:23:58 AM, Error: Service Control Manager

[7001] - The DHCP Client service depends on the Ancillary

Function Driver for Winsock service which failed to start

because of the following error: A device attached to the

system is not functioning.
13/02/2011 12:51:12 PM, Error: Microsoft-Windows-

DistributedCOM [10005] - DCOM got error "1068" attempting

to start the service stisvc with arguments "" in order to

run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
13/02/2011 12:49:11 PM, Error: Microsoft-Windows-WER-

SystemErrorReporting [1001] - The computer has rebooted

from a bugcheck. The bugcheck was: 0x0000000a

(0x00000000dc000002, 0x0000000000000002, 0x0000000000000000,

0xfffff80002e90436). A dump was saved in: C:\Windows

\MEMORY.DMP. Report Id: 021311-34226-01.
12/02/2011 7:51:58 PM, Error: Microsoft-Windows-WER-

SystemErrorReporting [1001] - The computer has rebooted

from a bugcheck. The bugcheck was: 0x0000003b

(0x00000000c0000005, 0xfffff80002e7fcd8, 0xfffff88008f09d90,

0x0000000000000000). A dump was saved in: C:\Windows

\MEMORY.DMP. Report Id: 021211-32713-01.
12/02/2011 5:38:40 AM, Error: Microsoft-Windows-WER-

SystemErrorReporting [1001] - The computer has rebooted

from a bugcheck. The bugcheck was: 0x0000003b

(0x00000000c0000005, 0xfffff80002e8bcd8, 0xfffff88008c53730,

0x0000000000000000). A dump was saved in: C:\Windows

\MEMORY.DMP. Report Id: 021211-39359-01.
10/02/2011 11:10:30 PM, Error: Microsoft-Windows-WER-

SystemErrorReporting [1001] - The computer has rebooted

from a bugcheck. The bugcheck was: 0x0000001e

(0xffffffffc0000005, 0xfffff80002ea87e7, 0x0000000000000000,

0x000007fffffa0000). A dump was saved in: C:\Windows

\MEMORY.DMP. Report Id: 021011-32245-01.

==== End Of File ===========================
 
Please, disable "word wrap" in Notepad, because your logs are hard to read.

Is there any reason, you ran all scans in Safe Mode?

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Hi, Broni.

I am only able to operate on safe mode right now. If i try to start normally, I will be greeted with BSOD before windows has finished booting.

I had downloaded all the programs in your last post and disconnected my internet to do the scanning. However, as soon as I uninstalled AVG, things turned really bad. I tried to run combofix but I would BSOD before the little progress bar reached the end. Right now, i having difficulty starting up my computer, even in safe mode (I am replying on a separate laptop). I will try to run RKiller if I can get my computer to boot. In the meantime, do you have any other suggestions since combofix will not work?

Edit: RKill also causes BSOD.
 
Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
Will a blank DVD do? I don't have any blank CDs around, haha. I'll go out to buy some late and hopefully post my results tonight. In the meanwhile, I did get the MBRCheck running but the log is on the computer I can't boot. I remember that the last part of the log stated that the mbr code was faked though.
 
Hey Broni,

Something came up and I gotta run out of town for the weekend. Can we postpone this topic until monday or tuesday? Sorry for the trouble. :)
 
hey broni,

I am back for the week and will work on running that cd. i'll edit this post when i'm done.
 
okay, so I got the reatogo-x-pe desktop running and I clicked the OTLPE icon. It asked me to load some kind of directory and your instructions didn't indicate what I should do so I tried loading my computer, and each of the different drives to no avail.

I tried to run the program by going to X:/Programs/OLTPE.exe which did start up OLTPE without asking to load a directory, but it also did not ask me about users and registry (as per your instructions). I started the scan (checking for 60 days) and it gave me an error: OTL.txt could not be found, create new file? When I click yes, all that comes up is an untitled blank notepad document :/

Any clue to what i'm doing wrong?
 
Here is the OTLPE log:

OTL logfile created on: 2/24/2011 6:10:06 PM - Run
OTLPE by OldTimer - Version 3.1.44.3 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 214.29 Gb Total Space | 95.65 Gb Free Space | 44.63% Space Free | Partition Type: NTFS
Drive E: | 8.65 Gb Total Space | 3.25 Gb Free Space | 37.58% Space Free | Partition Type: NTFS
Drive X: | 436.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/07/13 16:26:12 | 000,719,216 | ---- | M] (Wacom Technology, Corp.) [Auto] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010/07/13 16:26:08 | 007,329,648 | ---- | M] (Wacom Technology, Corp.) [Auto] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/10 16:33:10 | 000,120,712 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2010/09/27 13:52:18 | 000,373,640 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/29 01:02:00 | 003,407,292 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/09/23 15:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) @C:\Program Files (x86)
SRV - [2009/07/16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/11 11:40:58 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/10 16:32:59 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/19 16:52:38 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/01/13 15:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/09/29 21:46:11 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/21 18:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- C:\Windows\System32\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand] -- C:\Windows\System32\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/08/11 11:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2007/11/09 04:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/02/16 14:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/11 11:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2005/01/01 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Bowen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKU\Bowen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\Bowen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E 7A 86 EF 6D D4 CA 01 [binary data]
IE - HKU\Bowen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Bowen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local




========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1


[2011/01/26 19:58:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/01/26 19:58:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\22nxrdcq.default\extensions
[2011/02/13 12:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\s7fsd9h1.default\extensions
[2011/02/16 17:40:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/19 22:45:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/01/27 13:05:00 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/21 11:51:44 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/21 11:51:44 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/21 11:51:44 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/21 11:51:44 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/30 14:56:09 | 000,001,798 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\Bowen_ON_C..\Run: [Bamboo Dock] C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe ()
O4 - HKU\Bowen_ON_C..\Run: [LCR] File not found
O4 - HKU\Bowen_ON_C..\Run: [RESTART_STICKY_NOTES] File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)
O4 - HKU\Bowen_ON_C..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Bowen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.248.154.22 206.248.154.170
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/17 16:54:33 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/02/17 16:14:14 | 006,022,408 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Bowen\Desktop\AppRemover.exe
[2011/02/13 13:30:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2011/02/06 15:40:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/02/06 15:35:40 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/02/06 15:35:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/01/26 20:26:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Scanned Documents
[2011/01/26 20:26:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Fax
[2011/01/26 19:57:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2011/01/26 19:57:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla
[2011/01/26 19:44:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2011/01/26 19:44:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Real
[2011/01/26 19:40:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Wacom
[2011/01/26 19:40:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WTablet

========== Files - Modified Within 30 Days ==========

[2011/02/17 19:01:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/17 19:01:20 | 328,335,685 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/17 19:01:15 | 3117,412,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/17 16:25:05 | 000,721,199 | ---- | M] () -- C:\Users\Bowen\Desktop\rkill.exe
[2011/02/17 16:14:31 | 006,022,408 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Bowen\Desktop\AppRemover.exe
[2011/02/17 16:13:56 | 004,270,552 | ---- | M] () -- C:\Users\Bowen\Desktop\ComboFix.exe
[2011/02/17 11:19:53 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-3541986981-812281285-174318126-1000.job
[2011/02/15 00:43:21 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/02/15 00:43:21 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/02/13 22:59:44 | 000,000,600 | ---- | M] () -- C:\Users\Bowen\AppData\Roaming\winscp.rnd
[2011/02/13 13:31:07 | 002,657,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/13 13:31:07 | 001,126,288 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/13 13:25:35 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-3541986981-812281285-174318126-500.job
[2011/02/13 12:54:59 | 000,001,444 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/13 12:54:16 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/02/13 12:46:54 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/11 13:12:28 | 000,010,819 | ---- | M] () -- C:\Users\Bowen\Desktop\whywaterloo.docx
[2011/02/07 10:54:45 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3541986981-812281285-174318126-1000UA.job
[2011/02/07 10:54:45 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/07 02:47:18 | 000,009,940 | ---- | M] () -- C:\Users\Bowen\Documents\mredauto.1
[2011/02/07 00:04:58 | 000,002,409 | ---- | M] () -- C:\Users\Bowen\Desktop\Google Chrome.lnk
[2011/02/06 17:57:16 | 000,000,000 | ---- | M] () -- C:\Users\Bowen\AppData\Local\prvlcl.dat
[2011/02/06 17:06:59 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/06 17:06:59 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/01 18:20:40 | 015,693,798 | ---- | M] () -- C:\Users\Bowen\Desktop\2B.rar
[2011/01/27 06:59:42 | 000,000,162 | -H-- | M] () -- C:\Users\Administrator\Desktop\~$b_report_1_template.docx

========== Files Created - No Company Name ==========

[2011/02/17 16:25:05 | 000,721,199 | ---- | C] () -- C:\Users\Bowen\Desktop\rkill.exe
[2011/02/17 16:13:55 | 004,270,552 | ---- | C] () -- C:\Users\Bowen\Desktop\ComboFix.exe
[2011/02/15 00:25:16 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/02/15 00:25:16 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/02/13 22:59:44 | 000,000,600 | ---- | C] () -- C:\Users\Bowen\AppData\Roaming\winscp.rnd
[2011/02/13 13:25:35 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-3541986981-812281285-174318126-500.job
[2011/02/13 12:54:59 | 000,001,444 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/13 12:54:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/11 13:12:28 | 000,010,819 | ---- | C] () -- C:\Users\Bowen\Desktop\whywaterloo.docx
[2011/02/07 11:36:49 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-3541986981-812281285-174318126-1000.job
[2011/02/07 02:47:18 | 000,009,940 | ---- | C] () -- C:\Users\Bowen\Documents\mredauto.1
[2011/02/01 18:20:35 | 015,693,798 | ---- | C] () -- C:\Users\Bowen\Desktop\2B.rar
[2011/01/27 06:59:42 | 000,000,162 | -H-- | C] () -- C:\Users\Administrator\Desktop\~$b_report_1_template.docx
[2010/09/22 19:58:08 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/09/22 19:58:08 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/09/04 12:21:45 | 000,000,614 | ---- | C] () -- C:\Program Files (x86)\RejoinCommandLine.txt
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/06/02 15:33:28 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2010/05/27 19:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/05/05 17:28:24 | 000,000,000 | ---- | C] () -- C:\Users\Bowen\AppData\Local\prvlcl.dat
[2009/11/19 18:26:26 | 000,006,392 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/30 15:46:46 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2011/01/26 19:40:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wacom
[2010/08/23 18:32:39 | 000,000,000 | ---D | M] -- C:\Users\Bowen\AppData\Roaming\Audacity
[2009/09/29 21:49:52 | 000,000,000 | ---D | M] -- C:\Users\Bowen\AppData\Roaming\DAEMON Tools Lite
[2010/05/01 03:33:10 | 000,000,000 | ---D | M] -- C:\Users\Bowen\AppData\Roaming\Dev-Cpp
[2010/01/02 16:44:25 | 000,000,000 | ---D | M] -- C:\Users\Bowen\AppData\Roaming\ImgBurn
[2009/12/13 12:50:17 | 000,000,000 | ---D | M] -- C:\Users\Bowen\AppData\Roaming\iWin
[2010/05/25 01:46:19 | 000,000,000 | ---D | M] -- C:\Users\Bowen\AppData\Roaming\LolClient
[2009/12/23 22:22:18 | 000,000,000 | ---D | M] -- C:\Users\Bowen\AppData\Roaming\NeopleLauncherDFO
[2009/10/06 16:47:47 | 000,000,000 | ---D | M] -- C:\Users\Bowen\AppData\Roaming\PLT Scheme
[2011/02/07 15:08:31 | 000,000,000 | ---D | M] -- C:\Users\Bowen\AppData\Roaming\Racket
[2010/12/26 01:58:50 | 000,000,000 | ---D | M] -- C:\Users\Bowen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/02 15:37:33 | 000,000,000 | ---D | M] -- C:\Users\Bowen\AppData\Roaming\Tencent
[2010/06/06 03:39:55 | 000,000,000 | ---D | M] -- C:\Users\Bowen\AppData\Roaming\Tunngle
[2011/01/01 03:08:09 | 000,000,000 | ---D | M] -- C:\Users\Bowen\AppData\Roaming\uTorrent
[2010/12/22 21:36:51 | 000,000,000 | ---D | M] -- C:\Users\Bowen\AppData\Roaming\Wacom
[2010/12/22 21:36:54 | 000,000,000 | ---D | M] -- C:\Users\Bowen\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2011/02/06 15:29:50 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/02/13 20:52:41 | 000,292,352 | ---- | M] ()(C:\Users\Bowen\Desktop\_????Preface(edited).doc) -- C:\Users\Bowen\Desktop\_需审阅的Preface(edited).doc
[2011/02/13 20:52:40 | 000,292,352 | ---- | C] ()(C:\Users\Bowen\Desktop\_????Preface(edited).doc) -- C:\Users\Bowen\Desktop\_需审阅的Preface(edited).doc
< End of report >



here is also the mbr checker log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite L300
Logical Drives Mask: 0x000000bc

Kernel Drivers (total 134):
0x0205B000 \SystemRoot\system32\ntoskrnl.exe
0x02012000 \SystemRoot\system32\hal.dll
0x00BA7000 \SystemRoot\system32\kdcom.dll
0x00CA8000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CEC000 \SystemRoot\system32\PSHED.dll
0x00D00000 \SystemRoot\system32\CLFS.SYS
0x00E81000 \SystemRoot\system32\CI.dll
0x00F41000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FE5000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01070000 \SystemRoot\System32\Drivers\spii.sys
0x011A4000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x011AD000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01061000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x011DC000 \SystemRoot\System32\drivers\partmgr.sys
0x011F1000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E33000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E3F000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D5E000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E54000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E6E000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DBA000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00FF4000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00DE4000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00DF4000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
0x00C4C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01246000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014AC000 \SystemRoot\System32\Drivers\msrpc.sys
0x0150A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01524000 \SystemRoot\System32\Drivers\cng.sys
0x01597000 \SystemRoot\System32\drivers\pcw.sys
0x015A8000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016FF000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x016D5000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x015B2000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x016E5000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x01400000 \SystemRoot\System32\drivers\rdyboost.sys
0x0143A000 \SystemRoot\System32\Drivers\mup.sys
0x016F2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0144C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01486000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0123B000 \SystemRoot\System32\Drivers\Null.SYS
0x016EA000 \SystemRoot\System32\Drivers\Beep.SYS
0x00C60000 \SystemRoot\System32\drivers\vga.sys
0x00C6E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x00C93000 \SystemRoot\System32\drivers\watchdog.sys
0x00E77000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02265000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02270000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02281000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0229F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x022AC000 \SystemRoot\System32\Drivers\avgtdia.sys
0x022FD000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02342000 \SystemRoot\system32\drivers\afd.sys
0x023CC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x023D5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02200000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02216000 \SystemRoot\system32\DRIVERS\netbios.sys
0x028F0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02941000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0294D000 \SystemRoot\system32\drivers\csc.sys
0x029D0000 \SystemRoot\System32\Drivers\dfsc.sys
0x02800000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02826000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02833000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02889000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0289A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x028BE000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x02AA1000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x02A00000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x02A0D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02A2B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02A3A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02A49000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02A73000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x02A80000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02A91000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x029EE000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x02225000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x029F1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0223E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02249000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03296000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x032BA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x032C6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x032F5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03310000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03331000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0334B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x03356000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0336A000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x033A7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x033A9000 \SystemRoot\system32\DRIVERS\ks.sys
0x033EC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03200000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0325A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x03267000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x0326F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03284000 \SystemRoot\System32\Drivers\crashdmp.sys
0x017F1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0149C000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x013E9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04EF1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04F0E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04F10000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x000B0000 \SystemRoot\System32\win32k.sys
0x04F2B000 \SystemRoot\System32\drivers\Dxapi.sys
0x005B0000 \SystemRoot\System32\drivers\dxg.sys
0x006B0000 \SystemRoot\System32\TSDDD.dll
0x00900000 \SystemRoot\System32\framebuf.dll
0x00B70000 \SystemRoot\System32\ATMFD.DLL
0x04F37000 \SystemRoot\system32\drivers\WudfPf.sys
0x04F58000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x04FAB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04FBE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04FDC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04E00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04E2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x04E7B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x77100000 \Windows\System32\ntdll.dll
0x47E20000 \Windows\System32\smss.exe
0xFF420000 \Windows\System32\apisetschema.dll
0xFF130000 \Windows\System32\autochk.exe
0xFE680000 \Windows\System32\shell32.dll
0xFE550000 \Windows\System32\wininet.dll
0x76FE0000 \Windows\System32\kernel32.dll

Processes (total 29):
0 System Idle Process
4 System
260 C:\Windows\System32\smss.exe
344 csrss.exe
380 csrss.exe
388 C:\Windows\System32\wininit.exe
416 C:\Windows\System32\winlogon.exe
488 C:\Windows\System32\services.exe
496 C:\Windows\System32\lsass.exe
504 C:\Windows\System32\lsm.exe
616 C:\Windows\System32\svchost.exe
696 C:\Windows\System32\svchost.exe
780 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\wisptis.exe
108 C:\Windows\System32\svchost.exe
640 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\wisptis.exe
1336 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
1436 C:\Windows\explorer.exe
1536 C:\Windows\System32\ctfmon.exe
1564 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1000 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
1208 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
808 C:\Users\Bowen\Downloads\MBRCheck.exe
1084 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000035`f0300000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-26VAT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: A7CEF36363F5C16CC311122770D0B9723F5430D3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
I really don't see much there.

Let's see, if fixing your MBR will change anything.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.

**Important note to Dell users - fixing the MBR may prevent access to the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.
 
after pressing "enter" for english, i saw the following and was unable to continue:

"Can't open CD driver CDRCACH
SHSUCDX can't install.
ERROR: Failure loading; unable to find CD-ROM drive!
ERROR: If you have multiple CD-ROM drives, please remove the other CD-ROM discs and try again. Otherwise your disc may be corrupt or the CD-ROM driver does not correctly support your system.
Please reboot your computer now. "

I'm pretty sure my CD is not corrupt. Any ideas now?
 
Yes. We'll try different method.

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.vistax64.com/tutorials/141820-create-recovery-disc.html (Option Two)
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk.

Vista users. At first screen click on Repair your computer:
setup-option.jpg


Windows 7 users. At first screen click on Install now:
25672d1251414873-mbr-restore-windows-7-master-boot-record-mbr_02.png

Select your language and click next:
25673d1251414836-mbr-restore-windows-7-master-boot-record-mbr_03.png

Click the button for "Use recovery tools":
25674d1251414836-mbr-restore-windows-7-master-boot-record-mbr_04.png


The following applies to both, Vista and Windows 7 users.

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
system-recovery-options.jpg

After this, it will present you with a list of options including startup repair, system restore and command prompt:
systemrecovery.jpg

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.
 
Hey Broni,
I can't burn the dvd from my computer because the drivers for my dvd burner aren't available in safe mode (and I can't start normally).

I'm currently trying to burn from an external source.

Update: I fixed the mbr, and now my computer is completely unbootable using any form of windows (safe mode w/ or w/o networking as well). It doesn't even get to the windows loading screen before flashing blue screen and then crash (I can't read the error message fast enough).
 
I need more details...
How did burn that disk?
Did you use CD, or DVD?
Tell me more, what exactly happened.
 
I burned the disk using a windows 7 recovery iso downloaded from this site: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
(64 bit windows 7)
I burned it onto a DVD. I followed the instructions and fixed Mbr from command prompt after booting from DVD.
Afterwards, it asked to restart but my computer will not even get to the windows loading screen anymore. After the blinking line at the top right hand corner of my usual windows start up (right before it loads windows), it crashes. All I see is a blue screen with white text filling up half the screen (so it must be different from the usual BSODs with text that fills up all of the screen and has memory dump). It's only there for a fraction of a second before my computer tries to reboot again, with the same result.
 
Boot from very same DVD and try to fix MBR one more time.
If still no go, boot from the DVD again and try "Startup repair".
If that doesn't work either, boot from the DVD again and try "System restore".
 
so far, fixing Mbr again and startup repair are a no-go. start-up repair couldn't fix anything. i'm working on the system restore but it's taking awhile. I'll keep you updated while i let it finish running tonight.

Thanks for your patience up til now. If this doesn't work, do you think it might be time to call it quits and reformat? :(

Update: Windows cannot do system restore. It says "unspecified error".
 
Status
Not open for further replies.

Similar threads

dubs1987
Solved Possible virus infection (slowing down of browsing, programs, etc)
Replies
22
Views
5K
Broni
Broni
G
Solved Yet another Sirefef help thread
Replies
19
Views
4K
Broni
Broni
H
Solved Several icky viruses :(
2
Replies
30
Views
10K
Broni
Broni

Latest posts

Back