Inactive Should I start 6 step process?

P

papa877

Posts: 26   +0
Let me just start by saying thank you for having this support.

First of all, I found this forum after I had already done a couple things so I want to make sure I'm okay to start the steps or if my only option at this point is to reinstall windows.

The problem started when I opened an unsafe file and my computer immediately crashed. When it restarted, windows could not start and it attempted startup repair which failed. I proceeded to do a restore from a system image which was over a year old but was the only one I had. Once I did this windows was able to start but I noticed it still wasn't right. Loading windows was extremely slow and I was being redirected on google. I went to open malwarebytes which had been previously installed and realized that the folder was there but the application and setup were both gone. After a while I got mbam reinstalled and did the quick scan which found 2 instances of rootkit which i deleted. Since my restore point was so old I had 98 windows updates which I tried to install but my computer crashed. I wasn't sure if this was from the virus or from using such an old restore point. The next day I did another mbam scan which found 3 trojan.jorik on my system. Here and there I will get a blue screen and a crash and I am unable to update windows. So should I begin your 6 step process (or is it 8 step? I have seen both) or do I have to go to the trouble of reinstalling windows? Thank you for you time!
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Gmer

When I open GMER it appears to be doing a quick scan for just a couple of seconds and then I saved the log and the file was empty. Is this normal or is it not really scanning?
 
If it doesn't find any modifications, it won't produce any log.
Go on with others.
 
6 steps completed

Here are the logs requested. The initial gmer scan was blank. I should also note that I performed malwarebytes quick scan twice before starting this process which did produce results. I can produce those logs if needed. Thank you in advance for anyone taking the time to look at these logs.






Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7823

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/30/2011 4:27:53 PM
mbam-log-2011-09-30 (16-27-53).txt

Scan type: Quick scan
Objects scanned: 184925
Time elapsed: 2 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Run by Nick at 17:10:07 on 2011-09-30
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8183.6107 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcxcoms.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
mRun: [WheelMouse] C:\ADVANC~1\wh_exec.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{6DE5A4D9-CDE0-4ADB-8124-4202F19D416D} : DhcpNameServer = 192.168.10.1
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun-x64: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
mRun-x64: [WheelMouse] C:\ADVANC~1\wh_exec.exe
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
IE-X64: {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\lh6ohrhe.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-9-30 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-9-30 269480]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-6-2 90112]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 cpuz133;cpuz133;\??\C:\Windows\system32\drivers\cpuz133_x64.sys --> C:\Windows\system32\drivers\cpuz133_x64.sys [?]
R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe -service --> C:\Windows\system32\dlcxcoms.exe -service [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2151640]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-9-29 17152]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;C:\Windows\system32\DRIVERS\whfltr2k.sys --> C:\Windows\system32\DRIVERS\whfltr2k.sys [?]
.
=============== Created Last 30 ================
.
2011-10-01 00:02:11 49152 ----a-w- C:\Windows\SysWow64\mdhcp32.dll
2011-09-30 23:26:09 -------- d-----w- C:\Users\Nick\AppData\Roaming\Avira
2011-09-30 23:05:22 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-09-30 23:05:22 -------- d-----w- C:\ProgramData\Avira
2011-09-30 23:05:22 -------- d-----w- C:\Program Files (x86)\Avira
2011-09-30 22:55:07 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E0268744-D395-43BE-9827-2DC5244BD4D2}\mpengine.dll
2011-09-29 20:48:02 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-09-29 20:48:02 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-09-29 20:48:02 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-09-29 20:48:02 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-09-29 20:48:01 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-09-29 20:48:01 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-09-29 20:48:01 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-09-29 20:48:01 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-09-29 20:48:01 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-09-29 20:48:01 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-09-29 07:48:17 144896 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\dlcxdrpp.dll
2011-09-29 07:48:05 487424 ----a-w- C:\Windows\System32\tmpED1D.tmp
2011-09-29 07:45:53 415744 ----a-w- C:\Windows\System32\dlcxcoin.dll
2011-09-29 07:31:36 -------- d-----w- C:\Users\Nick\AppData\Roaming\Yjec
2011-09-29 07:31:36 -------- d-----w- C:\Users\Nick\AppData\Roaming\Ucori
2011-09-29 07:04:40 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-09-29 07:02:09 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-09-29 07:02:05 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-09-29 06:19:29 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-29 05:19:01 -------- d-----we C:\Windows\system64
2011-09-29 05:17:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-28 00:16:26 -------- d-----w- C:\Users\Nick\AppData\Roaming\Malwarebytes
2011-09-28 00:16:21 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-28 00:16:18 -------- d-----w- C:\Program Files (x86)\Mbam
2011-09-22 06:00:13 -------- d-----w- C:\Program Files\Dell Photo AIO Printer 926
2011-09-22 05:59:09 -------- d-----w- C:\Program Files (x86)\Dell Photo AIO Printer 926
2011-09-22 05:58:29 109056 ----a-w- C:\Windows\System32\dlcxvs.dll
2011-09-22 05:58:28 1462272 ----a-w- C:\Windows\System32\dlcxg.dll
2011-09-22 05:58:28 -------- d-----w- C:\dell
2011-09-20 23:06:02 -------- d-----w- C:\Users\Nick\VirtualBox VMs
2011-09-14 23:26:41 -------- d-----w- C:\Program Files\Oracle
.
==================== Find3M ====================
.
2011-07-07 17:42:37 1172629 ----a-w- C:\ProgramData\SPL7F8D.tmp
.
============= FINISH: 17:10:57.06 ===============
 
more

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/2/2010 7:10:50 AM
System Uptime: 9/30/2011 4:10:51 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6X58D-E
Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz | LGA1366 | 2801/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 263.714 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP310: 9/28/2011 9:44:09 PM - Windows Update
RP311: 9/28/2011 9:45:24 PM - Installed Java(TM) 6 Update 26
RP312: 9/28/2011 10:14:02 PM - Windows Update
RP313: 9/28/2011 10:16:00 PM - Windows Backup
RP314: 9/29/2011 12:01:35 AM - Installed Ad-Aware
RP315: 9/29/2011 1:11:44 AM - Windows Update
RP316: 9/29/2011 1:25:34 AM - Windows Update
RP317: 9/29/2011 1:47:25 PM - Windows Update
RP318: 9/30/2011 3:07:27 AM - Windows Update
RP319: 9/30/2011 3:49:34 AM - Windows Update
RP320: 9/30/2011 7:19:48 AM - Windows Update
RP321: 9/30/2011 3:54:53 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
3DMark06
Active@ ISO Burner
Ad-Aware
Adobe AIR
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Advanced Wheel Mouse 6.0.0.005
AI Suite
Apple Application Support
Apple Software Update
Application Profiles
Avira AntiVir Personal - Free Antivirus
CarbonPoker
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Crysis WARHEAD(R)
Crysis(R)
DVD-CLONER V7.20 Build 993
EA Download Manager
EA Download Manager UI
Futuremark SystemInfo
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Impulse
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) SE Development Kit 6 Update 20
Left 4 Dead 2
Malwarebytes' Anti-Malware version 1.51.2.1300
marvell 91xx driver
Marvell Miniport Driver
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.3)
NEC Electronics USB 3.0 Host Controller Driver
NetBeans IDE 6.8
OpenAL
Portal
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Steam
Sun GlassFish Enterprise Server v3
Team Fortress 2
TurboV
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2553110)
.
 
You're running two AV programs, Lavasoft Ad-Watch Live! Anti-Virus and Avira.
One of them has to go.
I suggest Lavasoft goes.

Then....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
problem

I'm trying to post the event viewer messages from past week from the attach.txt file but it is way too long from all the failed windows updates. I will continue with the steps you suggested.
 
crash

I just got a blue screen and crash while running combofix.
Here is the aswMBR.txt:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-30 17:47:46
-----------------------------
17:47:46.958 OS Version: Windows x64 6.1.7600
17:47:46.958 Number of processors: 8 586 0x1A05
17:47:46.958 ComputerName: NICK-PC UserName: Nick
17:47:51.314 Initialize success
17:48:24.877 AVAST engine defs: 11093001
17:48:47.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
17:48:47.299 Disk 0 Vendor: Intel___ 1.0. Size: 953875MB BusType: 8
17:48:47.300 Device \Driver\iaStor -> MajorFunction fffffa8008fd76c0
17:48:47.303 Disk 0 MBR read error 0
17:48:47.305 Disk 0 MBR scan
17:48:47.311 Disk 0 unknown MBR code
17:48:47.314 MBR BIOS signature not found 0
17:48:47.316 Service scanning
17:48:50.525 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:48:51.944 Modules scanning
17:48:51.948 Disk 0 trace - called modules:
17:48:51.951 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8008fd76c0]<<
17:48:51.955 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008fca060]
17:48:51.961 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007b63050]
17:48:51.966 \Driver\iaStor[0xfffffa8008fca980] -> IRP_MJ_CREATE -> 0xfffffa8008fd76c0
17:48:54.083 AVAST engine scan C:\Windows
17:49:20.387 AVAST engine scan C:\Windows\system32
17:49:30.393 AVAST engine scan C:\Windows\system32\drivers
17:49:40.398 AVAST engine scan C:\Users\Nick
17:49:50.404 AVAST engine scan C:\ProgramData
17:49:50.409 Scan finished successfully
17:51:10.622 Disk 0 MBR has been saved successfully to "C:\Users\Nick\Desktop\MBR.dat"
17:51:10.627 The log file has been saved successfully to "C:\Users\Nick\Desktop\aswMBR.txt"
 
Now i'm getting a blue screen and crash as soon as the desktop loads in normal mode. I rebooted in safe mode.
 
I ran ComboFix in safe mode. It made it through all the steps and then said it was restarting windows. Once restarted combofix said it was preparing the log when I got the blue screen and crash again with a message something like:

IRQL_NOT_LESS_THAN_OR_EQUAL
 
Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

Choose Command Prompt
You should see X:\SOURCES>...

Execute the following commands in bold.
Press Enter after every one of them.

bootrec /fixmbr (<--- there is a "space" after "bootrec")

exit
 
Actually after pressing F8 and getting to the boot options I went to startup repair which has the options you mentioned above including command prompt.
 
I think the command prompt showed
C:/windows/system32
or D or X, i can't remember.

I typed the command you suggested which completed successfuly.
Upon restart it only got as far as the starting windows screen before it crashed.
I opened startup repair which is asking if I want the restore the computer to an earlier time using System Restore.
 
startup repair has failed twice now and I can't boot to safe mode anymore.

I don't know much about what is going on so I was hoping you could enlighten me. At this point is wiping my hard drives (raid 0) my only option?
 
Try the process from my reply #13 one more time.

If still same issue.....

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
okay I just clicked on the OTLPE icon and a browse for folder box came up wanting me to select a windows directory. I'm assuming I want System Reserved (C:) which contains 2 folders Boot and System Volume Information. I just want to check what folder to select. I apologize for being ignorant. Thank you so much for all your help!
 
You must log in or register to reply here.

Similar threads

A
An old and unreleased beta build of Windows 7 has leaked online
Replies
8
Views
204
ZedRM
ZedRM
AGenericFool
Help - Valid Windows 10 Licenses deactivate after two days?!
Replies
1
Views
384
Nelson28
N
Z
Microsoft could soon sneak (more) Start menu ads into Windows
Replies
13
Views
253
user478318
user478318

Latest posts

Back