Searching for traces!!

I am trying to help out my neighbor with their computer, which wouldn't boot up normally at all. So I ended up running malwarebytes and then SAS in safe mode first. I then did a startup repair and reloaded the video driver as it was corrupt, and was finnally able to startup in normal mode. I also ran eset online scanner as their avg was out of date (It turned up nothing). I then proceeded with the read and run me first. The second results of mbam and SAS turned up nothing, so I am sending the first results from running in safe mode. (I hope this is OK) Everything seems OK at this point, but wanted to make sure their computer was clean before returning it to them.

 

And mglogs file.

 

Other than traces of AVG, ESET (online scanner), Norton and a couple of missing toolbar registry entries; the only other significant thing that concerns me is this:

Run this so we can get another opinion.

http://img833.imageshack.us/img833/7035/aswmbricon.gif Please download aswMBR by Avast! to your desktop.

• Double-click aswMBR.exe to run it (Vista and Win7 right-click and select Run as Administrator)
• Select No when asked Would you like to download latest Avast! virus definitions?
• Click the [Scan] button.
  Note: This scan should only take a few seconds to complete.
• On completion of the scan click [Save log], save it to your desktop and attach this log to your next message. (How to attach items to your post)

Also, in order for me to be thorough, I need you to put the system back into Normal startup mode via MSconfig. >> Use MSconfig to setup for Normal Startup Mode

After rebooting, run C:\MGtools\GetLogs.bat and attach the automatically updated C:\MGlogs.zip file to your next message. (How to attach items to your post)

 

I ran the first scan aswMBR, then switched to normal startup, rebooted and an error appeared(uploaded a screenshot), then I ran getlogs.bat. These are the files.

 

Did you complete this step before rerunning GetLogs.bat?

Also, do you have the data backed up? I would recommend fixing the Master Boot Record (MBR), but sometimes the PC does not boot properly after attempting to fix it which is why I would recommend that you back the data up first.

 

Yes, I did the normal startup via msconfig.

I'm not sure how much important info is on this besides pictures, but I thought I already repaired the mbr. When I first started up the computer it wouldn't boot up. I then restarted pressing F8 and "repair startup" was the first thing on the list in the safe mode option screen. This computer is running vista, and I haven`t used the fixmbr. Not sure How!

 

Unfortunately start up repair does not fix the MBR.

First, see if aswMBR will be able to do it (sometimes it will work)

Reopen aswMBR and click the [FixMBR] button. Follow the prompts and reboot afterwards.

Now rerun aswMBR but just click the [Scan] button, attach this log to your next message.

 

I ran the fixmbr, and it completed sucessfully. Rebooted and tried to do a scan and it came up with a bluescreen, and restarted the computer again. I tried running the scan again and the bluescreen reappeared. I did however was able to collect the details of the bluescreen in the text file attached.

 

Ran the scan once more, and I guess third times a charm!! Here is the log file.

 

Nice. Yes it's kind of flaky but sometimes it will work.

http://img51.imageshack.us/img51/9017/regedit.gif Copy the bold text below to Notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "All files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now rerun GetLogs.bat and attach MGlogs.zip

How are things running now?

 

Am I ready for cleanup and removal of programs used? As I am using my sons room and he's ready for bed. I may leave the cleanup for morning! I appreaciate all your time and effort in helping me, and Thank You very much!!

 

Complete the last set of instructions so I can ensure you're clean.. and you're welcome

 

I figured I should, so I started them right away, reg file was sucessfull and I ran getlogs.bat and posted the file

 

Also, do you have any idea about the rundll error?

 

Logs are malware free.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

 

It's related to NVIDIA
You may want to try to reinstall/upgrade your graphic card drivers to see if it goes away.

We have a Drivers forum too if wish to seek more information on this

 

No problem, Thanks again, and I will do my cleanup in the morning.

 

Np. Surf safely!