Computer dead, HELP

I was searching the net and clicked on a sight, Avast blocked some thing then suggested a boot scan, now nothing.
Just sits there with a blinking line, waiting for ???

The site I clicked on, I think was xww.demoniod.me/files/details/2690479/009063672858
I started on Google with a search for terry moore, how to draw women.

These are all the details I have as it all went to crap before I could check any thing.
BTW Avast has a crappy setup for submitting anything, that is why I’m here…

If any one can help, that would be nice, but at least stay away from that site.
THANKS

Hi Krash,

Make that link non-click through like www or -www ; because we do not any more victims by clicking that live link. It is a virus domain with redirect to roque antivirus. Sucuri flags it as follows:
Malware found in the URL:
-http://www.demoniod.me/files/details/2690479/009063672858/?gtnjs=1311600201e18dfc0dec6d0ee78acef16913147453

Hidden Iframes.
Details: http://sucuri.net/malware/entry/MW:IFRAME:HD202

Thanks for the info,I’ll remember the link tip too.
As usual, the “users” come through when the company drops the ball.

Avast tech support could only try and sell me a service package, after repeated “no’s” I finally had to hang up.
Could not log onto support site?? Password and such just wouldn’t go through.

Reloading the hard drive from back up disc now.
Thanks again.

Well… The backup discs didn’t help??? still stuck.

Just got done talking to Avast tech support for the second time, and I’ve gotten better response from answering machines…
It took 20 minutes for them to figure out what I already new, and what I told them right off the bat.
If any one knows how to fix this, besides washing the hard drive, let me and them know.
But since it’s a $200 net book, I will probably just chuck it out…And look for a replacement for Avast.

.....And look for a replacement for Avast.....
why....no security program have 100% detection and never will and when it comes to detecting infected wbsites avast is probably the best there is

Lets see if we can restore the computer, this sounds like an MBR infection that failed

IMPORTANT:
You will need a flash drive with a size of 512 Mb or bigger. Make sure that you do not leave anything important on the flash drive, as all data on it will be deleted during the following steps.

[*]

[*]Download OTLPEStd.exe from the following link and save it to your Desktop: mirror1.

[*]Download eeepcfr.zip from the following link and save it to your Desktop: the mirror

[*]Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror

[*]Once you have 7-zip install, decompress OTLPEStd.exe by rightclicking on the folder and choosing the options shown in the picture below. Please use a dedicated folder, for example OTLPE, on your Desktop

http://i643.photobucket.com/albums/uu158/_temp_/otlpestdsmaller.jpg

[*]Open the folder OTLPEStd which will be created in the same location as OTLPEStd.exe and right-click OTLPE_New_Std.iso. Select 7-Zip and from the submenu select Extract files… and extract the content onto your Desktop in a OTLPE folder:

http://i643.photobucket.com/albums/uu158/_temp_/otlpestdsmall2.jpg

[*]Please also decompress eeepcfr to your systemroot (usually [b]C:[/b]).

[*] Empty the flash drive you want to install OTLPE on.

Go to C:[b]eeecpfr and double-click usb_prep8.cmd to launch it.

[*] Press any key when asked to in the black window that opens.

[*]As indicated in the image, make sure you have selected the correct flash drive, before proceeding.
For Drive Label: type in OTLPE.
Under Source Path to built BartPE/WinPE Files click and select the folder OTLPE that you created on your Desktop.
Finally check Enable File Copy.

http://i643.photobucket.com/albums/uu158/_temp_/otlpe-2.jpg

[*]Click on Start, accept the disclaimers and wait for the program to finish.

Your bootable flash drive should now be ready!

Start the computer with the bootable flash drive

On the reatogo desktop double click OTLPE
Then select all users and run Scan

The OTL log generated will need to be transfered to a usb drive and attached to your next post

Followed instructions, and computer still just sits there with the blinking courser line in upper left, and the flash drive just keeps blinking??
No other signs of life.

The only controls I have with it, is hitting F2 at start up and getting the setup screen.
Would it work to drop the hard drive into another computer, or would that just screw up another computer?
BTW, the comment about replacing Avast was mostly stress, and a reaction to the pitiful tech support. I’ve been using Avast for nearly ten years, and been hit maybe 3 times.

Essexboy will still be at work for a while and probably 2 hours or so before he can get on-line, 3.55pm in the UK now.

Got it to boot from flash drive, and this is the report:

OTL logfile created on: 7/29/2011 9:13:29 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.05 Gb Total Space | 89.26 Gb Free Space | 64.66% Space Free | Partition Type: NTFS
Drive X: | 3.73 Gb Total Space | 3.34 Gb Free Space | 89.51% Space Free | Partition Type: FAT

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] – – (HidServ)
SRV - File not found [On_Demand] – – (AppMgmt)
SRV - [2010/07/22 04:57:20 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand] – C:\Documents and Settings\All Users\Application Data\Partner\Partner.exe – (Partner Service)
SRV - [2010/06/01 18:27:50 | 002,057,560 | ---- | M] (Symantec Corporation) [Auto] – C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe – (NOBU)
SRV - [2010/05/26 22:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand] – C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe – (MWLService)
SRV - [2010/05/25 06:31:20 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto] – C:\Program Files\Launch Manager\dsiwmis.exe – (DsiWMIService)
SRV - [2010/04/03 19:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand] – C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe – (GameConsoleService)
SRV - [2010/01/29 19:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto] – C:\Program Files\Acer\Acer VCM\RS_Service.exe – (RS_Service)
SRV - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto] – C:\Program Files\Acer\Acer Updater\UpdaterService.exe – (Updater Service)
SRV - [2010/01/05 21:04:02 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto] – C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe – (mfefire)
SRV - [2010/01/05 21:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) [Auto] – C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe – (McShield)
SRV - [2010/01/05 21:04:02 | 000,141,792 | ---- | M] (McAfee, Inc.) [Auto] – C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe – (mfevtp)
SRV - [2009/12/30 21:13:18 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand] – C:\Program Files\McAfee\VirusScan\mcods.exe – (McODS)
SRV - [2009/12/15 00:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto] – C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe – (MSK80Service)
SRV - [2009/12/15 00:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto] – C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe – (McProxy)
SRV - [2009/12/15 00:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto] – C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe – (McOobeSv)
SRV - [2009/12/15 00:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto] – C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe – (McNASvc)
SRV - [2009/12/15 00:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto] – C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe – (McNaiAnn)
SRV - [2009/12/15 00:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto] – C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe – (mcmscsvc)
SRV - [2009/12/15 00:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto] – C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe – (McMPFSvc)
SRV - [2009/12/15 00:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto] – C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe – (McAfee SiteAdvisor Service)
SRV - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] – C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe – (IAANTMON) Intel(R)

More of the report:

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] – – (WDICA)
DRV - File not found [Kernel | On_Demand] – – (PDRFRAME)
DRV - File not found [Kernel | On_Demand] – – (PDRELI)
DRV - File not found [Kernel | On_Demand] – – (PDFRAME)
DRV - File not found [Kernel | On_Demand] – – (PDCOMP)
DRV - File not found [Kernel | System] – – (PCIDump)
DRV - File not found [Kernel | System] – – (lbrtfdc)
DRV - File not found [Kernel | System] – – (Changer)
DRV - [2010/03/12 17:41:22 | 005,867,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] – C:\WINDOWS\system32\drivers\RtkHDAud.sys – (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/01/05 21:04:02 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot] – C:\WINDOWS\system32\drivers\mfehidk.sys – (mfehidk)
DRV - [2010/01/05 21:04:02 | 000,312,584 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] – C:\WINDOWS\system32\drivers\mfefirek.sys – (mfefirek)
DRV - [2010/01/05 21:04:02 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] – C:\WINDOWS\system32\drivers\mfeavfk.sys – (mfeavfk)
DRV - [2010/01/05 21:04:02 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] – C:\WINDOWS\system32\drivers\mfeapfk.sys – (mfeapfk)
DRV - [2010/01/05 21:04:02 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] – C:\WINDOWS\system32\drivers\mfendisk.sys – (mfendiskmp)
DRV - [2010/01/05 21:04:02 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] – C:\WINDOWS\system32\drivers\mfendisk.sys – (mfendisk)
DRV - [2010/01/05 21:04:02 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] – C:\WINDOWS\system32\drivers\mferkdet.sys – (mferkdet)
DRV - [2010/01/05 21:04:02 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System] – C:\WINDOWS\system32\drivers\mfetdi2k.sys – (mfetdi2k)
DRV - [2010/01/05 21:04:02 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] – C:\WINDOWS\system32\drivers\cfwids.sys – (cfwids)
DRV - [2010/01/05 21:04:02 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] – C:\WINDOWS\system32\drivers\mfebopk.sys – (mfebopk)
DRV - [2009/11/17 19:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] – C:\WINDOWS\system32\drivers\Monfilt.sys – (Monfilt)
DRV - [2009/11/17 19:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand] – C:\WINDOWS\system32\drivers\Ambfilt.sys – (Ambfilt)
DRV - [2008/12/02 14:52:00 | 000,058,800 | ---- | M] (Egis Incorporated.) [Kernel | System] – C:\WINDOWS\system32\drivers\mwlPSDVDisk.sys – (mwlPSDVDisk)
DRV - [2008/12/02 14:52:00 | 000,017,840 | ---- | M] (Egis Incorporated.) [File_System | System] – C:\WINDOWS\system32\drivers\mwlPSDFilter.sys – (mwlPSDFilter)
DRV - [2008/12/02 14:52:00 | 000,015,280 | ---- | M] (Egis Incorporated.) [Kernel | System] – C:\WINDOWS\system32\drivers\mwlPSDNserv.sys – (mwlPSDNServ)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

IE - HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

FF - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/07/22 04:55:12 | 000,000,000 | —D | M]

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\msk\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20100722015304.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\Documents and Settings\All Users\Application Data\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM…\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM…\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM…\Run: [GAIA_AlaunchX_XP] C:\ACER\Preload\Command\AlaunchX\AlaunchX.exe (Acer Inc.)
O4 - HKLM…\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM…\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM…\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM…\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM…\Run: [mwlDaemon] C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM…\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM…\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM…\RunOnce: [IdentityCardFUB] C:\WINDOWS\oem\IdentityCard\FUB.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - Unable to read “AutoRun” value or value not present!
O32 - AutoRun File - [2010/07/22 03:04:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF – [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk ) - File not found
O35 - HKLM..comfile [open] – “%1” %

O35 - HKLM..exefile [open] – “%1” %*
O37 - HKLM.…com [@ = comfile] – “%1” %*
O37 - HKLM.…exe [@ = exefile] – “%1” %*

and more of the report :o)

========== Files/Folders - Created Within 30 Days ==========

[2011/07/25 13:19:51 | 000,000,000 | —D | C] – C:\Backup
[1 C:\WINDOWS\System32*.tmp files → C:\WINDOWS\System32*.tmp → ]

========== Files - Modified Within 30 Days ==========

[2011/07/25 14:11:45 | 000,000,210 | RHS- | M] () – C:\boot.ini
[2011/07/22 16:53:48 | 2136,043,520 | -HS- | M] () – C:\hiberfil.sys
[1 C:\WINDOWS\System32*.tmp files → C:\WINDOWS\System32*.tmp → ]

========== Files Created - No Company Name ==========

[2010/07/22 05:37:47 | 000,000,061 | ---- | C] () – C:\WINDOWS\smscfg.ini
[2010/07/22 04:30:47 | 000,231,056 | ---- | C] () – C:\WINDOWS\System32\drivers\RTConvEQ.dat
[2010/07/22 04:30:47 | 000,030,856 | ---- | C] () – C:\WINDOWS\System32\drivers\RtPCEE3.DAT
[2010/07/22 04:30:47 | 000,001,352 | ---- | C] () – C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2010/07/22 04:30:47 | 000,000,712 | ---- | C] () – C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2010/07/22 04:30:47 | 000,000,520 | ---- | C] () – C:\WINDOWS\System32\drivers\RTEQEX3.dat
[2010/07/22 04:30:47 | 000,000,520 | ---- | C] () – C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2010/07/22 04:30:47 | 000,000,520 | ---- | C] () – C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2010/07/22 04:30:47 | 000,000,520 | ---- | C] () – C:\WINDOWS\System32\drivers\RTEQEX0_old.dat
[2010/07/22 04:30:47 | 000,000,176 | ---- | C] () – C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2010/07/22 04:30:47 | 000,000,024 | ---- | C] () – C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2010/07/22 03:38:03 | 000,007,003 | ---- | C] () – C:\WINDOWS\System32\OEMINFO.INI
[2010/07/22 03:38:02 | 000,020,480 | ---- | C] () – C:\WINDOWS\LauncheRyDiscCalc.exe
[2010/07/22 03:37:42 | 000,004,569 | ---- | C] () – C:\WINDOWS\System32\secupd.dat
[2010/07/22 03:37:41 | 000,443,034 | ---- | C] () – C:\WINDOWS\System32\perfh009.dat
[2010/07/22 03:37:41 | 000,272,128 | ---- | C] () – C:\WINDOWS\System32\perfi009.dat
[2010/07/22 03:37:41 | 000,072,134 | ---- | C] () – C:\WINDOWS\System32\perfc009.dat
[2010/07/22 03:37:41 | 000,028,626 | ---- | C] () – C:\WINDOWS\System32\perfd009.dat
[2010/07/22 03:37:40 | 013,107,200 | ---- | C] () – C:\WINDOWS\System32\oembios.bin
[2010/07/22 03:37:40 | 000,004,524 | ---- | C] () – C:\WINDOWS\System32\oembios.dat
[2010/07/22 03:37:39 | 000,000,741 | ---- | C] () – C:\WINDOWS\System32\noise.dat
[2010/07/22 03:37:37 | 000,673,088 | ---- | C] () – C:\WINDOWS\System32\mlang.dat
[2010/07/22 03:37:37 | 000,046,258 | ---- | C] () – C:\WINDOWS\System32\mib.bin
[2010/07/22 03:37:32 | 000,218,003 | ---- | C] () – C:\WINDOWS\System32\dssec.dat
[2010/07/22 03:37:30 | 000,001,804 | ---- | C] () – C:\WINDOWS\System32\Dcache.bin
[2010/07/22 03:07:51 | 000,032,768 | ---- | C] () – C:\WINDOWS\AMove.exe
[2010/07/22 03:06:51 | 000,002,048 | --S- | C] () – C:\WINDOWS\bootstat.dat
[2010/07/22 03:02:52 | 000,021,640 | ---- | C] () – C:\WINDOWS\System32\emptyregdb.dat
[2010/07/22 03:02:03 | 000,001,793 | ---- | C] () – C:\WINDOWS\System32\fxsperf.ini
[2010/07/21 19:59:46 | 000,004,161 | ---- | C] () – C:\WINDOWS\ODBCINST.INI
[2010/07/21 19:59:02 | 000,248,696 | ---- | C] () – C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2010/07/22 04:56:12 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\Acer
[2010/07/22 05:08:55 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\EgisTec IPS
[2010/07/22 04:34:56 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\eSobi
[2010/07/22 04:57:20 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\Partner
[2010/07/22 04:42:28 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\WildTangent

========== Purity Check ==========

< End of report >

Hi folks,
Just tried to run malwarebytes and got run time error; ‘0’ and ‘372’ failed to load control from 'vbalGrid" from vbalsgrid6. ocx.
If no one has any more suggestions, I will try and transfer my user files to disc and reformat the HD.
Thanks for all your help so far
KRASH

Hi Krash sorry for the delay I appear to have lost my notification for this

Run OTLPE again and on the desktop will be an icon called FixMBR
Double click this and enter the following command

MbrFix /drive 0 fixmbr
Exit

Reboot and let me know if that works

I’ve decided to send it back to Acer, as it’s still under warranty.

I got malwarebites to work, and it found and removed 2 infections, but since, I can’t even get OTLPE to run.
It crashes with this tech info:

STOP: 0x00000071 (0x00000000,0x00000000,0x00000000,0x00000000)

One thing I did notice when I did get to a run command window, was that the keyboard was off.
When I tried your command from the last post, typing M would not work, and typing m came up with a zero? I noticed several other keyboard faults, but forgot to write them down.

Once again I would like to thank you for all your time and help.

BTW, is there some link or site where users can go to donate money to helpful geeks as yourself.
Over the years I’ve gotten most of my help from “volunteers”, and usually just aggravation from the “paid” support.
If not maybe some one should set one up :o)

It does sound like a faulty system from that - the stop code is to do with NTFS - basically your hardrive file system

I do have a link at geeks to go but here I do it for free ;D

What’s the link?

Its a paypal in my signature - I use the same name there
http://www.geekstogo.com/forum/forum/37-virus-spyware-malware-removal/