I apologize for the mishmash of logs I’m about to send in this and the following posts, but today is the first day I have been able to complete all scans in one sitting (yay!)
Attached, you’ll find the most recent MBAM Quick Scan log.
Attached, you’ll find the OTL log from the first time I ran the Quick Scan.
And here’s the OTL log from today’s Quick Scan.
I wasn’t able to “force” a new Extras log today, so I’m attaching the one from the first Quick Scan I did.
This is the aswMBR QuickScan log.
It is only created at first scan 
just some extra system info
I should explain that on 10/16/10, I fell for the USAJobs PDF exploit lurking in what I thought was an innocent message in my Yahoo inbox. It changed my Desktop, Firefox homepage, and wouldn’t allow me to access antimalware software, antimalware-related websites, or to install any antimalware programs I had downloaded to a flash drive from an uninfected computer.
A friend took the hard drive out of the tower and scanned it but could find nothing, so he returned the computer to me, but I was still having problems with it running slowly and never going into Sleep mode. I then started receiving e-newsletters I had never signed up for, even after changing my Yahoo password multiple times, so my friend recommended I simply restore my computer to factory settings.
I thought that would take care of the problem, but it obviously did not, because I discovered a strange login name on DD7’s computer account on 7/27/11. So, I downloaded and followed MakeUseOf.com’s Malware Removal Guide. I wasn’t particularly happy when I installed AIS and discovered I had Win32:Kelihos-S[Trj], a decompression bomb, and several corrupted archives, but I was overjoyed to find my computer actually running normally and going into Sleep mode for the first time.
My bubble burst, however, when I got to Step 19 of the Removal Guide. I ran aswMBR but noted in the log that it hadn’t scanned D drive (yes, I now know what MBR stands for but, at the time, thought the program was yet another virus scanner), so I clicked on the drop-down to select D but opted to try a Full Scan of C drive first. The program crashed whether I was in Normal or Safe Mode, so I went online to find a fix and discovered MBRCheck, which found “MBR Code Faked!”
So, here I am now, seeking more knowledgeable help 
ML
HP s3707c
AMD Athlon 64x2 Dual Core Processor 5400+ 2.80 GHz
4.00 GB RAM
64-bit Vista Home Premium SP2
running KIS at time of infection, then switched to Norton360, now using AIS
MBAM has never found a thing on my computer, whether my PC was infected or not 
Thanks for letting me know, Pondus
Here you go Misty - a quick MBR fix first whilst I check out the OTL log
Run MBRCheck.exe once again.
You will be presented with the following dialog:
[QUOTE]Found non-standard or infected MBR.
Enter ‘Y’ and hit ENTER for more options, or ‘N’ to exit:
[/quote]
Enter Y and press Enter.
The following dialog will be presented:
[QUOTE]Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
[/quote]
Enter 2 and press Enter
The following dialog will be presented:
[QUOTE]Enter the physical disk number to fix (0-99, -1 to cancel):
[/quote]
Enter >>0<< and press Enter
The following dialog will be presented:
Enter >>3<< and press Enter
The following dialog will be presented:
[QUOTE]Do you want to fix the MBR code? Type ‘YES’ and hit ENTER to continue:
[/quote]
Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!
And last the following dialog will be presented:
[QUOTE]Done! Press ENTER to exit…
[/quote]
Press Enter. A report will be produced on the desktop. Post that report in your next reply.
Note to self: Never, never, ever, ever reboot when a log tells you to; always wait until an expert avast! Evangelist advises you to do so ^///^
I’m afraid I had to reinstall my OS, essexboy, so I must post entirely new logs Hopefully, we’ll be able to correct the faked MBR code–which still exists on my PC–without my making another disastrous error! Attached, you’ll find the most recent MBAM log.
ML
HP Pavilion s3707c
AMD Athlon 64 X2 Dual Core Processor 5400+ 2.80 GHz
4.00 GB RAM
NVIDIA GeForce 9100
Windows Vista Home Premium SP2 (64-bit)
MBAM since PC purchased (Mar 2009)
KIS when infected (Oct 2010), Norton360 after System Restore (Feb 2011), AIS after strange login found on PC acct (Jul 2011), NIS 2009 after System Recovery (Sept 2011)
Here are both OTL logs.
Here is the aswMBR log (3a). I, of course, cannot attach the DAT file (3b).
And here is the MBRCheck log (4) and the MBRCheck report (4a). Again, I am unable to attach the DAT file (4b).
OK the MBR is still faked and this is obviously the tougher variant. So we will need to fix it whilst it is inactive
Create a Windows 7/Vista System Repair Disc
Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.
[*]Click on Start(Windows 7 Orb) >> Run…(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:
recdisc.exe[*]Allow the[B] UAC(User Account Control)[/B] prompt via selecting [B]Yes[/B]. [*]You should now see a menu like the below:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/WTSRD1.gif
[*]Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
[*]Note: If a AutoPlay window pops up, just close it.
[*]When the SRD has been created you will see the below:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/WTSRD2.gif
[*]Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
[*]You now have a Windows 7/Vista System Repair Disc.
.
Reboot the computer and start from the CD
When you reboot you will see this although yours will say windows 7. Click repair my computer
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg
Select your operating system
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg
Select Command prompt
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg
At the command prompt type the following
Bootrec.exe /FixMbr
[*]Once finished type Exit
Reboot to normal windows and run MBRcheck again please
This might be a silly question, but aside from deleting my desktop icons and disabling shortcuts willy-nilly, can malware on a computer actually delete an OS? I ask because it’s the only explanation I can think of for why I found my PC “awake” and asking me to “Reboot and Select the proper Boot device/or Insert Boot Media in the selected Boot device and press a key” last night.
Once again, essexboy, I’ve had to reinstall my OS, so I’ll be attaching fresh MBAM & OTL logs. I also was not able to create an SRD (nothing happened after I approved the UAC prompt).
Getting too old for this,
ML
Windows Vista Home Premium SP2 (64-bit)
HP Pavilion s3707c
AMD Athlon 64 X2 Dual Core Processor 5400+ 2.80 GHz
4.00 GB RAM
NIS 2009 and MBAM
Because I didn’t want to reconnect my router to download the latest Avast! virus definitions database, I ran MBRCheck first and found my “MBR Code Faked!” again (ugh!)
Attached, you’ll find the MBRCheck (3) and aswMBR (4b) logs. I am not able to attach the MBR.dat log (4a).
ML
And just in case you need it, here’s the MBRCheck report (5a) I just generated using the “quick MBR fix” that resulted in my without-your-advice reboot, which wiped out my OS the first time :-[ The .bak file (5b) cannot be attached.
ML
OK this is becoming a tad weird as aswMBR is reporting a good MBR now
Lets get a different perspective on it
Download and Install Combofix
Download ComboFix from one of the following locations:
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now