I was looking for Justin Bieber pictures to use for a youth conference presentation (you can laugh at me now) when I must of gotten some sort of boot sector virus. Long story short, it corrupted some boot files and Windows wouldn't go past the system recovery screen. After a handful of failed attempts I eventually gave up and reinstalled Windows. Now I'm hoping if someone can tell me if it's actually gone or still buried in my system somewhere.
Also note: It appeared to have destroyed my boot for Windows 8 Developer Preview. The partition is still there. Should I do a separate screen on just that partition?
Windows 7 Ultimate SP1
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by CDG at 7:49:15 on 2012-02-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3325.1946 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\D-Link\DWA-130 revD\wirelesscm.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Speckie: {8ce7f568-67fa-4432-ba39-f5afd68e7b8b} - c:\users\cdg\appdata\roaming\speckie\bin32\Speckie32.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-130 revd\wirelesscm.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {E6846530-6088-4AA3-932F-C6245CE59A4C} - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - c:\users\cdg\appdata\roaming\speckie\bin32\Speckie32.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1EB51201-332C-45B0-9134-E60EA36FB8CE} : DhcpNameServer = 192.168.0.1
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
.
============= SERVICES / DRIVERS ===============
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-2-15 20384]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-5 163328]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-12-5 291840]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2011-6-24 39424]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2012-2-15 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-12-5 9067008]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-12-5 264192]
R3 arusb_lh;Atheros 11n Wireless LAN device driver;c:\windows\system32\drivers\arusb_lh.sys [2012-2-15 436224]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-10-17 85520]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\d-link\dwa-130 revd\jswpsapi.exe [2012-2-15 954368]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-2-16 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-2-16 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-16 1343400]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
.
=============== Created Last 30 ================
.
2012-02-16 12:48:28 -------- d-----w- c:\windows\system32\Wat
2012-02-16 12:03:52 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-02-16 12:01:48 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2012-02-16 06:56:45 -------- d-----w- c:\windows\system32\SPReview
2012-02-16 06:56:35 -------- d-----w- c:\windows\system32\EventProviders
2012-02-16 06:51:59 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2012-02-16 06:48:47 1699328 ----a-w- c:\windows\system32\esent.dll
2012-02-16 06:39:03 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-02-16 06:39:03 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-02-16 06:39:03 107520 ----a-w- c:\windows\system32\cdd.dll
2012-02-16 05:47:32 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b333d744-bc6e-4163-b2c4-c428603bfb63}\gapaengine.dll
2012-02-16 05:47:28 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1ab60626-232d-488c-9929-336494265382}\mpengine.dll
2012-02-16 05:45:57 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-16 04:54:49 -------- d-----w- c:\windows\Panther
2012-02-16 03:51:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 03:34:21 -------- d--h--w- C:\kleaner.tmp
2012-02-16 03:26:43 -------- d-----w- c:\program files\WOT
2012-02-16 03:23:36 -------- d-----r- c:\users\cdg\Podcasts
2012-02-16 03:03:20 -------- d-----w- c:\windows\PCHEALTH
2012-02-16 02:52:48 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-02-16 02:52:43 -------- d-----w- c:\windows\System64
2012-02-16 02:52:42 -------- d-----w- c:\users\cdg\appdata\roaming\Speckie
2012-02-16 02:50:07 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2012-02-16 02:50:07 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-02-16 02:50:07 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-02-16 02:50:03 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 02:48:45 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-02-16 02:48:42 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-02-16 02:48:42 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-02-16 02:48:42 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-02-16 02:48:38 571904 ----a-w- c:\windows\system32\oleaut32.dll
2012-02-16 02:48:38 233472 ----a-w- c:\windows\system32\oleacc.dll
2012-02-16 02:48:32 741376 ----a-w- c:\windows\system32\inetcomm.dll
2012-02-16 02:48:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-02-16 02:46:59 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-02-16 02:46:59 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-16 02:46:42 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2012-02-16 02:46:42 1137664 ----a-w- c:\windows\system32\mfc42.dll
2012-02-16 02:46:39 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-02-16 02:46:38 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-02-16 02:43:10 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 02:42:26 -------- d-----w- c:\users\cdg\appdata\roaming\Malwarebytes
2012-02-16 02:35:58 -------- d-----w- c:\users\cdg\appdata\local\AMD
2012-02-16 02:35:42 -------- d-----w- c:\users\cdg\appdata\local\ATI
2012-02-16 02:34:34 0 ----a-w- c:\windows\ativpsrm.bin
2012-02-16 02:25:45 -------- d-----w- c:\program files\AMD APP
2012-02-16 02:25:42 -------- d-----w- c:\program files\common files\ATI Technologies
2012-02-16 02:25:07 -------- d-----w- c:\programdata\AMD
2012-02-16 02:25:02 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys
2012-02-16 02:24:41 -------- d-sh--w- c:\windows\Installer
2012-02-16 02:24:41 -------- d-----w- c:\program files\ATI
2012-02-16 02:24:21 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{19c92f3a-ed6f-4a29-ba05-0d22db6e6fd4}\mpengine.dll
2012-02-16 02:24:20 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 02:24:17 -------- d-----w- c:\program files\ATI Technologies
2012-02-16 02:23:20 -------- d-----w- C:\AMD
2012-02-16 02:13:16 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys
2012-02-16 02:13:14 436224 ----a-w- c:\windows\system32\drivers\arusb_lh.sys
2012-02-16 02:13:14 -------- d-----w- c:\program files\D-Link
2012-02-16 02:13:13 -------- d-----w- c:\windows\pcidevice
2012-02-16 02:13:07 -------- d-----w- C:\temp
2012-02-16 02:11:17 -------- d-----w- c:\windows\system32\wbem\Performance
2012-02-16 02:08:01 -------- d-----w- c:\users\cdg\appdata\local\VirtualStore
.
==================== Find3M ====================
.
2012-02-16 12:15:09 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
2011-12-16 07:52:58 690688 ----a-w- c:\windows\system32\msvcrt.dll
2011-12-06 03:44:22 9067008 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:17:50 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-12-06 03:17:36 778752 ----a-w- c:\windows\system32\aticfx32.dll
2011-12-06 03:12:52 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12:16 404992 ----a-w- c:\windows\system32\atieclxx.exe
2011-12-06 03:11:44 163328 ----a-w- c:\windows\system32\atiesrxx.exe
2011-12-06 03:10:30 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2011-12-06 03:10:12 360448 ----a-w- c:\windows\system32\atipdlxx.dll
2011-12-06 03:10:00 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-12-06 03:09:54 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-12-06 03:09:44 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-12-06 03
38 6159872 ----a-w- c:\windows\system32\atidxx32.dll
2011-12-06 03:04:00 59904 ----a-w- c:\windows\system32\OpenVideo.dll
2011-12-06 03:03:52 54784 ----a-w- c:\windows\system32\OVDecode.dll
2011-12-06 03:03:04 14499328 ----a-w- c:\windows\system32\amdocl.dll
2011-12-06 03:02:16 44032 ----a-w- c:\windows\system32\OpenCL.dll
2011-12-06 02:56:40 19125760 ----a-w- c:\windows\system32\atioglxx.dll
2011-12-06 02:39:24 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-12-06 02:34:24 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-12-06 02:34:14 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-12-06 02:33:36 5919232 ----a-w- c:\windows\system32\atiumdag.dll
2011-12-06 02:29:30 11484672 ----a-w- c:\windows\system32\aticaldd.dll
2011-12-06 02:28:50 4206592 ----a-w- c:\windows\system32\atiumdva.dll
2011-12-06 02:18:42 51200 ----a-w- c:\windows\system32\coinst.dll
2011-12-06 02:12:50 356352 ----a-w- c:\windows\system32\atiadlxx.dll
2011-12-06 02:12:34 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-12-06 02:12:22 33280 ----a-w- c:\windows\system32\atigktxx.dll
2011-12-06 02:11:50 264192 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11:16 33280 ----a-w- c:\windows\system32\atiuxpag.dll
2011-12-06 02:11:02 29696 ----a-w- c:\windows\system32\atiu9pag.dll
2011-12-06 02:10:42 53760 ----a-w- c:\windows\system32\atimpc32.dll
2011-12-06 02:10:42 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2011-12-06 02:10:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
============= FINISH: 7:49:35.10 ===============
