TechSpot

Rogue aftermath, Windows Update disabled

By GSBruce
Feb 18, 2012
  1. I have had a few infections with rogue viruses (I think) over the last couple of months. I tried some of the remedies you see around on the internet and seemed to be able to clear the viruses and straighten out their damage until this latest one. The only problem I now detect personally (ie. there could be/probably are more than this) is that Windows Update will not work (error 80096001) and none of Microsofts Fixits, etc. will cure that problem. I was using Webroot SecureAnyWhere but it seemed unable to deal with this sort of virus and I found Webroot support to be unacceptably slow to respond, so this morning I uninstalled Webroot AnyWhere and installed Norton Internet Security. The Norton seemed to install OK and found 15 viruses that Webroot did not. The Windows Update problem did not go away. Also, System Restore will not complete any restorations. I also tried to install Windows 7 Ultimate over Vista, it did not install. Any help would be much appreciated. Anyway, my log files:

    MBAM

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.18.02

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    XXXX [administrator]

    Protection: Disabled

    2/17/2012 11:24:47 PM
    mbam-log-2012-02-17 (23-24-47).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 221168
    Time elapsed: 10 minute(s), 10 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    GMER

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-17 23:38:37
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0
    Running: uu9igpzg.exe; Driver: C:\Users\T4158~1.BRU\AppData\Local\Temp\pwlyypod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs tdrpman.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----

    DDS / DDS.txt

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by XXXX at 23:41:12 on 2012-02-17
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3571.1699 [GMT -6:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\STacSV.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\aestsrv.exe
    C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Windows\system32\atashost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton Internet Security\Engine\19.5.1.2\ccSvcHst.exe
    C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Norton Internet Security\Engine\19.5.1.2\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Windows\System32\NILaunch.exe
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
    C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\real\realplayer\Update\realsched.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://apod.nasa.gov/apod/
    uWindow Title = Internet Explorer provided by Dell
    uDefault_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1081215
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Ant.com browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\download.dll
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.5.1.2\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.5.1.2\ips\IPSBHO.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Ant.com Video Downloader toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\anttoolbar.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.5.1.2\coIEPlg.dll
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [Google Update] "c:\users\t. bruce petitt\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [PowerMate] "c:\program files\griffin technology\powermate\PowerMate.exe"
    uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup
    mRun: [Apoint] "c:\program files\delltpad\Apoint.exe"
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
    mRun: [ChangeTPMAuth] "c:\program files\wave systems corp\common\ChangeTPMAuth.exe" /T:NTRU12
    mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
    mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
    mRun: [Net-It Launcher] "c:\windows\system32\NILaunch.exe"
    mRun: [Logitech Utility] "Logi_MwX.Exe"
    mRun: [WavXMgr] "c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe"
    mRun: [SecureUpgrade] "c:\program files\wave systems corp\SecureUpgrade.exe"
    mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
    mRun: [USCService] "c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe"
    mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SysTrayApp] "c:\program files\idt\wdm\sttray.exe"
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [PMBVolumeWatcher] "c:\program files\sony\pmb\PMBVolumeWatcher.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [nwiz] "nwiz.exe" /installquiet
    mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NVHotkey] "rundll32.exe" c:\windows\system32\nvHotkey.dll,Start
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\users\t4158~1.bru\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoba~1.lnk - c:\program files\seagate\autobackup\MemeoLauncher.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\common files\panasonic\photofunstudio autostart\AutoStartupService.exe
    uPolicies-explorer: NoViewOnDrive = 0 (0x0)
    uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
    uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    uPolicies-system: NoDispAppearancePage = 0 (0x0)
    uPolicies-system: NoDispSettingsPage = 0 (0x0)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-explorer: NoViewOnDrive = 0 (0x0)
    mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
    mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    mPolicies-system: NoDispAppearancePage = 0 (0x0)
    mPolicies-system: NoDispSettingsPage = 0 (0x0)
    dPolicies-explorer: NoViewOnDrive = 0 (0x0)
    dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
    dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    dPolicies-system: NoDispAppearancePage = 0 (0x0)
    dPolicies-system: NoDispSettingsPage = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\download.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    Trusted Zone: microsoft.com\*.windowsupdate
    Trusted Zone: microsoft.com\update
    Trusted Zone: windowsupdate.com
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{22ADE383-214F-4F53-BA88-2E5F0624CA83} : DhcpNameServer = 166.102.165.11 166.102.165.13 198.6.1.195
    TCP: Interfaces\{374A27F3-18DF-40AD-ADE8-7A4F1B470E3E} : DhcpNameServer = 192.168.1.254
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
    mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
    mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2011-12-24 77696]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1305010.002\SymDS.sys [2012-2-17 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1305010.002\SymEFA.sys [2012-2-17 905336]
    R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2011-12-24 126144]
    R0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\drivers\vsflt61.sys [2011-12-24 84544]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-17 820344]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1305010.002\ccSetx86.sys [2012-2-17 132744]
    R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2008-12-31 14464]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\ipsdefs\20120217.003\IDSvix86.sys [2012-2-17 368248]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1305010.002\Ironx86.sys [2012-2-17 149624]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1305010.002\symtdiv.sys [2012-2-17 345208]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_c3f58890\AEstSrv.exe [2009-9-4 81920]
    R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-12-24 3450832]
    R2 alssvc;Ambient Light Sensor;c:\program files\dell\ambient light sensor\AlsSvc.exe [2008-6-3 382232]
    R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2011-6-29 520216]
    R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
    R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-1-17 43912]
    R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-8-6 277792]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-6-26 812392]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-6-26 26984]
    R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2008-8-18 453712]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-17 652360]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.5.1.2\ccSvcHst.exe [2012-2-17 138248]
    R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-12-8 5241448]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2011-3-15 428384]
    R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-12-22 77312]
    R2 SSFMONM;Spy Sweeper File System Filter Driver;c:\windows\system32\drivers\ssfmonm.sys [2011-11-2 45584]
    R2 syncagentsrv;Acronis Sync Agent Service;c:\program files\common files\acronis\syncagent\syncagentsrv.exe [2011-11-10 5890144]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2011-11-2 3997912]
    R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-12-24 234752]
    R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009-6-26 12840]
    R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2009-6-26 33832]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2012-2-17 232136]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-17 106104]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-17 20464]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-9-15 6000640]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9867e308bf9df;Google Update Service (gupdate1c9867e308bf9df);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
    S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-4-19 42832]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-5-20 29736]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== File Associations ===============
    .
    JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-02-18 05:12:01 302592 ----a-w- C:\uu9igpzg.exe
    2012-02-18 05:07:51 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-18 05:07:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-18 04:09:53 -------- d-----w- c:\users\t. bruce petitt\appdata\local\CrashDumps
    2012-02-18 03:55:44 81600 ----a-w- c:\windows\system32\NicInstY.dll
    2012-02-18 03:55:44 232136 ----a-w- c:\windows\system32\drivers\e1y6032.sys
    2012-02-18 03:36:34 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-02-18 00:34:03 -------- d-----w- C:\$UPGRADE.~OS
    2012-02-17 20:22:23 8484 ----a-w- c:\users\t. bruce petitt\appdata\local\d3d9caps.tmp
    2012-02-17 20:21:04 -------- d-----w- c:\windows\system32\catroot2
    2012-02-17 17:45:39 -------- d-----w- c:\program files\Magical Jelly Bean
    2012-02-17 04:38:16 237072 ----a-w- c:\windows\system32\MpSigStub.exe
    2012-02-17 01:36:30 -------- d-----w- c:\windows\system32\CatRoot2_2012217135714
    2012-02-17 01:33:25 -------- d-----w- C:\AAATDSSKiller
    2012-02-10 02:19:54 -------- d-----w- c:\users\t. bruce petitt\appdata\local\DDMSettings
    2012-02-07 05:17:50 -------- d-----w- c:\program files\Solways Desktop Icon Layout Saver
    2012-02-04 13:25:06 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-04 05:20:24 98816 ----a-w- c:\windows\sed.exe
    2012-02-04 05:20:24 518144 ----a-w- c:\windows\SWREG.exe
    2012-02-04 05:20:24 256000 ----a-w- c:\windows\PEV.exe
    2012-02-04 05:20:24 208896 ----a-w- c:\windows\MBR.exe
    2012-01-28 00:52:31 -------- d-----w- c:\programdata\Ant.com
    2012-01-28 00:52:31 -------- d-----w- c:\program files\Ant.com
    2012-01-25 01:12:24 -------- d-----w- c:\program files\iPod
    2012-01-25 01:12:20 -------- d-----w- c:\program files\iTunes
    2012-01-25 00:43:29 9728 ----a-w- c:\windows\system32\lsass.exe
    2012-01-25 00:43:29 72704 ----a-w- c:\windows\system32\secur32.dll
    2012-01-25 00:43:29 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-25 00:43:29 377344 ----a-w- c:\windows\system32\winhttp.dll
    2012-01-25 00:43:29 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-01-25 00:43:29 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    .
    ==================== Find3M ====================
    .
    2012-02-17 17:18:53 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2011-12-29 00:06:22 1185871 ----a-w- c:\windows\system32\unins000.exe
    2011-12-24 06:37:00 234752 ----a-w- c:\windows\system32\drivers\afcdp.sys
    2011-12-24 06:36:49 766496 ----a-w- c:\windows\system32\drivers\tdrpman.sys
    2011-12-24 06:36:35 609760 ----a-w- c:\windows\system32\drivers\timntr.sys
    2011-12-24 06:35:50 126144 ----a-w- c:\windows\system32\drivers\vididr.sys
    2011-12-24 06:35:45 84544 ----a-w- c:\windows\system32\drivers\vsflt61.sys
    2011-12-24 06:35:42 170752 ----a-w- c:\windows\system32\drivers\snapman.sys
    2011-12-24 06:35:40 77696 ----a-w- c:\windows\system32\drivers\fltsrv.sys
    2011-11-28 22:36:04 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-11-28 22:36:04 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-24 02:23:47 905336 ----a-r- c:\windows\system32\drivers\nis\1305010.002\SymEFA.sys
    2011-11-24 01:50:26 574584 ----a-r- c:\windows\system32\drivers\nis\1305010.002\srtsp.sys
    2011-11-24 01:50:26 32888 ----a-r- c:\windows\system32\drivers\nis\1305010.002\srtspx.sys
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 23:42:24.24 ===============

    DDS / Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/14/2008 1:19:49 PM
    System Uptime: 2/17/2012 11:18:55 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0NY980
    Processor: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz | Microprocessor | 2535/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 231 GiB total, 85.509 GiB free.
    D: is FIXED (NTFS) - 2 GiB total, 1.098 GiB free.
    E: is CDROM ()
    G: is FIXED (NTFS) - 1863 GiB total, 434.022 GiB free.
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
    Description: Communications Port
    Device ID: ACPI\PNP0501\1
    Manufacturer: (Standard port types)
    Name: Communications Port (COM1)
    PNP Device ID: ACPI\PNP0501\1
    Service: Serial
    .
    Class GUID: {1860459d-4692-4825-b761-44a725991050}
    Description: Acronis Backup Archive Explorer
    Device ID: ROOT\ACRONISDEVICES\0002
    Manufacturer: Acronis, Inc.
    Name: Acronis Backup Archive Explorer
    PNP Device ID: ROOT\ACRONISDEVICES\0002
    Service: timounter
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Acronis*True*Image*Home 2012
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe Acrobat 9.5.0 - CPSID_83708
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Photoshop Elements 2.0
    Adobe Shockwave Player 11.5
    All Day Battery Life Configuration
    Ambient Light Sensor
    Ant.com IE add-on
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AutoBackup
    Baker Hughes MetaWin
    BioAPI Framework
    biolsp patch
    BitTorrent
    Bonjour
    Browser Address Error Redirector
    CanoScan Toolbox Ver4.1
    CCleaner
    CDex - Open Source Digital Audio CD Extractor
    Compatibility Pack for the 2007 Office system
    Convert
    DCP32MMWrapper
    Dell Client Configuration Toolkit
    Dell Control Point
    Dell ControlPoint Connection Manager
    Dell ControlPoint Security Manager
    Dell ControlPoint System Manager
    Dell ControlVault Host Components Installer
    Dell Driver Download Manager
    Dell Driver Download Manager - 1
    Dell Embassy Trust Suite by Wave Systems
    Dell Getting Started Guide
    Dell Security Device Driver Pack
    Dell Support Center (Support Software)
    Dell Touchpad
    Didger 3
    DivX Setup
    Document Manager Lite
    EDocs
    EMBASSY Security Center
    EMBASSY Security Setup
    ESC Home Page Plugin
    Feedback Tool
    ffdshow [rev 3154] [2009-12-09]
    Gemalto
    Google Chrome
    Google Earth
    Google Update Helper
    Google Updater
    Halliburton eRedbook
    Halliburton LogView Pro
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Deskjet 460 Series Toolbox
    HP Print Diagnostic Utility
    i-Handbook
    I8kfanGUI V3.1
    IDT Audio
    Intel PROSet Wireless
    Intel(R) Network Connections 16.8.46.0
    Intel(R) PRO Alerting Agent
    Intel(R) PROSet/Wireless WiFi Driver
    Intel(R) PROSet/Wireless WiFi Software
    Intel® Matrix Storage Manager
    iPhone Configuration Utility
    IrfanView (remove only)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    Logitech MouseWare 9.79.1
    Lotus 1-2-3
    Magical Jelly Bean KeyFinder
    Malwarebytes Anti-Malware version 1.60.1.1000
    Media Player Codec Pack 3.9.6
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Camera Codec Pack
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Outlook Personal Folders Backup
    Microsoft RichCopy 4.0
    Microsoft Silverlight
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    mp3Extractor
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    NCH Tone Generator
    Norton Internet Security
    NTRU TCG Software Stack
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    NVIDIA Performance Drivers
    OGA Notifier 2.0.0048.0
    OMCI
    PHDWin Models Maintenance 2.9
    PHDWin Version 2.8
    PHDWin Version 2.9
    PHOTOfunSTUDIO 6.0 HD Edition
    Plus Pack for Acronis True Image Home 2012
    PMB
    PMB Updater
    PowerDVD DX
    PowerMate 2.0.1
    Preboot Manager
    Primo
    Private Information Manager
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Runtime
    Safari
    Screen Capture Professional 1.4.1
    Seagate Manager Installer
    SeaTools for Windows
    Secure Update
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Wizards
    Sentinel System Driver
    SILKYPIX Developer Studio 3.1 SE
    SO32MMWrapper
    Solway's Desktop Icon Layout Saver 1.01
    Sonic CinePlayer Decoder Pack
    System Requirements Lab
    Trusted Drive Manager
    Ultimate Extras sounds from Microsoft® Tinker™
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    V41
    VC80CRTRedist - 8.0.50727.6195
    Virtual Earth 3D (Beta)
    Vista Shortcut Manager
    Wave Infrastructure Installer
    Wave Support Software
    WebEx
    WIDCOMM Bluetooth Software
    Winamp
    Winamp Detector Plug-in
    Windows 7 Upgrade Advisor
    Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
    Windows Essentials Media Codec Pack 3.0
    Windows Live Sign-in Assistant
    Windows Sound Schemes
    WinZip 14.5
    Xvid 1.2.2 final uninstall
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/17/2012 9:34:42 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    2/17/2012 9:33:09 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    2/17/2012 9:22:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
    2/17/2012 9:19:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    2/17/2012 9:19:22 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
    2/17/2012 9:19:22 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    2/17/2012 9:19:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    2/17/2012 9:19:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/17/2012 9:19:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    2/17/2012 9:19:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/17/2012 9:18:57 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
    2/17/2012 9:18:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/17/2012 6:54:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    2/17/2012 6:54:58 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/17/2012 6:54:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/17/2012 6:28:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Seagate Service service to connect.
    2/17/2012 2:17:18 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    2/17/2012 11:29:03 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
    2/17/2012 11:25:40 AM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
    2/17/2012 11:25:40 AM, Error: SRTSP [4] - Error loading virus definitions.
    2/17/2012 11:20:48 PM, Error: SSIDRV [4103] - NetMon failed to initialize callouts.
    2/17/2012 11:20:37 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    2/17/2012 11:20:37 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    2/17/2012 11:20:37 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    2/17/2012 11:20:36 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
    2/17/2012 11:18:25 PM, Error: SSIDRV [4104] - NetMon is in invalid state.
    2/17/2012 11:18:12 PM, Error: Service Control Manager [7034] - The Dell ControlPoint System Manager service terminated unexpectedly. It has done this 1 time(s).
    2/17/2012 11:06:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    2/17/2012 10:55:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/17/2012 10:19:14 PM, Error: Service Control Manager [7022] - The TdmService service hung on starting.
    2/16/2012 9:59:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    2/16/2012 9:58:48 PM, Error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
    2/16/2012 9:57:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    2/16/2012 9:57:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    2/16/2012 7:01:10 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    2/16/2012 11:45:14 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    2/16/2012 11:06:19 PM, Error: Microsoft Antimalware [3002] -
    2/16/2012 11:06:01 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    2/16/2012 10:58:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6
    2/16/2012 10:17:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    2/16/2012 10:16:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl
    2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    2/15/2012 7:24:18 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WRSVC service, but this action failed with the following error: An instance of the service is already running.
    2/15/2012 7:24:09 PM, Error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    2/11/2012 3:24:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ambient Light Sensor service to connect.
    2/11/2012 10:01:25 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL spldr Wanarpv6
    2/10/2012 11:16:16 PM, Error: EventLog [6008] - The previous system shutdown at 11:05:18 PM on 2/10/2012 was unexpected.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ====================================================================

    Download BTKR_RunBox to your desktop.

    Double click on downloaded BTKR_RunBox.exe file.
    Small RunBox DOS window will open.
    Press any key to continue.
    Press "1" to select "Run a scan with Bootkit Remover" option.
    Press "Enter".
    Press "Enter" one more time to generate log.
    Click OK, IF any "Warning" message pops up.
    Notepad will open with Bootkit Remover log.
    Copy the content and post it in your next reply.
    In RunBox press "4" then Enter to exit it.

    NOTE. In case you lost the log it's also located on your desktop as "scan.txt"
     
  3. GSBruce

    GSBruce TS Rookie Topic Starter

    Thanks, Broni, for helping me. Please note that I have replaced my name with the characters "XXXX". The logs:

    aswMBR

    aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-18 15:44:29
    -----------------------------
    15:44:29.478 OS Version: Windows 6.0.6002 Service Pack 2
    15:44:29.478 Number of processors: 2 586 0x1706
    15:44:29.478 ComputerName: XXXX UserName:
    15:44:30.741 Initialize success
    15:45:25.031 AVAST engine defs: 12021801
    15:45:36.685 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    15:45:36.685 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 8
    15:45:36.716 Disk 0 MBR read successfully
    15:45:36.716 Disk 0 MBR scan
    15:45:36.716 Disk 0 Windows VISTA default MBR code
    15:45:36.716 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
    15:45:36.747 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 2048 MB offset 208896
    15:45:36.763 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 236324 MB offset 4403200
    15:45:36.778 Disk 0 scanning sectors +488394752
    15:45:36.856 Disk 0 scanning C:\Windows\system32\drivers
    15:45:54.859 Service scanning
    15:46:33.640 Modules scanning
    15:47:08.101 Disk 0 trace - called modules:
    15:47:08.132 ntkrnlpa.exe fltsrv.sys hal.dll tdrpman.sys CLASSPNP.SYS disk.sys vsflt61.sys iastor.sys
    15:47:08.132 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88217030]
    15:47:08.132 3 CLASSPNP.SYS[8cda48b3] -> nt!IofCallDriver -> [0x87f943a8]
    15:47:08.132 5 vsflt61.sys[8070ff9b] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86915028]
    15:47:12.266 AVAST engine scan C:\Windows
    15:47:18.677 AVAST engine scan C:\Windows\system32
    15:52:49.039 AVAST engine scan C:\Windows\system32\drivers
    15:53:15.746 AVAST engine scan C:\Users\XXXX
    15:59:10.981 Disk 0 MBR has been saved successfully to "C:\Users\XXXX\Desktop\MBR.dat"
    15:59:10.996 The log file has been saved successfully to "C:\Users\XXXX\Desktop\aswMBR.txt"

    BTKR_RunBox

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com
    Program version: 1.2.0.0
    OS Version: Microsoft Windows Vista Ultimate Edition Service Pack 2 (build 6002), 32-bit
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`86600000
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

    Done;
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. GSBruce

    GSBruce TS Rookie Topic Starter

    I followed the instructions above, here is what happened as I remember it:

    - ComboFix ran in normal mode.
    - It rebooted the computer
    - Upon restart, ComboFix generated ComboFix.txt. I opened it and tried to save it to the desktop, the "save to box" had limited functionality. The suddenly ComboFix uninstalled and all of C:\ComboFix and it's contents were deleted and the Notebook window I had ComboFix.txt open in closed. I had managed to enter "select all" and copy the ComboFix.txt contents and then opened Notebook and managed only to save the ComboFix.txt contents as "untitled.txt", I don't know in what directory. Also, upon startup while the above went on, Norton Internet Security had opened and then showed a red flag saying "AutoProtect is processing security risk Trojan.ADH.2.", then ultimately changed to saying "AutoProtect has removed security risk Trojan.ADH.2". The the desktop changed to solid white and stayed like that for some time, so I did a hard shutdown of the computer. When I try to start the computer now, in normal or safe mode,I only get as far as the mouse pointer on a solid black background, not even to the password-enter screen.

    Thus I am unable to produce the ComboFix.txt contents for you (I am writing this on my MacBook).
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Combofix should have created fresh restore point.
    Did you try "Last known good configuration"?
     
  7. GSBruce

    GSBruce TS Rookie Topic Starter

    I only tried normal and safe starts until you suggested "Last known good configuration", which only resulted in the black screen with mouse cursor.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  9. GSBruce

    GSBruce TS Rookie Topic Starter

    I'll have to go to my office and get my work laptop to create this disk (I'm writing from my MacBook Air which has no disk drive). I was wanting to get out of the house anyway. I will have the results of this effort posted in several hours.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    No problem :)
     
  11. GSBruce

    GSBruce TS Rookie Topic Starter

    Here is the OTL.txt content:

    OTL logfile created on: 2/19/2012 2:45:56 AM - Run
    OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
    Windows (TM) Code Name "Longhorn" Preinstallation Environment (Version = 6.0.6001.18000.6001) - Type = System
    Internet Explorer (Version = )
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 94.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 2.00 Gb Total Space | 1.10 Gb Free Space | 55.06% Space Free | Partition Type: NTFS
    Drive D: | 230.79 Gb Total Space | 84.29 Gb Free Space | 36.52% Space Free | Partition Type: NTFS
    Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - [2008/01/19 02:36:18 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sacsvr.dll -- (sacsvr)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (BTHMODEM)
    DRV - [2008/01/19 02:42:45 | 000,088,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\sacdrv.sys -- (sacdrv)
    DRV - [2008/01/19 00:50:28 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ramdisk.sys -- (Ramdisk)
    DRV - [2008/01/19 00:32:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fbwf.sys -- (FBWF)
    DRV - [2008/01/19 00:32:09 | 000,052,224 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\wimfsf.sys -- (WimFsf)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========








    O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O4 - Startup: Error locating startup folders.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableMIC = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIPI = 0
    O13 - ftp Prefix: missing
    O13 - gopher Prefix: missing
    O13 - home Prefix: missing
    O13 - mosaic Prefix: missing
    O13 - www Prefix: missing
    O20 - HKLM Winlogon: Shell - (cmd.exe) - C:\Windows\System32\cmd.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (/k start cmd.exe) - File not found
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - File not found - -- [ CDFS ]
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/18 00:32:38 | 000,000,000 | ---D | C] -- C:\Boot

    ========== Files - Modified Within 30 Days ==========

    [2012/02/17 23:10:28 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/02/17 19:40:46 | 000,000,002 | ---- | M] () -- C:\$UpgDrv$

    ========== Files Created - No Company Name ==========

    [2012/02/17 20:28:37 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
    [2012/02/17 20:26:54 | 000,333,257 | RHS- | C] () -- C:\bootmgr
    [2012/02/17 19:40:46 | 000,000,002 | ---- | C] () -- C:\$UpgDrv$
    [2011/07/17 13:48:30 | 000,001,052 | R--- | C] () -- \reatogoMenu.ini
    [2011/07/17 13:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP.SP2
    [2011/07/17 13:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP
    [2008/12/14 22:56:15 | 000,060,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2008/02/05 08:27:10 | 000,000,053 | ---- | C] () -- C:\Windows\System32\winpeshl.ini
    [2008/01/19 03:47:14 | 000,004,444 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2008/01/19 03:47:14 | 000,001,536 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2008/01/19 01:52:16 | 000,077,824 | ---- | C] () -- C:\Windows\System32\schema.dat
    [2008/01/18 22:48:22 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
    [2008/01/03 13:57:53 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/03/24 06:06:41 | 000,000,053 | R--- | C] () -- \AUTORUN.INF
    [2005/07/16 16:36:50 | 000,240,128 | R--- | C] () -- \reatogoMenu.exe

    ========== LOP Check ==========

    [2011/07/17 13:50:33 | 000,000,000 | R--D | M] -- \I386
    [2011/07/17 13:43:48 | 000,000,000 | R--D | M] -- \PROGRAMS
    [2011/07/17 13:49:08 | 000,000,000 | R--D | M] -- \SFX

    ========== Purity Check ==========


    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    It looks very strange.

    If you have Vista/7 DVD...

    start with step 2

    If you don't have Vista/7 DVD...

    1. Create Vista/7 Recovery Disc.

    Option 1 :
    Vista: http://www.vistax64.com/tutorials/141820-create-recovery-disc.html (Option Two)
    Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

    Option 2:
    Download Vista Recovery Disc iso image: http://www.mediafire.com/?vmujazrmmog
    Download Windows 7 Recovery Disc iso image: http://digiex.net/downloads/downloa.../2659-windows-7-32-bit-x86-recovery-disc.html
    Burn it to DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

    2. Boot from created disk. You may need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

    Vista users. At first screen click on Repair your computer:
    [​IMG]

    Windows 7 users. At first screen click on Install now:
    [​IMG]
    Select your language and click next:
    [​IMG]
    Click the button for "Use recovery tools":
    [​IMG]

    The following applies to both, Vista and Windows 7 users.

    This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
    [​IMG]
    After this, it will present you with a list of options including startup repair, system restore and command prompt:
    [​IMG]
    Select Command Prompt

    Type in:
    bootrec /fixmbr (<--- there is a "space" after "bootrec")
    and then press Enter

    Type in:
    bootrec /fixboot (<--- there is a "space" after "bootrec")
    and then press Enter

    Once completed then type Exit, press Enter and restart computer.
     
  13. GSBruce

    GSBruce TS Rookie Topic Starter

    I went through the Windows Recovery Disk process (for Vista) as detailed in your last post and the results:

    - attempt to start in normal mode: still black screen w/ cursor
    - attempt to start in safe mode w/ cursor: still black screen w/ cursor

    I was looking around and noticed some fixes involve physically removing the infected drive, connecting it to another (clean) computer with a USB adapter (and I have one of these adapters), then running anti-virus software on the infected drive. I can do this if you want to, but it would have to carry zero risk of infecting the clean computer (my work computer). Just a thought ...
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

  15. GSBruce

    GSBruce TS Rookie Topic Starter

    I can't take any risk with the work computer, so I will buy a new hard drive and go with a fresh installation of Windows 7 64-bit. I have all my data, media, etc. backed up on an external drive; hopefully I won't get reinfected copying that data to the new hard drive.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Very well then.
    Good luck!
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...