Inactive Rogue aftermath, Windows Update disabled

GSBruce

Posts: 8   +0
I have had a few infections with rogue viruses (I think) over the last couple of months. I tried some of the remedies you see around on the internet and seemed to be able to clear the viruses and straighten out their damage until this latest one. The only problem I now detect personally (ie. there could be/probably are more than this) is that Windows Update will not work (error 80096001) and none of Microsofts Fixits, etc. will cure that problem. I was using Webroot SecureAnyWhere but it seemed unable to deal with this sort of virus and I found Webroot support to be unacceptably slow to respond, so this morning I uninstalled Webroot AnyWhere and installed Norton Internet Security. The Norton seemed to install OK and found 15 viruses that Webroot did not. The Windows Update problem did not go away. Also, System Restore will not complete any restorations. I also tried to install Windows 7 Ultimate over Vista, it did not install. Any help would be much appreciated. Anyway, my log files:

MBAM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.18.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
XXXX [administrator]

Protection: Disabled

2/17/2012 11:24:47 PM
mbam-log-2012-02-17 (23-24-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221168
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-17 23:38:37
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0
Running: uu9igpzg.exe; Driver: C:\Users\T4158~1.BRU\AppData\Local\Temp\pwlyypod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpman.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

DDS / DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by XXXX at 23:41:12 on 2012-02-17
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3571.1699 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\aestsrv.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\19.5.1.2\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Engine\19.5.1.2\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\NILaunch.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://apod.nasa.gov/apod/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1081215
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Ant.com browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\download.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.5.1.2\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.5.1.2\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Ant.com Video Downloader toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\anttoolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.5.1.2\coIEPlg.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Google Update] "c:\users\t. bruce petitt\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [PowerMate] "c:\program files\griffin technology\powermate\PowerMate.exe"
uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup
mRun: [Apoint] "c:\program files\delltpad\Apoint.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [ChangeTPMAuth] "c:\program files\wave systems corp\common\ChangeTPMAuth.exe" /T:NTRU12
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Net-It Launcher] "c:\windows\system32\NILaunch.exe"
mRun: [Logitech Utility] "Logi_MwX.Exe"
mRun: [WavXMgr] "c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe"
mRun: [SecureUpgrade] "c:\program files\wave systems corp\SecureUpgrade.exe"
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [USCService] "c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe"
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SysTrayApp] "c:\program files\idt\wdm\sttray.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [PMBVolumeWatcher] "c:\program files\sony\pmb\PMBVolumeWatcher.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [nwiz] "nwiz.exe" /installquiet
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] "rundll32.exe" c:\windows\system32\nvHotkey.dll,Start
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\t4158~1.bru\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoba~1.lnk - c:\program files\seagate\autobackup\MemeoLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\common files\panasonic\photofunstudio autostart\AutoStartupService.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\download.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{22ADE383-214F-4F53-BA88-2E5F0624CA83} : DhcpNameServer = 166.102.165.11 166.102.165.13 198.6.1.195
TCP: Interfaces\{374A27F3-18DF-40AD-ADE8-7A4F1B470E3E} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2011-12-24 77696]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1305010.002\SymDS.sys [2012-2-17 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1305010.002\SymEFA.sys [2012-2-17 905336]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2011-12-24 126144]
R0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\drivers\vsflt61.sys [2011-12-24 84544]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-17 820344]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1305010.002\ccSetx86.sys [2012-2-17 132744]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2008-12-31 14464]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\ipsdefs\20120217.003\IDSvix86.sys [2012-2-17 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1305010.002\Ironx86.sys [2012-2-17 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1305010.002\symtdiv.sys [2012-2-17 345208]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_c3f58890\AEstSrv.exe [2009-9-4 81920]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-12-24 3450832]
R2 alssvc;Ambient Light Sensor;c:\program files\dell\ambient light sensor\AlsSvc.exe [2008-6-3 382232]
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2011-6-29 520216]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-1-17 43912]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-8-6 277792]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-6-26 812392]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-6-26 26984]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2008-8-18 453712]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-17 652360]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.5.1.2\ccSvcHst.exe [2012-2-17 138248]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-12-8 5241448]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2011-3-15 428384]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-12-22 77312]
R2 SSFMONM;Spy Sweeper File System Filter Driver;c:\windows\system32\drivers\ssfmonm.sys [2011-11-2 45584]
R2 syncagentsrv;Acronis Sync Agent Service;c:\program files\common files\acronis\syncagent\syncagentsrv.exe [2011-11-10 5890144]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2011-11-2 3997912]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-12-24 234752]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009-6-26 12840]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2009-6-26 33832]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2012-2-17 232136]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-17 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-17 20464]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-9-15 6000640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9867e308bf9df;Google Update Service (gupdate1c9867e308bf9df);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-4-19 42832]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-5-20 29736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
=============== Created Last 30 ================
.
2012-02-18 05:12:01 302592 ----a-w- C:\uu9igpzg.exe
2012-02-18 05:07:51 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-18 05:07:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-18 04:09:53 -------- d-----w- c:\users\t. bruce petitt\appdata\local\CrashDumps
2012-02-18 03:55:44 81600 ----a-w- c:\windows\system32\NicInstY.dll
2012-02-18 03:55:44 232136 ----a-w- c:\windows\system32\drivers\e1y6032.sys
2012-02-18 03:36:34 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-18 00:34:03 -------- d-----w- C:\$UPGRADE.~OS
2012-02-17 20:22:23 8484 ----a-w- c:\users\t. bruce petitt\appdata\local\d3d9caps.tmp
2012-02-17 20:21:04 -------- d-----w- c:\windows\system32\catroot2
2012-02-17 17:45:39 -------- d-----w- c:\program files\Magical Jelly Bean
2012-02-17 04:38:16 237072 ----a-w- c:\windows\system32\MpSigStub.exe
2012-02-17 01:36:30 -------- d-----w- c:\windows\system32\CatRoot2_2012217135714
2012-02-17 01:33:25 -------- d-----w- C:\AAATDSSKiller
2012-02-10 02:19:54 -------- d-----w- c:\users\t. bruce petitt\appdata\local\DDMSettings
2012-02-07 05:17:50 -------- d-----w- c:\program files\Solways Desktop Icon Layout Saver
2012-02-04 13:25:06 -------- d-----w- c:\programdata\Malwarebytes
2012-02-04 05:20:24 98816 ----a-w- c:\windows\sed.exe
2012-02-04 05:20:24 518144 ----a-w- c:\windows\SWREG.exe
2012-02-04 05:20:24 256000 ----a-w- c:\windows\PEV.exe
2012-02-04 05:20:24 208896 ----a-w- c:\windows\MBR.exe
2012-01-28 00:52:31 -------- d-----w- c:\programdata\Ant.com
2012-01-28 00:52:31 -------- d-----w- c:\program files\Ant.com
2012-01-25 01:12:24 -------- d-----w- c:\program files\iPod
2012-01-25 01:12:20 -------- d-----w- c:\program files\iTunes
2012-01-25 00:43:29 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-25 00:43:29 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-25 00:43:29 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-25 00:43:29 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-25 00:43:29 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-25 00:43:29 1259008 ----a-w- c:\windows\system32\lsasrv.dll
.
==================== Find3M ====================
.
2012-02-17 17:18:53 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-29 00:06:22 1185871 ----a-w- c:\windows\system32\unins000.exe
2011-12-24 06:37:00 234752 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-12-24 06:36:49 766496 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2011-12-24 06:36:35 609760 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-12-24 06:35:50 126144 ----a-w- c:\windows\system32\drivers\vididr.sys
2011-12-24 06:35:45 84544 ----a-w- c:\windows\system32\drivers\vsflt61.sys
2011-12-24 06:35:42 170752 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-12-24 06:35:40 77696 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2011-11-28 22:36:04 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-28 22:36:04 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-24 02:23:47 905336 ----a-r- c:\windows\system32\drivers\nis\1305010.002\SymEFA.sys
2011-11-24 01:50:26 574584 ----a-r- c:\windows\system32\drivers\nis\1305010.002\srtsp.sys
2011-11-24 01:50:26 32888 ----a-r- c:\windows\system32\drivers\nis\1305010.002\srtspx.sys
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 23:42:24.24 ===============

DDS / Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 12/14/2008 1:19:49 PM
System Uptime: 2/17/2012 11:18:55 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0NY980
Processor: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz | Microprocessor | 2535/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 231 GiB total, 85.509 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 1.098 GiB free.
E: is CDROM ()
G: is FIXED (NTFS) - 1863 GiB total, 434.022 GiB free.
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
Description: Communications Port
Device ID: ACPI\PNP0501\1
Manufacturer: (Standard port types)
Name: Communications Port (COM1)
PNP Device ID: ACPI\PNP0501\1
Service: Serial
.
Class GUID: {1860459d-4692-4825-b761-44a725991050}
Description: Acronis Backup Archive Explorer
Device ID: ROOT\ACRONISDEVICES\0002
Manufacturer: Acronis, Inc.
Name: Acronis Backup Archive Explorer
PNP Device ID: ROOT\ACRONISDEVICES\0002
Service: timounter
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acronis*True*Image*Home 2012
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.0 - CPSID_83708
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 2.0
Adobe Shockwave Player 11.5
All Day Battery Life Configuration
Ambient Light Sensor
Ant.com IE add-on
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoBackup
Baker Hughes MetaWin
BioAPI Framework
biolsp patch
BitTorrent
Bonjour
Browser Address Error Redirector
CanoScan Toolbox Ver4.1
CCleaner
CDex - Open Source Digital Audio CD Extractor
Compatibility Pack for the 2007 Office system
Convert
DCP32MMWrapper
Dell Client Configuration Toolkit
Dell Control Point
Dell ControlPoint Connection Manager
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell ControlVault Host Components Installer
Dell Driver Download Manager
Dell Driver Download Manager - 1
Dell Embassy Trust Suite by Wave Systems
Dell Getting Started Guide
Dell Security Device Driver Pack
Dell Support Center (Support Software)
Dell Touchpad
Didger 3
DivX Setup
Document Manager Lite
EDocs
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
Feedback Tool
ffdshow [rev 3154] [2009-12-09]
Gemalto
Google Chrome
Google Earth
Google Update Helper
Google Updater
Halliburton eRedbook
Halliburton LogView Pro
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 460 Series Toolbox
HP Print Diagnostic Utility
i-Handbook
I8kfanGUI V3.1
IDT Audio
Intel PROSet Wireless
Intel(R) Network Connections 16.8.46.0
Intel(R) PRO Alerting Agent
Intel(R) PROSet/Wireless WiFi Driver
Intel(R) PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
iPhone Configuration Utility
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Logitech MouseWare 9.79.1
Lotus 1-2-3
Magical Jelly Bean KeyFinder
Malwarebytes Anti-Malware version 1.60.1.1000
Media Player Codec Pack 3.9.6
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Camera Codec Pack
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Outlook Personal Folders Backup
Microsoft RichCopy 4.0
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
mp3Extractor
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
NCH Tone Generator
Norton Internet Security
NTRU TCG Software Stack
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA Performance Drivers
OGA Notifier 2.0.0048.0
OMCI
PHDWin Models Maintenance 2.9
PHDWin Version 2.8
PHDWin Version 2.9
PHOTOfunSTUDIO 6.0 HD Edition
Plus Pack for Acronis True Image Home 2012
PMB
PMB Updater
PowerDVD DX
PowerMate 2.0.1
Preboot Manager
Primo
Private Information Manager
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Runtime
Safari
Screen Capture Professional 1.4.1
Seagate Manager Installer
SeaTools for Windows
Secure Update
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Wizards
Sentinel System Driver
SILKYPIX Developer Studio 3.1 SE
SO32MMWrapper
Solway's Desktop Icon Layout Saver 1.01
Sonic CinePlayer Decoder Pack
System Requirements Lab
Trusted Drive Manager
Ultimate Extras sounds from Microsoft® Tinker™
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
V41
VC80CRTRedist - 8.0.50727.6195
Virtual Earth 3D (Beta)
Vista Shortcut Manager
Wave Infrastructure Installer
Wave Support Software
WebEx
WIDCOMM Bluetooth Software
Winamp
Winamp Detector Plug-in
Windows 7 Upgrade Advisor
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Essentials Media Codec Pack 3.0
Windows Live Sign-in Assistant
Windows Sound Schemes
WinZip 14.5
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
2/17/2012 9:34:42 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/17/2012 9:33:09 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
2/17/2012 9:22:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
2/17/2012 9:19:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
2/17/2012 9:19:22 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
2/17/2012 9:19:22 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/17/2012 9:19:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
2/17/2012 9:19:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/17/2012 9:19:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
2/17/2012 9:19:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/17/2012 9:18:57 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
2/17/2012 9:18:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/17/2012 6:54:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
2/17/2012 6:54:58 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/17/2012 6:54:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/17/2012 6:28:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Seagate Service service to connect.
2/17/2012 2:17:18 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/17/2012 11:29:03 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
2/17/2012 11:25:40 AM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
2/17/2012 11:25:40 AM, Error: SRTSP [4] - Error loading virus definitions.
2/17/2012 11:20:48 PM, Error: SSIDRV [4103] - NetMon failed to initialize callouts.
2/17/2012 11:20:37 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
2/17/2012 11:20:37 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
2/17/2012 11:20:37 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
2/17/2012 11:20:36 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
2/17/2012 11:18:25 PM, Error: SSIDRV [4104] - NetMon is in invalid state.
2/17/2012 11:18:12 PM, Error: Service Control Manager [7034] - The Dell ControlPoint System Manager service terminated unexpectedly. It has done this 1 time(s).
2/17/2012 11:06:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
2/17/2012 10:55:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/17/2012 10:19:14 PM, Error: Service Control Manager [7022] - The TdmService service hung on starting.
2/16/2012 9:59:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
2/16/2012 9:58:48 PM, Error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
2/16/2012 9:57:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/16/2012 9:57:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/16/2012 7:01:10 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
2/16/2012 11:45:14 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/16/2012 11:06:19 PM, Error: Microsoft Antimalware [3002] -
2/16/2012 11:06:01 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
2/16/2012 10:58:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6
2/16/2012 10:17:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/16/2012 10:16:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl
2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/16/2012 10:16:47 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/15/2012 7:24:18 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WRSVC service, but this action failed with the following error: An instance of the service is already running.
2/15/2012 7:24:09 PM, Error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
2/11/2012 3:24:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ambient Light Sensor service to connect.
2/11/2012 10:01:25 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL spldr Wanarpv6
2/10/2012 11:16:16 PM, Error: EventLog [6008] - The previous system shutdown at 11:05:18 PM on 2/10/2012 was unexpected.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

====================================================================

Download BTKR_RunBox to your desktop.

Double click on downloaded BTKR_RunBox.exe file.
Small RunBox DOS window will open.
Press any key to continue.
Press "1" to select "Run a scan with Bootkit Remover" option.
Press "Enter".
Press "Enter" one more time to generate log.
Click OK, IF any "Warning" message pops up.
Notepad will open with Bootkit Remover log.
Copy the content and post it in your next reply.
In RunBox press "4" then Enter to exit it.

NOTE. In case you lost the log it's also located on your desktop as "scan.txt"
 
Thanks, Broni, for helping me. Please note that I have replaced my name with the characters "XXXX". The logs:

aswMBR

aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-18 15:44:29
-----------------------------
15:44:29.478 OS Version: Windows 6.0.6002 Service Pack 2
15:44:29.478 Number of processors: 2 586 0x1706
15:44:29.478 ComputerName: XXXX UserName:
15:44:30.741 Initialize success
15:45:25.031 AVAST engine defs: 12021801
15:45:36.685 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:45:36.685 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 8
15:45:36.716 Disk 0 MBR read successfully
15:45:36.716 Disk 0 MBR scan
15:45:36.716 Disk 0 Windows VISTA default MBR code
15:45:36.716 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
15:45:36.747 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 2048 MB offset 208896
15:45:36.763 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 236324 MB offset 4403200
15:45:36.778 Disk 0 scanning sectors +488394752
15:45:36.856 Disk 0 scanning C:\Windows\system32\drivers
15:45:54.859 Service scanning
15:46:33.640 Modules scanning
15:47:08.101 Disk 0 trace - called modules:
15:47:08.132 ntkrnlpa.exe fltsrv.sys hal.dll tdrpman.sys CLASSPNP.SYS disk.sys vsflt61.sys iastor.sys
15:47:08.132 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88217030]
15:47:08.132 3 CLASSPNP.SYS[8cda48b3] -> nt!IofCallDriver -> [0x87f943a8]
15:47:08.132 5 vsflt61.sys[8070ff9b] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86915028]
15:47:12.266 AVAST engine scan C:\Windows
15:47:18.677 AVAST engine scan C:\Windows\system32
15:52:49.039 AVAST engine scan C:\Windows\system32\drivers
15:53:15.746 AVAST engine scan C:\Users\XXXX
15:59:10.981 Disk 0 MBR has been saved successfully to "C:\Users\XXXX\Desktop\MBR.dat"
15:59:10.996 The log file has been saved successfully to "C:\Users\XXXX\Desktop\aswMBR.txt"

BTKR_RunBox

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com
Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Ultimate Edition Service Pack 2 (build 6002), 32-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`86600000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
I followed the instructions above, here is what happened as I remember it:

- ComboFix ran in normal mode.
- It rebooted the computer
- Upon restart, ComboFix generated ComboFix.txt. I opened it and tried to save it to the desktop, the "save to box" had limited functionality. The suddenly ComboFix uninstalled and all of C:\ComboFix and it's contents were deleted and the Notebook window I had ComboFix.txt open in closed. I had managed to enter "select all" and copy the ComboFix.txt contents and then opened Notebook and managed only to save the ComboFix.txt contents as "untitled.txt", I don't know in what directory. Also, upon startup while the above went on, Norton Internet Security had opened and then showed a red flag saying "AutoProtect is processing security risk Trojan.ADH.2.", then ultimately changed to saying "AutoProtect has removed security risk Trojan.ADH.2". The the desktop changed to solid white and stayed like that for some time, so I did a hard shutdown of the computer. When I try to start the computer now, in normal or safe mode,I only get as far as the mouse pointer on a solid black background, not even to the password-enter screen.

Thus I am unable to produce the ComboFix.txt contents for you (I am writing this on my MacBook).
 
Combofix should have created fresh restore point.
Did you try "Last known good configuration"?
 
I only tried normal and safe starts until you suggested "Last known good configuration", which only resulted in the black screen with mouse cursor.
 
Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
I'll have to go to my office and get my work laptop to create this disk (I'm writing from my MacBook Air which has no disk drive). I was wanting to get out of the house anyway. I will have the results of this effort posted in several hours.
 
Here is the OTL.txt content:

OTL logfile created on: 2/19/2012 2:45:56 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows (TM) Code Name "Longhorn" Preinstallation Environment (Version = 6.0.6001.18000.6001) - Type = System
Internet Explorer (Version = )
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 94.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 2.00 Gb Total Space | 1.10 Gb Free Space | 55.06% Space Free | Partition Type: NTFS
Drive D: | 230.79 Gb Total Space | 84.29 Gb Free Space | 36.52% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2008/01/19 02:36:18 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sacsvr.dll -- (sacsvr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (BTHMODEM)
DRV - [2008/01/19 02:42:45 | 000,088,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\sacdrv.sys -- (sacdrv)
DRV - [2008/01/19 00:50:28 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ramdisk.sys -- (Ramdisk)
DRV - [2008/01/19 00:32:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fbwf.sys -- (FBWF)
DRV - [2008/01/19 00:32:09 | 000,052,224 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\wimfsf.sys -- (WimFsf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========








O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableMIC = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIPI = 0
O13 - ftp Prefix: missing
O13 - gopher Prefix: missing
O13 - home Prefix: missing
O13 - mosaic Prefix: missing
O13 - www Prefix: missing
O20 - HKLM Winlogon: Shell - (cmd.exe) - C:\Windows\System32\cmd.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (/k start cmd.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - File not found - -- [ CDFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/18 00:32:38 | 000,000,000 | ---D | C] -- C:\Boot

========== Files - Modified Within 30 Days ==========

[2012/02/17 23:10:28 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/02/17 19:40:46 | 000,000,002 | ---- | M] () -- C:\$UpgDrv$

========== Files Created - No Company Name ==========

[2012/02/17 20:28:37 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012/02/17 20:26:54 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2012/02/17 19:40:46 | 000,000,002 | ---- | C] () -- C:\$UpgDrv$
[2011/07/17 13:48:30 | 000,001,052 | R--- | C] () -- \reatogoMenu.ini
[2011/07/17 13:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP.SP2
[2011/07/17 13:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP
[2008/12/14 22:56:15 | 000,060,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2008/02/05 08:27:10 | 000,000,053 | ---- | C] () -- C:\Windows\System32\winpeshl.ini
[2008/01/19 03:47:14 | 000,004,444 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2008/01/19 03:47:14 | 000,001,536 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2008/01/19 01:52:16 | 000,077,824 | ---- | C] () -- C:\Windows\System32\schema.dat
[2008/01/18 22:48:22 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/01/03 13:57:53 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/24 06:06:41 | 000,000,053 | R--- | C] () -- \AUTORUN.INF
[2005/07/16 16:36:50 | 000,240,128 | R--- | C] () -- \reatogoMenu.exe

========== LOP Check ==========

[2011/07/17 13:50:33 | 000,000,000 | R--D | M] -- \I386
[2011/07/17 13:43:48 | 000,000,000 | R--D | M] -- \PROGRAMS
[2011/07/17 13:49:08 | 000,000,000 | R--D | M] -- \SFX

========== Purity Check ==========


< End of report >
 
It looks very strange.

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.vistax64.com/tutorials/141820-create-recovery-disc.html (Option Two)
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://www.mediafire.com/?vmujazrmmog
Download Windows 7 Recovery Disc iso image: http://digiex.net/downloads/downloa.../2659-windows-7-32-bit-x86-recovery-disc.html
Burn it to DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk. You may need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

Vista users. At first screen click on Repair your computer:
setup-option.jpg


Windows 7 users. At first screen click on Install now:
25672d1251414873-mbr-restore-windows-7-master-boot-record-mbr_02.png

Select your language and click next:
25673d1251414836-mbr-restore-windows-7-master-boot-record-mbr_03.png

Click the button for "Use recovery tools":
25674d1251414836-mbr-restore-windows-7-master-boot-record-mbr_04.png


The following applies to both, Vista and Windows 7 users.

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
system-recovery-options.jpg

After this, it will present you with a list of options including startup repair, system restore and command prompt:
systemrecovery.jpg

Select Command Prompt

Type in:
bootrec /fixmbr (<--- there is a "space" after "bootrec")
and then press Enter

Type in:
bootrec /fixboot (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.
 
I went through the Windows Recovery Disk process (for Vista) as detailed in your last post and the results:

- attempt to start in normal mode: still black screen w/ cursor
- attempt to start in safe mode w/ cursor: still black screen w/ cursor

I was looking around and noticed some fixes involve physically removing the infected drive, connecting it to another (clean) computer with a USB adapter (and I have one of these adapters), then running anti-virus software on the infected drive. I can do this if you want to, but it would have to carry zero risk of infecting the clean computer (my work computer). Just a thought ...
 
I can't take any risk with the work computer, so I will buy a new hard drive and go with a fresh installation of Windows 7 64-bit. I have all my data, media, etc. backed up on an external drive; hopefully I won't get reinfected copying that data to the new hard drive.
 
Back