Inactive Computer Problem won't let me check for Malware or Virus Removal

[Inactive] Computer Problem won't let me check for Malware or Virus Removal

Hi,
I posted a question in the Windows Vista Forum and they referred me to your section.

I have read and downloaded the posting and have done what was required until I got to the GMER download. I have tried to run this program several times and it just goes on forever (about 16 hours). I finally copied what I had and will post it below but I never did finish scanning it so I am afraid to go to the next step (aswMRB.exe).

I tried running the program in Safe Mode but it said it would not allow this to be run in safemode.

Please tell me the next best thing to get this computer back to normal. I must quit now before it crashes again.

Thank you.

Jean

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-16 13:45:31
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000032 NVIDIA__ rev.
Running: uwulzvhi.exe; Driver: C:\Users\Jean\AppData\Local\Temp\kwtdypod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x8C7B5080]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8C7B5BDE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x8C7B5DD6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8C7B95AC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8C7B95DE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x8C7B9740]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8C7B5CF6]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x957FBF3C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x8C7B53EA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x8C7B551C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8C7B96B6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8C7B9620]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8C7B9652]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x8C7B9684]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x8C7B5026]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x8C7B5E7C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x8C7B9544]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x8C7B4FC0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x957FBFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x957FC080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x957FC11C]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ZwCreateThreadEx [0x92E4E640]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 381 8447D978 4 Bytes [80, 50, 7B, 8C] {ADC BYTE [EAX+0x7b], 0x8c}
.text ntoskrnl.exe!KeInsertQueue + 3C9 8447D9C0 4 Bytes [DE, 5B, 7B, 8C]
.text ntoskrnl.exe!KeInsertQueue + 4C1 8447DAB8 8 Bytes [D6, 5D, 7B, 8C, AC, 95, 7B, ...] {SALC ; POP EBP; JNP 0xffffffffffffff90; LODSB ; XCHG EBP, EAX; JNP 0xffffffffffffff94}
.text ntoskrnl.exe!KeInsertQueue + 4D1 8447DAC8 4 Bytes [DE, 95, 7B, 8C]
.text ntoskrnl.exe!KeInsertQueue + 571 8447DB68 4 Bytes [40, 97, 7B, 8C] {INC EAX; XCHG EDI, EAX; JNP 0xffffffffffffff90}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1392] ntdll.dll!KiUserApcDispatcher 77245B78 5 Bytes JMP 00414D50 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1392] kernel32.dll!LoadLibraryExW + 173 759393EF 4 Bytes JMP 71AA000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1392] WS2_32.dll!getaddrinfo 758E418A 5 Bytes JMP 71A40022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1392] WS2_32.dll!gethostbyname 758F62D4 5 Bytes JMP 71AD0022
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!WriteFile 7595ABE1 5 Bytes JMP 007E000C
.text C:\Windows\system32\svchost.exe[1560] USER32.dll!WindowFromPoint 759F884F 5 Bytes JMP 009F000A
.text C:\Windows\system32\svchost.exe[1560] USER32.dll!GetForegroundWindow 75A032C4 5 Bytes JMP 00A0000A
.text C:\Windows\system32\svchost.exe[1560] USER32.dll!GetCursorPos 75A10B88 5 Bytes JMP 009E000A
.text C:\Windows\system32\svchost.exe[1560] ole32.dll!CoCreateInstance 76609F3E 5 Bytes JMP 009C000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3992] ntdll.dll!KiUserApcDispatcher 77245B78 5 Bytes JMP 00445210 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3992] kernel32.dll!LoadLibraryExW + 173 759393EF 4 Bytes JMP 71AC000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3992] USER32.dll!InSendMessageEx + 3B1 759FE6B0 6 Bytes JMP 71AE001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3992] WS2_32.dll!getaddrinfo 758E418A 5 Bytes JMP 71A20022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3992] WS2_32.dll!gethostbyname 758F62D4 5 Bytes JMP 71A60022

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

 

OK, I have run the other scans. As the instructions said, I'll post a new posting with the additional log files.

Hope this helps.

Thank you.

Jean

 

New Post, was Computer Problem won't let me check for Malware or Virus Remo

Here are the start of the remainder of the log files. Hope we can get this problem solved. Thank you. Jean

Malware Bytes Log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.15.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Jean :: JEAN-PC [administrator]

2/15/2012 1:50:48 PM
mbam-log-2012-02-15 (13-50-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220108
Time elapsed: 8 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
---------------------------------------------
aswMBR Log Files:
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-16 18:25:26
-----------------------------
18:25:26.698 OS Version: Windows 6.0.6002 Service Pack 2
18:25:26.698 Number of processors: 4 586 0xF0B
18:25:26.699 ComputerName: JEAN-PC UserName: Jean
18:25:30.634 Initialize success
18:25:54.382 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
18:25:54.386 Disk 0 Vendor: NVIDIA__ Size: 476940MB BusType: 8
18:25:54.389 Device \Device\00000063 -> \??\SCSI#Disk____NVIDIA__STRIPE___465.76G#1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
18:25:54.394 Disk 0 MBR read error 0
18:25:54.398 Disk 0 MBR scan
18:25:54.403 Disk 0 unknown MBR code
18:25:54.409 MBR BIOS signature not found 0
18:25:54.416 Disk 0 scanning sectors +976771072
18:25:54.467 Disk 0 scanning C:\Windows\system32\drivers
18:26:02.691 Service scanning
18:26:04.983 Modules scanning
18:26:10.969 Disk 0 trace - called modules:
18:26:10.983 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89a9049f]<<
18:26:10.992 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88e5e1f0]
18:26:11.002 3 CLASSPNP.SYS[84b5a8b3] -> nt!IofCallDriver -> [0x89a31a28]
18:26:11.011 \Driver\nvrd32[0x89925dc0] -> IRP_MJ_CREATE -> 0x89a9049f
18:26:11.022 Scan finished successfully
18:26:36.570 Disk 0 MBR has been saved successfully to "C:\Users\Jean\Desktop\Computer Problem\MBR.dat "
18:26:36.582 The log file has been saved successfully to "C:\Users\Jean\Desktop\Computer Problem\aswMBR.txt "

----------------------------------------
DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Jean at 18:28:28 on 2012-02-16
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1024 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=2906020R
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=2906020R
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe "
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\jean\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\jean\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Save video on Savevid.com - c:\program files\savevidplug-in\redirect.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: roadrunner.com\home
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{58EEE0B2-2566-4A30-9680-B26ACE75B285} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{829CFE26-2249-406E-BBC1-2000168B5FAE} : DhcpNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jean\appdata\roaming\mozilla\firefox\profiles\efeh5zwo.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/405
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=405&sr=0&q=
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Savevid.com Easy Video Downloader: ffmenu@savevid.com - %profile%\extensions\ffmenu@savevid.com
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2008-10-7 90112]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-7 21520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-27 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-27 135664]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-15 20:06:02 -------- d-----w- c:\users\jean\appdata\local\Apple
2012-02-15 13:45:49 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-02-15 04:16:02 -------- d-----w- c:\users\jean\appdata\local\Adobe
2012-02-12 15:10:15 -------- d-----w- c:\users\jean\appdata\roaming\MPEG Streamclip
2012-02-03 17:51:37 -------- d-----w- c:\programdata\boost_interprocess
2012-02-03 17:51:31 -------- dc-h--w- c:\programdata\{C4A867AE-B15C-4B7F-AD27-7F8C13A57518}
2012-02-03 17:51:31 -------- d-----w- c:\program files\SavevidPlug-in
2012-02-03 17:50:39 -------- d-----w- c:\users\jean\appdata\local\PackageAware
2012-01-28 18:55:28 -------- d-----r- c:\users\jean\Dropbox
2012-01-28 18:51:03 -------- d-----w- c:\users\jean\appdata\roaming\Dropbox
2012-01-26 02:17:35 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-26 02:17:35 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-26 02:17:35 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-26 02:17:35 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-26 02:17:35 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-26 02:17:35 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-25 20:57:34 -------- d-----w- c:\program files\iPod
.
==================== Find3M ====================
.
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: NVIDIA__ rev. -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000063 -> \??\SCSI#Disk____NVIDIA__STRIPE___465.76G#1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
.
============= FINISH: 18:34:37.20 ===============

Attach Text:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/16/2008 12:36:09 AM
System Uptime: 2/16/2012 5:58:23 PM (1 hours ago)
.
Motherboard: ELITEGROUP | | 680IT-GB
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU 1 | 1603/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 306.608 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.646 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1734: 2/14/2012 11:32:38 PM - February 14 2012
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
AC3Filter (remove only)
Acrobat.com
Adobe AIR
Adobe Color Common Settings
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Photoshop 5.0.2
Adobe Reader X (10.1.2)
Adobe Setup
Adobe Shockwave Player 11.5
AIM 7
alongwintersnap_3129553 Screen Saver
American Greetings CreataCard
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AVG 2012
Belarc Advisor 8.1
Bicycle Card Games
Bluemountain-Home for Christmas Screen Saver
Bonjour
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon G.726 WMP-Decoder
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon iP1800 series
Canon iP1800 series User Registration
Canon MG5200 series MP Drivers
Canon MG5200 series User Registration
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 4.0
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX
Canon Solution Menu EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Christmas Screen Saver
CleanUp!
Compatibility Pack for the 2007 Office system
Copy Utility
Digital Media Reader
Download Updater (AOL LLC)
DVD Burning Xpress 2.00
easy gadget
EasyCleaner
EPSON Copy Utility
EPSON Photo Print
EPSON Smart Panel
EPSON TWAIN 5
EzTune
FileHippo.com Update Checker
Free Studio version 5.1.4
Free YouTube to MP3 Converter version 3.9.40.602
Garmin City Navigator North America NT 2009 Update
Garmin Communicator Plugin
Garmin USB Drivers
Gateway Recovery Center Installer
Glary Utilities 2.41.0.1358
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Greetings Workshop
Hand And Foot 1.0.3.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Card Games 4
HP PhotoSmart Photo Printing Software
ImgBurn
IrfanView (remove only)
iTunes
Japanese Fonts Support For Adobe Reader 9
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Just Great Software EditPad Lite 6.4.3
LAME v3.98.2 for Audacity
League of Legends
Logitech Desktop Messenger
Logitech QuickCam Driver Package
Logitech Updater
Logitech Vid HD
Logitech Webcam Software
Macromedia Dreamweaver 4
Macromedia Extension Manager
MailWasherPro
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2000 Professional
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Mozilla Firefox (3.6.2)
Mozilla Thunderbird 10.0.1 (x86 en-US)
MSN
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
NVIDIA Control Panel 275.33
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
Omar Sharif Bridge
Palm Desktop
PDF reDirect (remove only)
Picasa 3
Pivot Software
PocketMirror 2.0 for Outlook
Power2Go 5.0
PVSonyDll
Quicken 2007
QuickTime
Rapport
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller 1.93
RTC Client API v1.2
Safari
SaveVid Plug-in
SDK
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Shockwave
Skype Toolbars
Skypeâ„¢ 5.3
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware
TClockEx
TweakVI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WinDirStat 1.1.2
Windows 7 Upgrade Advisor
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WordPerfect Office 12
Zipeg
.
==== Event Viewer Messages From Past Week ========
.
2/16/2012 6:00:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
2/16/2012 2:01:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
2/16/2012 2:01:34 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/16/2012 10:31:10 AM, Error: EventLog [6008] - The previous system shutdown at 10:25:45 AM on 2/16/2012 was unexpected.
2/16/2012 1:53:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC Lbd NetBIOS netbt nsiproxy PSched RapportKELL RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6
2/16/2012 1:53:12 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 1:53:12 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/16/2012 1:53:12 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 1:53:12 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/16/2012 1:53:12 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/16/2012 1:53:12 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 1:53:12 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 1:53:12 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
2/16/2012 1:53:12 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 1:53:12 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 1:53:12 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 1:53:12 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/16/2012 1:53:12 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/16/2012 1:53:12 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 1:52:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/16/2012 1:51:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/16/2012 1:51:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/16/2012 1:51:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
2/16/2012 1:51:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/16/2012 1:51:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/15/2012 9:41:44 AM, Error: EventLog [6008] - The previous system shutdown at 9:37:18 AM on 2/15/2012 was unexpected.
2/15/2012 9:28:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
2/15/2012 8:36:50 AM, Error: EventLog [6008] - The previous system shutdown at 8:32:40 AM on 2/15/2012 was unexpected.
2/15/2012 8:26:49 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Quicken PDF Printer with shared resource name Quicken PDF Printer. Error 2114. The printer cannot be used by others on the network.
2/15/2012 5:27:13 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
2/14/2012 7:55:51 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/14/2012 7:55:51 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
2/14/2012 6:28:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/14/2012 6:20:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
2/14/2012 6:13:50 PM, Error: EventLog [6008] - The previous system shutdown at 6:08:47 PM on 2/14/2012 was unexpected.
2/14/2012 4:03:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Lbd RapportKELL SASDIFSV SASKUTIL spldr Wanarpv6
2/14/2012 11:45:45 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00E04C68000C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/14/2012 11:38:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
2/14/2012 11:38:29 AM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/14/2012 11:38:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
2/14/2012 11:31:27 AM, Error: EventLog [6008] - The previous system shutdown at 11:27:25 AM on 2/14/2012 was unexpected.
.
==== End Of File ===========================

 

OK, here is what the RunBox said:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com
Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`8b8fe200
ATA_Read(): DeviceIoControl() ERROR 6
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;



Press any key to quit...

 

I tried several times to run Combofix but it never finished. So I shut down the computer and went to bed. This morning I turned on the computer and got nothing but error messages on the hard drive. I'm not sure but I think the hard disk is crashing.

I'm going to try to get it up and running and let you know how I'm making out. If I can't I will have to take it to a computer shop.

I'll keep you posted.

Jean

 

Hi again,

Well my computer crashed and I couldn't get it started so I found the old Restore CD and put it into the drive and checked restore to Factory Condition. What a big job I have ahead of me. I guess whatever got into my computer just destroyed all my Windows important files.

I will continue updating my reformatted computer and hope for the best.

Thanks for your help and if the reformatting doesn't solve the problem, I'll write back.

Jean