Posted 16 November 2010 - 01:23 PM
I was asked to look at a friend´s laptop because boot terminated in BSOD ´Unmountable boot volume 0x00..0ED. Before reaching that point it asked one to press Enter to load SPTD. The BSOD followed regardless of pressing Enter, Escape or doing nothing.
DrWEb live CD scanner reported one of the owner´s downloads, Ares.exe, as infected with ´Trojan.MulDrop1.40731´ and I allowed it to delete the file.
Simple Registry Eeitor on Ultimate Boot CD comlained ´Volume is dirty, mounts read-only´. Ran ChkDsk.
From UBCD got no indication of problems from A-Squared, RootKitty (no differences found). USing SuperAntiSpyware free I quarantined some of the cookeis and two registry keys it reported (sadly don´t have a logfile for that).
I discovered that I could allow the machine to run applications successfully by replacing the missing(!) Rundll.exe from another PC´s installation.
Then installed updated and ran Malwarebytes´ Anti-malware. Quick Scan showed problems, all quarantined with a reboot.
Now various programmes were atarting up after boot, the first time I saw them: Daemon Tools lite (failed), Skype, Messenger, AVG, SpywareDoctor. The Daemon tools installer appeared to run OK.
I installed Spyware Terminator for its Analysis...
When I can get to open the log files again (se below), I can tell what the reported or post them if requested,
Now XP always fails to install a mouse driver when plug mouse in to USB, e.g.: device manager then shows HID Devices: Darfon standard mouse; drivers for this device not installed, although in the properties it does say Drivers: USBFltr , by Waytech DEvelopment. There´s no backupto roll back to. On on eUSB port the New Device wizard says Cannot install this hardware, error installing device, 'Datos no válidos' (it´s all in Spanish on this laptop). On the other USB port, there is a beep but nothing else happens. Device manager shows the same. A USB flash drive is useable on the same USB ports.
The latest problem is that some recently modified folders or files are inaccessible even to the 'Administrator' account in Safe Mode.
Checkdisk finds no problem with the system disk.
The question is, is this just because Windows has been left 'broken', or is there likely still some infection? Can anyone please recommend whether it´s worth posting some scans on the Malware forum for these symptoms?