Vista infected with Alureon.E - Please Help...

Did you do a complete re-format or simply a System Restore?

I used the recovery partition (i think is what it's called) to return the computer to its original as purchased state. I accessed it thru control panel. Does that answer your question?

I guess that would be called a system restore...

my laptop somehow got the Alureon.E virus

What makes you think that you have this virus?

I guess that would be called a system restore....

No. A System Restore is when you restore you computer back a few days to before you made some changes that you didn't like.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
***************************************************************
Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html"]here[/URL] for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click PCHelpForum.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

To answer your question as to what makes me think I have this virus - MSE is still finding it, but it cannot clean it. Here are the two logs:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.21.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Chuck :: LAPTOP [administrator]

1/21/2012 3:11:29 PM
mbam-log-2012-01-21 (15-11-29).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 379601
Time elapsed: 1 hour(s), 2 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



ComboFix 12-01-21.02 - Chuck 01/21/2012 16:27:42.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4085.1976 [GMT -6:00]
Running from: c:\users\Chuck\Desktop\PCHelpForum.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\KBL.LOG
.
.
((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))))
.
.
2012-01-21 23:01 . 2012-01-21 23:01 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A8FA8FA-0F83-4AF9-BECE-620A0A7F1C19}\offreg.dll
2012-01-21 22:35 . 2012-01-21 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-21 21:11 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A8FA8FA-0F83-4AF9-BECE-620A0A7F1C19}\mpengine.dll
2012-01-21 21:04 . 2012-01-21 21:04 -------- d-----w- c:\programdata\Malwarebytes
2012-01-21 21:04 . 2012-01-21 21:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-21 21:04 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-17 12:20 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2012-01-17 12:20 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-01-15 22:38 . 2012-01-15 22:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-15 12:22 . 2012-01-15 12:22 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-01-15 12:09 . 2011-11-16 16:42 347136 ----a-w- c:\windows\system32\schannel.dll
2012-01-15 12:09 . 2011-11-17 06:53 515968 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-15 12:09 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll
2012-01-15 12:09 . 2011-11-16 16:42 94720 ----a-w- c:\windows\system32\secur32.dll
2012-01-15 12:09 . 2011-11-16 16:41 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-15 12:09 . 2011-11-16 16:24 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-15 12:09 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
2012-01-15 12:09 . 2011-11-16 16:23 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-15 12:09 . 2011-11-16 14:34 11264 ----a-w- c:\windows\system32\lsass.exe
2012-01-15 11:57 . 2012-01-15 11:57 -------- d-----w- c:\program files (x86)\Windows Portable Devices
2012-01-15 11:57 . 2012-01-15 11:57 -------- d-----w- c:\program files\Windows Portable Devices
2012-01-15 11:57 . 2012-01-15 11:57 -------- d-----w- c:\windows\SysWow64\spool
2012-01-15 04:36 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2012-01-15 04:36 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2012-01-15 04:36 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2012-01-15 04:36 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-01-15 04:36 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2012-01-15 04:35 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2012-01-15 04:15 . 2012-01-15 04:15 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2012-01-15 04:14 . 2012-01-15 04:14 3584 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-01-15 04:01 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2012-01-15 04:01 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-01-15 04:01 . 2011-09-20 21:06 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-15 04:01 . 2011-09-20 14:04 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-01-15 03:59 . 2011-12-01 15:29 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-15 03:58 . 2011-08-13 05:11 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2012-01-15 03:58 . 2011-08-13 04:43 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2012-01-15 03:58 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2012-01-15 03:58 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-15 03:57 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2012-01-15 03:57 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2012-01-15 03:57 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-01-15 03:57 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-01-15 03:57 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-01-15 03:57 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2012-01-15 03:57 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-01-15 03:57 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2012-01-15 03:32 . 2012-01-15 03:32 -------- d-----w- c:\windows\SysWow64\ca-ES
2012-01-15 03:32 . 2012-01-15 03:32 -------- d-----w- c:\windows\SysWow64\eu-ES
2012-01-15 03:32 . 2012-01-15 03:32 -------- d-----w- c:\windows\SysWow64\vi-VN
2012-01-15 03:32 . 2012-01-15 03:32 -------- d-----w- c:\windows\system32\ca-ES
2012-01-15 03:32 . 2012-01-15 03:32 -------- d-----w- c:\windows\system32\eu-ES
2012-01-15 03:32 . 2012-01-15 03:32 -------- d-----w- c:\windows\system32\vi-VN
2012-01-14 22:33 . 2012-01-14 22:33 -------- d-----w- c:\windows\system32\EventProviders
2012-01-14 21:48 . 2012-01-14 21:48 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-01-14 21:16 . 2009-04-11 07:11 397312 ----a-w- c:\windows\system32\WscEapPr.dll
2012-01-14 21:15 . 2009-04-11 07:15 380392 ----a-w- c:\windows\system32\ci.dll
2012-01-14 21:14 . 2009-04-11 07:11 74752 ----a-w- c:\windows\system32\wscsvc.dll
2012-01-14 21:13 . 2009-04-11 07:11 43520 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2012-01-14 21:13 . 2009-04-11 07:11 1172992 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2012-01-14 21:13 . 2009-04-11 07:11 936448 ----a-w- c:\windows\system32\SmiEngine.dll
2012-01-14 21:13 . 2009-04-11 07:11 891392 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-01-14 21:13 . 2009-04-11 07:11 293888 ----a-w- c:\windows\system32\wdscore.dll
2012-01-14 21:13 . 2009-04-11 07:10 138752 ----a-w- c:\windows\system32\PkgMgr.exe
2012-01-14 21:13 . 2009-04-11 07:11 315904 ----a-w- c:\windows\system32\drvstore.dll
2012-01-14 20:57 . 2009-11-03 22:07 28160 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2012-01-14 20:56 . 2010-09-06 18:28 179712 ----a-w- c:\windows\system32\srvsvc.dll
2012-01-14 20:56 . 2010-09-06 18:28 12288 ----a-w- c:\windows\system32\sscore.dll
2012-01-14 20:56 . 2010-09-06 18:27 17920 ----a-w- c:\windows\system32\netevent.dll
2012-01-14 20:56 . 2010-09-06 16:20 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2012-01-14 20:56 . 2010-09-06 16:19 17920 ----a-w- c:\windows\SysWow64\netevent.dll
2012-01-14 11:08 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-14 05:22 . 2012-01-14 05:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EACE238-0330-41E6-A3F5-D43512314BE4}\gapaengine.dll
2012-01-14 05:19 . 2012-01-14 05:19 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC103DC5-E9C0-4A37-8DF1-E54967BE9F5C}\offreg.dll
2012-01-14 05:05 . 2012-01-14 05:05 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-01-14 05:05 . 2012-01-14 05:06 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-14 05:02 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys
2012-01-14 04:55 . 2012-01-14 04:55 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2012-01-14 04:36 . 2009-11-08 16:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-01-14 04:36 . 2009-11-08 16:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-01-14 04:36 . 2009-11-08 16:55 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-01-14 04:36 . 2009-11-08 16:55 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-01-14 04:36 . 2009-11-08 16:55 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-01-14 04:36 . 2009-11-08 16:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-01-14 04:36 . 2009-11-08 16:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-01-14 04:36 . 2009-11-08 16:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-01-14 04:36 . 2009-11-08 16:55 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-01-14 04:36 . 2009-11-08 16:55 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-01-14 04:26 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-01-14 04:26 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2012-01-14 04:26 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-01-14 04:26 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2012-01-14 04:12 . 2012-01-14 04:12 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-01-14 04:11 . 2009-07-14 18:31 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-01-14 04:11 . 2009-07-14 18:18 654928 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-01-14 04:11 . 2009-07-14 18:18 42064 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-01-14 03:42 . 2008-05-27 04:59 18904 ----a-w- c:\windows\SysWow64\StructuredQuerySchemaTrivial.bin
2012-01-14 03:42 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2012-01-14 02:52 . 2009-01-08 01:20 537088 ----a-w- c:\program files\Internet Explorer\pdm.dll
2012-01-14 02:52 . 2009-01-08 01:20 358904 ----a-w- c:\program files\Internet Explorer\msdbg2.dll
2012-01-14 02:52 . 2009-01-08 01:20 355832 ----a-w- c:\program files (x86)\Internet Explorer\pdm.dll
2012-01-14 02:52 . 2009-01-08 01:20 265720 ----a-w- c:\program files (x86)\Internet Explorer\msdbg2.dll
2012-01-14 02:29 . 2006-11-10 22:25 525792 ----a-w- c:\windows\system32\difxapi.dll
2012-01-14 01:44 . 2010-02-20 23:15 32768 ----a-w- c:\windows\system32\nshhttp.dll
2012-01-14 01:44 . 2010-02-20 23:06 24064 ----a-w- c:\windows\SysWow64\nshhttp.dll
2012-01-14 01:44 . 2010-02-20 23:14 33792 ----a-w- c:\windows\system32\httpapi.dll
2012-01-14 01:44 . 2010-02-20 23:05 30720 ----a-w- c:\windows\SysWow64\httpapi.dll
2012-01-14 01:44 . 2010-02-20 21:30 620032 ----a-w- c:\windows\system32\drivers\http.sys
2012-01-14 01:18 . 2009-09-10 15:27 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2012-01-14 01:18 . 2009-09-10 15:27 372736 ----a-w- c:\windows\system32\unregmp2.exe
2012-01-14 01:18 . 2009-09-10 14:58 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe
2012-01-14 01:18 . 2009-09-10 14:58 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe
2012-01-14 01:17 . 2009-08-14 16:04 143360 ----a-w- c:\windows\system32\netiohlp.dll
2012-01-14 01:17 . 2009-08-14 14:10 12800 ----a-w- c:\windows\system32\MRINFO.EXE
2012-01-14 01:17 . 2009-08-14 14:10 32256 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-01-14 01:17 . 2009-08-14 14:10 23040 ----a-w- c:\windows\system32\ARP.EXE
2012-01-14 01:17 . 2009-08-14 13:49 27136 ----a-w- c:\windows\SysWow64\NETSTAT.EXE
2012-01-14 01:17 . 2009-08-14 13:48 105984 ----a-w- c:\windows\SysWow64\netiohlp.dll
2012-01-14 01:16 . 2009-08-14 14:10 10752 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-01-14 01:16 . 2009-08-14 14:10 21504 ----a-w- c:\windows\system32\ROUTE.EXE
2012-01-14 01:16 . 2009-08-14 14:10 11264 ----a-w- c:\windows\system32\finger.exe
2012-01-14 01:16 . 2009-08-14 14:10 10240 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-01-14 01:16 . 2009-08-14 13:49 9728 ----a-w- c:\windows\SysWow64\TCPSVCS.EXE
2012-01-14 01:16 . 2009-08-14 13:49 17920 ----a-w- c:\windows\SysWow64\ROUTE.EXE
2012-01-14 01:16 . 2009-08-14 13:49 11264 ----a-w- c:\windows\SysWow64\MRINFO.EXE
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 23:34 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1702400]
"RtHDVCpl"="RAVCpl64.exe" [2007-10-09 5429760]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 701440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 138264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 203800]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 168472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-QlbCtrl - %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
.
**************************************************************************
.
Completion time: 2012-01-21 17:13:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-21 23:13
.
Pre-Run: 149,891,264,512 bytes free
Post-Run: 150,183,657,472 bytes free
.
- - End Of File - - 04060A7F1E33A7E8815211B58BB04773

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

Latest aswMBR scan result of C:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-21 20:25:13
-----------------------------
20:25:13.646 OS Version: Windows x64 6.0.6002 Service Pack 2
20:25:13.646 Number of processors: 2 586 0xF0D
20:25:13.646 ComputerName: LAPTOP UserName: Chuck
20:25:16.049 Initialize success
20:26:04.262 AVAST engine defs: 12012101
20:26:25.571 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:26:25.571 Disk 0 Vendor: FUJITSU_ 8909 Size: 238475MB BusType: 3
20:26:25.587 Disk 0 MBR read successfully
20:26:25.587 Disk 0 MBR scan
20:26:25.587 Disk 0 unknown MBR code
20:26:25.603 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 225302 MB offset 63
20:26:25.634 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13170 MB offset 461418930
20:26:25.649 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 488392065
20:26:25.665 Service scanning
20:26:26.258 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:26:26.882 Modules scanning
20:26:26.882 Disk 0 trace - called modules:
20:26:26.929 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
20:26:26.929 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066e7790]
20:26:26.929 3 CLASSPNP.SYS[fffffa6000fc6c33] -> nt!IofCallDriver -> [0xfffffa8004b7d350]
20:26:26.944 5 acpi.sys[fffffa60008cbfde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004baf050]
20:26:27.849 AVAST engine scan C:\
02:03:12.701 Scan finished successfully
06:11:35.037 Disk 0 MBR has been saved successfully to "C:\Users\Chuck\Desktop\MBR.dat"
06:11:35.146 The log file has been saved successfully to "C:\Users\Chuck\Desktop\aswMBR.txt"

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
  
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

It won't run - I downloaded it and every time I hit scan a window pops up that says Malware Finder has stopped working. I can only close or send information to microsoft from there. I clicked "details" of the problem and this is what was shown:

Files that help describe the problem:
C:\Users\Chuck\AppData\Local\temp\WERFC77.tmp.version.txt
C:\Users\Chuck\AppData\Local\temp\WERB95.tmp.appcompat.txt
C:\Users\Chuck\AppData\Local\temp\WERB96.tmp.mdmp

Let me know what to try next please... Thanks!

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

• Once you have downloaded the file, double click the sarsfx icon
  
• Review the licence agreement and click on the Accept button
  
• The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
  
  
• Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  
• Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  
• Allow the program to scan your computer - please be patient as it may take some time
  
• Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  
• In the main window, you will see each of the entries found by the scan (if any)
  
  
  
  • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    
  • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
    
  
  
• If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
  
• To clean up these entries click on the Clean up checked items button
  
• If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
  
• Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
  
• When you have re-booted,and tell me how your computer is running now
  

First, I can't check the box next to "Running Processes" - it's grey (don't know if it scanned or not. The other two were already checked.

Results: no warnings, 336 hidden items found. Although these were all listed, none had checks next to them. I was manually able to check them all, but I decided not to do anything until I hear back from you. Should I check them and clean them or try something else? The Alureon.E is still showing up with MSE....

Thanks!

I can't check the box next to "Running Processes"

Just ensure that there is a checkmark there. Just leave that scanner for now.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Scan results said "no threats found" - MSE is still finding that Trojan:DOS/Alureon.E thing and can't get rid of it...

If you'd like me to erase the drive completely, I'm fine with that. This computer has no data on it and is used primarily for websurfing. Let me know and thanks again!

If you'd like me to erase the drive completely, I'm fine with that. This computer has no data on it and is used primarily for websurfing. Let me know and thanks again!.

The choice is totally yours to make. I can keep running scans and we may find the culprit in two days or it could be two weeks. Re-formating is an ideal option especially if you're sure you won't lose any data as you will be starting out with a fresh slate. Please let me know how you want to handle it.

If you could help me reformat, I'd be great with that, but I need some guidance - what I did last time didn't work properly (obviously! - Lol!)

To wipe the drive clean, re-format and reinstall the OS.

Questions:

1. Should I follow the instructions on the re-format link you sent?
2. My computer never came with an OS disk, only a separate hard drive used for recovery/restore - what should I do with that?
3. Do I need to figure out what drivers I need as shown in the link, or will my recovery partition have all that.

I guess what I'm asking for is a little more individualized instruction applicable to my system. Thanks!!!

How to run the Vista Recovery Console.

1. Eject and remove any discs or memory cards from your computer.
2. Click the "Start" button on the desktop to open the Start menu, click the small arrow icon to the right of the lock icon and select "Restart".
3. Hold the "F8" key on your computer's keyboard as Windows Vista reboots
4. Highlight and select "Repair your computer" choose your keyboard type and click "Next".
5. Choose your user name, type your password if prompted and click "OK" to access the System Recovery Options menu.

I did that. I get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Diagnostic Tool
Command Prompt
Recovery Manager

I went to Recovery Manager, then System Recovery, Then restore to original factory condition. I didn't do it again because that's what I did when I posted my original question a couple weeks ago - trojan was still present. Do I need to buy the CD from HP or can we try something else?

Do I need to buy the CD from HP or can we try something else?.

Let's try a few more scans first.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6700 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 146):
0x01C59000 \SystemRoot\system32\ntoskrnl.exe
0x01C13000 \SystemRoot\system32\hal.dll
0x00606000 \SystemRoot\system32\kdcom.dll
0x00610000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0064B000 \SystemRoot\system32\PSHED.dll
0x0065F000 \SystemRoot\system32\CLFS.SYS
0x006BC000 \SystemRoot\system32\CI.dll
0x00809000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008AD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008BC000 \SystemRoot\system32\drivers\acpi.sys
0x00912000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0091B000 \SystemRoot\system32\drivers\msisadrv.sys
0x00925000 \SystemRoot\system32\drivers\pci.sys
0x00955000 \SystemRoot\System32\drivers\partmgr.sys
0x0096A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x0096E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x0097A000 \SystemRoot\system32\drivers\volmgr.sys
0x0098E000 \SystemRoot\System32\drivers\volmgrx.sys
0x009F4000 \SystemRoot\system32\drivers\intelide.sys
0x0076E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x0077E000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A06000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B0A000 \SystemRoot\system32\drivers\atapi.sys
0x00B12000 \SystemRoot\system32\drivers\ataport.SYS
0x00B36000 \SystemRoot\system32\drivers\msahci.sys
0x00B40000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B87000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C0F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E03000 \SystemRoot\system32\drivers\ndis.sys
0x00C96000 \SystemRoot\system32\drivers\msrpc.sys
0x00CE6000 \SystemRoot\system32\drivers\NETIO.SYS
0x01003000 \SystemRoot\System32\drivers\tcpip.sys
0x01177000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0120D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138D000 \SystemRoot\system32\drivers\volsnap.sys
0x013D1000 \SystemRoot\System32\Drivers\spldr.sys
0x013D9000 \SystemRoot\System32\Drivers\mup.sys
0x011A3000 \SystemRoot\System32\drivers\ecache.sys
0x013EB000 \SystemRoot\system32\drivers\disk.sys
0x011CF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01200000 \SystemRoot\system32\drivers\crcdisk.sys
0x02310000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0231C000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02325000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0232A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x02333000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02404000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02C0B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02CEE000 \SystemRoot\System32\drivers\watchdog.sys
0x02CFE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02D0A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02D50000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E02000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03002000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x03494000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x034B9000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x034CB000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x034DB000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x034FB000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x0350F000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x03526000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x0357D000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x03580000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x03592000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0359A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x035B0000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x035BC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02EEF000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x035CA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x035CC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x035D8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02F42000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02F7B000 \SystemRoot\system32\DRIVERS\storport.sys
0x02FD8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02D61000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x035F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02D84000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02FE5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02DB5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02DD3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02DEB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03000000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02B5F000 \SystemRoot\system32\DRIVERS\ks.sys
0x02FF5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02B93000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02BA3000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02C00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x02BEB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05E0E000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05F3A000 \SystemRoot\system32\drivers\portcls.sys
0x05F75000 \SystemRoot\system32\drivers\drmk.sys
0x05F98000 \SystemRoot\system32\drivers\ksthunk.sys
0x06008000 \SystemRoot\system32\DRIVERS\smserial.sys
0x0613C000 \SystemRoot\system32\drivers\modem.sys
0x0614B000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x06158000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x06189000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x06193000 \SystemRoot\System32\Drivers\Null.SYS
0x0619C000 \SystemRoot\System32\drivers\vga.sys
0x061AA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x061CF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x061D8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x061E1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x061EC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x05F9E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x05FA7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x05FC4000 \SystemRoot\system32\DRIVERS\smb.sys
0x02346000 \SystemRoot\system32\drivers\afd.sys
0x023B1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x05FDF000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x00FD4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x05FEA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x00D3F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x00D5A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x05E00000 \SystemRoot\system32\drivers\nsiproxy.sys
0x00DA7000 \SystemRoot\System32\Drivers\dfsc.sys
0x02200000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06402000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x06506000 \SystemRoot\System32\drivers\Dxapi.sys
0x06512000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00420000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x06525000 \SystemRoot\system32\drivers\luafv.sys
0x06547000 \SystemRoot\system32\drivers\spsys.sys
0x065E1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0220E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x065F5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02242000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0225A000 \SystemRoot\system32\drivers\HTTP.sys
0x00DC4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x00B9B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x00BB9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x00BD3000 \SystemRoot\system32\drivers\mrxdav.sys
0x00791000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x17205000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x1724E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x1726D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x1729F000 \SystemRoot\System32\DRIVERS\srv.sys
0x17332000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x17342000 \SystemRoot\system32\drivers\peauth.sys
0x022FD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x00DED000 \SystemRoot\System32\drivers\tcpipreg.sys
0x007BA000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x007D2000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x778D0000 \WINDOWS\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
548 C:\WINDOWS\System32\smss.exe
616 csrss.exe
652 C:\WINDOWS\System32\wininit.exe
672 csrss.exe
708 C:\WINDOWS\System32\services.exe
724 C:\WINDOWS\System32\lsass.exe
732 C:\WINDOWS\System32\lsm.exe
832 C:\WINDOWS\System32\winlogon.exe
908 C:\WINDOWS\System32\svchost.exe
968 C:\WINDOWS\System32\svchost.exe
1004 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
492 C:\WINDOWS\System32\svchost.exe
592 C:\WINDOWS\System32\svchost.exe
584 C:\WINDOWS\System32\svchost.exe
372 C:\WINDOWS\System32\audiodg.exe
660 C:\WINDOWS\System32\svchost.exe
1032 C:\WINDOWS\System32\SLsvc.exe
1096 C:\WINDOWS\System32\svchost.exe
1228 C:\WINDOWS\System32\svchost.exe
1404 C:\WINDOWS\System32\spoolsv.exe
1428 C:\WINDOWS\System32\svchost.exe
1652 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1948 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1996 C:\WINDOWS\System32\svchost.exe
2016 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
1820 C:\WINDOWS\System32\taskeng.exe
1876 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2156 C:\WINDOWS\System32\svchost.exe
2180 C:\WINDOWS\System32\SearchIndexer.exe
2252 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
2484 C:\WINDOWS\System32\taskeng.exe
2604 C:\WINDOWS\System32\dwm.exe
2704 C:\WINDOWS\explorer.exe
2812 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
2848 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3008 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3020 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
3036 C:\WINDOWS\RAVCpl64.exe
3044 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2096 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
2356 C:\WINDOWS\System32\igfxtray.exe
2536 C:\WINDOWS\System32\hkcmd.exe
2508 C:\WINDOWS\System32\igfxpers.exe
1308 C:\Program Files\Microsoft Security Client\msseces.exe
2760 C:\Program Files\Windows Sidebar\sidebar.exe
3056 C:\Program Files (x86)\HP\QuickPlay\QPService.exe
3108 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
3136 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
3148 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3160 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3236 C:\WINDOWS\System32\svchost.exe
3260 WmiPrvSE.exe
3332 C:\WINDOWS\System32\igfxsrvc.exe
3816 C:\WINDOWS\System32\svchost.exe
3856 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
3456 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1344 C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
4076 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2864 C:\WINDOWS\System32\SearchFilterHost.exe
2188 C:\WINDOWS\System32\SearchProtocolHost.exe
1452 dllhost.exe
3280 dllhost.exe
2204 C:\Users\Chuck\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`01636400 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2250BHG2, Rev: 8909

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

I'm going to check with my colleagues about this. I'll be back.

Ok - thanks!

Ok. Let's try this:

Run the Vista Recovery Console.

1. Eject and remove any discs or memory cards from your computer.

2. Click the "Start" button on the desktop to open the Start menu, click the small arrow icon to the right of the lock icon and select "Restart".

3. Hold the "F8" key on your computer's keyboard as Windows Vista reboots.

4. Highlight and select "Repair your computer" choose your keyboard type and click "Next".

5. Choose your user name, type your password if prompted and click "OK" to access the System Recovery Options menu.

6. Next type FIXMBR

7. If it ask if you're sure you want to write a new MBR, answer 'Y'

8. Then type EXIT to reboot the machine.

9.With that done, please post back and let me know how things are now.

Done as directed - unfortunately, no difference. Any other ideas?

Please run the MBR check again and see if there's any change.

Latest Report:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6700 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 147):
0x01C1C000 \SystemRoot\system32\ntoskrnl.exe
0x02134000 \SystemRoot\system32\hal.dll
0x00609000 \SystemRoot\system32\kdcom.dll
0x00613000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0064E000 \SystemRoot\system32\PSHED.dll
0x00662000 \SystemRoot\system32\CLFS.SYS
0x006BF000 \SystemRoot\system32\CI.dll
0x0080B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008AF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008BE000 \SystemRoot\system32\drivers\acpi.sys
0x00914000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0091D000 \SystemRoot\system32\drivers\msisadrv.sys
0x00927000 \SystemRoot\system32\drivers\pci.sys
0x00957000 \SystemRoot\System32\drivers\partmgr.sys
0x0096C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00970000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x0097C000 \SystemRoot\system32\drivers\volmgr.sys
0x00990000 \SystemRoot\System32\drivers\volmgrx.sys
0x009F6000 \SystemRoot\system32\drivers\intelide.sys
0x00771000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00781000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A0C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B10000 \SystemRoot\system32\drivers\atapi.sys
0x00B18000 \SystemRoot\system32\drivers\ataport.SYS
0x00B3C000 \SystemRoot\system32\drivers\msahci.sys
0x00B46000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B8D000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C04000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E07000 \SystemRoot\system32\drivers\ndis.sys
0x00C8B000 \SystemRoot\system32\drivers\msrpc.sys
0x00CDB000 \SystemRoot\system32\drivers\NETIO.SYS
0x01009000 \SystemRoot\System32\drivers\tcpip.sys
0x0117D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0120B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138B000 \SystemRoot\system32\drivers\volsnap.sys
0x013CF000 \SystemRoot\System32\Drivers\spldr.sys
0x013D7000 \SystemRoot\System32\Drivers\mup.sys
0x011A9000 \SystemRoot\System32\drivers\ecache.sys
0x013E9000 \SystemRoot\system32\drivers\disk.sys
0x00FCA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01200000 \SystemRoot\system32\drivers\crcdisk.sys
0x02307000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02313000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x0231C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02321000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0232A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02403000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02C02000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02CE5000 \SystemRoot\System32\drivers\watchdog.sys
0x02CF5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02D01000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02D47000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E0B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0320A000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x0369C000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x036C1000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x036D3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x036E3000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x03703000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x03717000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x0372E000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x03785000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x03788000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0379A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x037A2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x037B8000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x037C4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02EF8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x037D2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x037D4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x037E0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02F4B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02F84000 \SystemRoot\system32\DRIVERS\storport.sys
0x02FE1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02D58000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02FEE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02D7B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02DAC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02DBC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02DDA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02B5E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x037FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02B71000 \SystemRoot\system32\DRIVERS\ks.sys
0x02E00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02BA5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02BB5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02DF2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0233D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06002000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0612E000 \SystemRoot\system32\drivers\portcls.sys
0x06169000 \SystemRoot\system32\drivers\drmk.sys
0x0618C000 \SystemRoot\system32\drivers\ksthunk.sys
0x06208000 \SystemRoot\system32\DRIVERS\smserial.sys
0x0633C000 \SystemRoot\system32\drivers\modem.sys
0x0634B000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x06358000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x06389000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x06393000 \SystemRoot\System32\Drivers\Null.SYS
0x0639C000 \SystemRoot\System32\drivers\vga.sys
0x063AA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x063CF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x063D8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x063E1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x063EC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x06192000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x0619B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x061B8000 \SystemRoot\system32\DRIVERS\smb.sys
0x02351000 \SystemRoot\system32\drivers\afd.sys
0x023BC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x061D3000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x061DE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x011E3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x00D34000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03200000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x011F2000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x00D4F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x00D9C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x00DA8000 \SystemRoot\System32\Drivers\dfsc.sys
0x02200000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06609000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x0670D000 \SystemRoot\System32\drivers\Dxapi.sys
0x06719000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x00630000 \SystemRoot\System32\cdd.dll
0x0672C000 \SystemRoot\system32\drivers\luafv.sys
0x0674E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06762000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06796000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x067A1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0220E000 \SystemRoot\system32\drivers\spsys.sys
0x17609000 \SystemRoot\system32\drivers\HTTP.sys
0x176AC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x176D5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x176F3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x1770D000 \SystemRoot\system32\drivers\mrxdav.sys
0x17734000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x1775D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x177A6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x177C5000 \SystemRoot\System32\DRIVERS\srv2.sys
0x17805000 \SystemRoot\System32\DRIVERS\srv.sys
0x17898000 \SystemRoot\system32\drivers\peauth.sys
0x1794E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x17959000 \SystemRoot\System32\drivers\tcpipreg.sys
0x17969000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x17981000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x772F0000 \WINDOWS\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
532 C:\WINDOWS\System32\smss.exe
616 csrss.exe
652 C:\WINDOWS\System32\wininit.exe
672 csrss.exe
708 C:\WINDOWS\System32\winlogon.exe
748 C:\WINDOWS\System32\services.exe
760 C:\WINDOWS\System32\lsass.exe
768 C:\WINDOWS\System32\lsm.exe
940 C:\WINDOWS\System32\svchost.exe
1000 C:\WINDOWS\System32\svchost.exe
232 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
576 C:\WINDOWS\System32\svchost.exe
604 C:\WINDOWS\System32\svchost.exe
660 C:\WINDOWS\System32\svchost.exe
1036 C:\WINDOWS\System32\audiodg.exe
1056 C:\WINDOWS\System32\svchost.exe
1072 C:\WINDOWS\System32\SLsvc.exe
1120 C:\WINDOWS\System32\svchost.exe
1224 C:\WINDOWS\System32\svchost.exe
1532 C:\WINDOWS\System32\spoolsv.exe
1568 C:\WINDOWS\System32\svchost.exe
1768 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1812 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1976 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2036 C:\WINDOWS\System32\svchost.exe
1136 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2180 C:\WINDOWS\System32\taskeng.exe
2228 C:\WINDOWS\System32\dwm.exe
2248 C:\WINDOWS\explorer.exe
2328 C:\WINDOWS\System32\taskeng.exe
2548 MpCmdRun.exe
2624 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2632 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
2648 C:\WINDOWS\RAVCpl64.exe
2660 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2768 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
2796 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2804 C:\WINDOWS\System32\igfxtray.exe
2848 C:\WINDOWS\System32\svchost.exe
2892 C:\WINDOWS\System32\SearchIndexer.exe
2948 C:\WINDOWS\System32\hkcmd.exe
2956 C:\WINDOWS\System32\igfxpers.exe
2968 C:\Program Files\Microsoft Security Client\msseces.exe
2976 C:\Program Files\Windows Sidebar\sidebar.exe
2996 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
3016 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2464 C:\Program Files (x86)\HP\QuickPlay\QPService.exe
2536 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
2532 C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
1152 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
2756 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2020 WmiPrvSE.exe
1328 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
2096 C:\WINDOWS\System32\igfxsrvc.exe
2748 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
2132 WmiPrvSE.exe
3180 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3216 C:\WINDOWS\System32\svchost.exe
3660 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
3836 C:\WINDOWS\System32\svchost.exe
2440 dllhost.exe
3848 dllhost.exe
3352 C:\Users\Chuck\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`01636400 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2250BHG2, Rev: 8909

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Thanks so much for your time and assistance with this problem, but the wife insisted that I get recovery disks and erase the computer to start from scratch. I did what she wanted and everything's fine now. Whatever that Alureon.E was, it was a pain to remove. One last question - what's your suggestion for free internet/virus security so this doesn't happen again? Thanks so much for your time and help again....

I'm sorry it had to come to that but as the saying goes; "happy wife, happy life". Here's some advice.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
**************************************************
Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*****************************************************
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Superdave wrote:

I'm sorry it had to come to that. Here's some advice.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
**************************************************
Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*****************************************************
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.