XP will only boot in safemode Extras

My computer recently shutdown while my wife was uploading pictures to facebook. Got the following error msg: STOP: 0X0000007E (0XC0000005,0X00000000,0XBA4C30BC,0XBA4C2DB8) tried to boot to safemode but got error msg:windows XP setup cannot run under safemode. setup will restart now.

Have my old hard drive still installed also so tried to boot from it with same results. Did a repair on the old drive from my windows XP disc and was able to get it to boot in safemode. My new drive that I was originally booting form is now inaccessible and is only recognized sporadically in BIOS boot and my computer. Since both drives would not boot, I thought it might be a hardware problem so replaced the motherboard and processor with an older one I still have but nothing changed.

The only change has been that after doing the windows repair, I now get the following msg. on normal boot.:The windows subsystem system process terminated unexpectedly with a status of C0000005 (0X7c9106c3 0X0052f06c)

The system has been shut down.

Anybody know what happened? Will post extras.txt and aswMBR.txt in my next post.

Thanks for any help.


Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Please wait while WMIC is being installed.
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Out of date Spybot installed!
Ad-Aware
Out of date HijackThis installed!
Spybot - Search & Destroy 1.5.2.20
Spybot - Search & Destroy
Windows Defender
Malwarebytes Anti-Malware version 1.61.0.1400
HijackThis 2.0.2
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.22.87 Flash Player out of Date!
Adobe Reader 7 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Windows Defender MsMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-08 23:55:46
-----------------------------
23:55:46.765 OS Version: Windows 5.1.2600 Service Pack 2
23:55:46.765 Number of processors: 2 586 0x304
23:55:46.765 ComputerName: COMPUTER1 UserName:
23:55:47.343 Initialize success
00:03:28.500 AVAST engine defs: 12070801
00:09:55.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
00:09:55.687 Disk 0 Vendor: ST3160811AS 3.AAE Size: 152627MB BusType: 3
00:09:55.718 Disk 0 MBR read successfully
00:09:55.734 Disk 0 MBR scan
00:09:55.781 Disk 0 Windows XP default MBR code
00:09:55.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
00:09:55.812 Disk 0 scanning sectors +312576705
00:09:55.906 Disk 0 scanning C:\WINDOWS\system32\drivers
00:10:13.937 Service scanning
00:10:57.250 Modules scanning
00:11:24.312 Disk 0 trace - called modules:
00:11:24.343 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
00:11:24.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8733eab8]
00:11:24.390 3 CLASSPNP.SYS[f78c405b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x87343b00]
00:11:24.828 AVAST engine scan C:\WINDOWS
00:11:39.906 File: C:\WINDOWS\WEBCheckVer.ocx **INFECTED** Win32:Adware-gen [Adw]
00:11:39.953 File: C:\WINDOWS\WEBInstall.ocx **INFECTED** Win32:Adware-gen [Adw]
00:11:41.734 AVAST engine scan C:\WINDOWS\system32
00:16:22.531 AVAST engine scan C:\WINDOWS\system32\drivers
00:16:49.718 AVAST engine scan C:\Documents and Settings\Jon Martinson
00:22:31.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jon Martinson\My Documents\MBR.dat"
00:22:31.750 The log file has been saved successfully to "C:\Documents and Settings\Jon Martinson\My Documents\aswMBR.txt"


Last edited by DragonMaster Jay on 9th July 2012, 6:45 pm; edited 1 time in total (Reason for editing : Posts appended to this topic!)

OTL Extras logfile created on: 7/8/2012 10:47:57 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Jon Martinson\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 553.27 Mb Available Physical Memory | 54.11% Memory free
2.90 Gb Paging File | 2.63 Gb Available in Paging File | 90.65% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 65.02 Gb Free Space | 43.62% Space Free | Partition Type: NTFS
Drive D: | 616.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Unable to calculate disk information.

Computer Name: COMPUTER1 | User Name: Jon Martinson | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Disabled:America Online 9.0a -- (America Online, Inc.)
"C:\Program Files\AIM95\aim.exe" = C:\Program Files\AIM95\aim.exe:*:Disabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\bios\gwf32.exe" = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\bios\gwf32.exe:*:Disabled:gwflash
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"E:\Setup.exe" = E:\Setup.exe:*:Disabled:Setup Wizard of WGA54G
"D:\Setup.exe" = D:\Setup.exe:*:Disabled:Setup Wizard of WGA54G
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- ()
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
"C:\Program Files\Grisoft\AVG7\avgemc.exe" = C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client
"C:\WINDOWS\SYSTEM32\dpvsetup.exe" = C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"D:\Common\EasyInstall\EasyInstall.exe" = D:\Common\EasyInstall\EasyInstall.exe:*:Enabled:EasyInstall
"C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Program Files\BitTorrent\btdownloadgui.exe" = C:\Program Files\BitTorrent\btdownloadgui.exe:*:Disabled:btdownloadgui
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\adawaretb\dtUser.exe" = C:\Program Files\adawaretb\dtUser.exe:*:Enabled:Ad-Aware Security Toolbar DTX Broker -- (Visicom Media Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{005F0409-6759-11D5-A54F-0090278A1BB8}" = Visual Studio .NET Enterprise Architect - English
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochure
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1707BF02-0F5C-4A6C-8F17-053BB73E443F}" = Tabbed Browsing (Windows Live Toolbar)
"{178BAABD-0C95-4EB6-9E12-29A039EA27F6}" = Qwest eChat Support Tools
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2513A049-0D74-44C2-B18D-8CCA7BFD4F13}" = REALTIME 2020
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}" = EpsonNet Config V3
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}" = Rhapsody Player Engine
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{37327654-EBF7-410C-9161-C24D68E02753}" = Xacti Screen Capture 1.1
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{3C516E56-0B4B-4BDE-88A2-035B4D170A26}" = DXG-589V
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{44C05309-60F4-410B-BC32-31733CFF1A46}" = Microsoft Digital Image Standard 2006 Editor
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB252}" = Microsoft Digital Image Standard 2006 Library
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel(R) Integrated Performance Primitives RTI 4.0
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{58762801-BA53-42B3-890B-C6B9CC8CFE26}" = QuickConnect
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
"{95FC84C0-9F15-4831-8605-396FDC42071D}" = Microsoft Office Outlook Connector
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{9DA72A9F-4246-4C10-B0FA-D8C1037D45F8}" = Windows Live Toolbar
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}" = DiscWizard for Windows
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B0C0F5E6-10B1-11D6-9296-0050BA073EEC}" = Presto! VideoWorks 6
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BDD8B3C0-0877-418D-ACC9-2AB0064B901A}" = Presto! Mr. Photo 3
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}" = Camera Driver
"{D3F28364-8B10-45F1-8C2D-0037F4538BBB}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (REALTIME)
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EE25520B-3F99-46BC-8BA9-3EBAE560C0CD}" = Form Viewer
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}" = Form Fill (Windows Live Toolbar)
"{F626E006-C06C-466A-B133-92C1991385CA}" = ArcSoft Print Creations
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FCE50DB8-C610-4C42-BE5C-193F46C6F812}" = Windows Live Messenger
"Ad-Aware" = Ad-Aware
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1
"C-Media Audio Driver" = C-Media Azalia Audio Driver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DriverCD" = DriverCD
"Easy CD Ripper" = Easy CD Ripper 2.27
"Enable S3 for USB Device" = Enable S3 for USB Device
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 600 Series" = EPSON WorkForce 600 Series Printer Uninstall
"HijackThis" = HijackThis 2.0.2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LimeWire" = LimeWire 4.12.6
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSN Music Assistant" = MSN Music Assistant
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero 6
"PictureItPrem_v12" = Microsoft Digital Image Standard 2006 Update
"PROR" = Microsoft Office Professional 2007
"QwestQuickCare_is1" = Qwest QuickCare 2.0
"RealPlayer 6.0" = RealPlayer Basic
"RegistryDefense" = RegistryDefense
"Rhapsody" = Rhapsody
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Veoh Web Player Beta" = Veoh Web Player Beta
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/9/2012 1:23:11 AM | Computer Name = COMPUTER1 | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 7/9/2012 1:23:11 AM | Computer Name = COMPUTER1 | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 7/9/2012 1:23:11 AM | Computer Name = COMPUTER1 | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 7/9/2012 1:23:11 AM | Computer Name = COMPUTER1 | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 7/9/2012 1:23:11 AM | Computer Name = COMPUTER1 | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 7/9/2012 1:23:11 AM | Computer Name = COMPUTER1 | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 7/9/2012 1:23:12 AM | Computer Name = COMPUTER1 | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 7/9/2012 1:23:13 AM | Computer Name = COMPUTER1 | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 7/9/2012 1:23:13 AM | Computer Name = COMPUTER1 | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8001010d).

Error - 7/9/2012 1:23:13 AM | Computer Name = COMPUTER1 | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

[ System Events ]
Error - 7/9/2012 1:23:11 AM | Computer Name = COMPUTER1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 7/9/2012 1:23:11 AM | Computer Name = COMPUTER1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 7/9/2012 1:23:11 AM | Computer Name = COMPUTER1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 7/9/2012 1:23:11 AM | Computer Name = COMPUTER1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 7/9/2012 1:23:11 AM | Computer Name = COMPUTER1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 7/9/2012 1:23:11 AM | Computer Name = COMPUTER1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 7/9/2012 1:23:12 AM | Computer Name = COMPUTER1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 7/9/2012 1:23:13 AM | Computer Name = COMPUTER1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 7/9/2012 1:23:13 AM | Computer Name = COMPUTER1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 7/9/2012 1:24:07 AM | Computer Name = COMPUTER1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


< End of report >

Hello! I do not see anything out of the ordinary, yet.

Let's work with ComboFix:

ComboFix

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  
• It is important to rename ComboFix before the download.
  
• Please do not rename ComboFix to other names, but only the one indicated.
  

After the download:

• Close any open browsers.
  
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
  

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
  
• It will attempt to install the Recovery Console:
  

• When ComboFix finishes, it will produce a report for you.
  
• Please post the "C:\Combo-Fix.txt" in your next reply.
  

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

Thanks for your quick reply. Here is the combofix log.

ComboFix 12-07-08.02 - Jon Martinson 07/09/2012 15:44:43.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.565 [GMT -7:00]
Running from: c:\documents and settings\Jon Martinson\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\April\My Documents\~WRL2282.tmp
c:\documents and settings\Jared\WINDOWS
c:\documents and settings\Jon Martinson\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
c:\documents and settings\Jon Martinson\g2mdlhlpx.exe
c:\documents and settings\Jon Martinson\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Jon Martinson\My Documents\DPE.DUS
c:\documents and settings\Tina.COMPUTER1\WINDOWS
c:\program files\INSTALL.LOG
c:\program files\Program Files
c:\program files\Program Files\Common Files\Adobe\Color\ACE1Cache.lst
c:\program files\Program Files\Common Files\Adobe\TypeSpt\AdobeFnt.lst
c:\program files\Program Files\Pure Networks\Port Magic\connwsp.dll
c:\program files\Program Files\Pure Networks\Port Magic\libcfy.dll
c:\program files\Program Files\Pure Networks\Port Magic\pmfail.wav
c:\program files\Program Files\Pure Networks\Port Magic\pmprompt.wav
c:\program files\Program Files\Pure Networks\Port Magic\pmupdate.wav
c:\program files\Program Files\Pure Networks\Port Magic\Port Magic Help.chm
c:\program files\Program Files\Pure Networks\Port Magic\PortAOL.exe
c:\program files\Program Files\Pure Networks\Port Magic\preloads.dll
c:\program files\Program Files\Pure Networks\Port Magic\README.TXT
c:\program files\Program Files\Pure Networks\Port Magic\RG\3Com.dll
c:\program files\Program Files\Pure Networks\Port Magic\RG\ActionTec.dll
c:\program files\Program Files\Pure Networks\Port Magic\RG\Belkin.dll
c:\program files\Program Files\Pure Networks\Port Magic\RG\DLink.dll
c:\program files\Program Files\Pure Networks\Port Magic\RG\Linksys.dll
c:\program files\Program Files\Pure Networks\Port Magic\RG\LinksysCC.dll
c:\program files\Program Files\Pure Networks\Port Magic\RG\Microsoft.dll
c:\program files\Program Files\Pure Networks\Port Magic\RG\NetGear.dll
c:\program files\Program Files\Pure Networks\Port Magic\RG\Siemens.dll
c:\program files\Program Files\Pure Networks\Port Magic\RG\SMC.dll
c:\program files\Program Files\Pure Networks\Port Magic\SetupNT.dll
C:\Thumbs.db
c:\windows\_detmp.2
c:\windows\acezsoftware
c:\windows\acezsoftware\haunting\Do Not Delete Files.txt
c:\windows\acezsoftware\haunting\hall_background.bmp
c:\windows\acezsoftware\haunting\hSound1.wav
c:\windows\acezsoftware\haunting\hSound2.wav
c:\windows\acezsoftware\haunting\hSound3.wav
c:\windows\acezsoftware\haunting\hSound4.wav
c:\windows\acezsoftware\haunting\hSound5.wav
c:\windows\acezsoftware\haunting\hSound6.wav
c:\windows\acezsoftware\haunting\logo.bmp
c:\windows\acezsoftware\haunting\pump_large.bmp
c:\windows\acezsoftware\haunting\pump_med.bmp
c:\windows\acezsoftware\haunting\pump_small.bmp
c:\windows\acezsoftware\haunting\pump_xlarge.bmp
c:\windows\acezsoftware\haunting\skull_large.bmp
c:\windows\acezsoftware\haunting\skull_med.bmp
c:\windows\acezsoftware\haunting\skull_small.bmp
c:\windows\acezsoftware\haunting\skull_xlarge.bmp
c:\windows\acezsoftware\haunting\Thumbs.db
c:\windows\dasetup.log
c:\windows\desktop
c:\windows\EventSystem.log
c:\windows\help\wmplayer.bak
c:\windows\start.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\Cache
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\Matrix.exe
c:\windows\system32\msnphoto.scr
c:\windows\system32\OLD6E1.tmp
c:\windows\system32\regobj.dll
c:\windows\system32\rnaph.dll
c:\windows\system32\SET32D.tmp
c:\windows\system32\SET339.tmp
c:\windows\system32\SET5C5.tmp
c:\windows\Web\default.htt
c:\windows\Web\webview.vbs
c:\windows\Web\wiastyle.vbs
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SERV-U
-------\Legacy_USNJSVC
-------\Service_Serv-U
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 10:45 . 2012-06-18 10:14 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{3118F6A1-DEB4-4046-B45B-A559EE692E29}\mpengine.dll
2012-07-09 10:43 . 2012-05-31 19:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-09 07:10 . 2012-07-09 07:11 -------- d-----w- c:\documents and settings\Jon Martinson\Application Data\Driver Wizard
2012-07-09 07:10 . 2012-07-09 07:10 -------- d-----w- c:\program files\Driver Wizard
2012-07-09 06:47 . 2012-07-09 06:47 -------- d-----w- C:\ATI
2012-07-09 06:37 . 2012-07-09 06:37 -------- d-----w- c:\documents and settings\All Users\Uniblue
2012-07-09 06:37 . 2012-07-09 06:37 -------- d-----w- c:\documents and settings\Jon Martinson\Application Data\Uniblue
2012-07-09 06:37 . 2012-07-09 06:37 -------- d-----w- c:\program files\Uniblue
2012-07-09 05:05 . 2012-07-09 05:05 -------- d-----w- c:\documents and settings\Jon Martinson\Application Data\Malwarebytes
2012-07-09 05:05 . 2012-07-09 05:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-09 05:05 . 2012-07-09 05:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-09 05:05 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-06 19:33 . 2012-07-06 19:38 -------- d-----w- c:\windows\tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 10:14 . 2009-03-10 06:40 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-06-05 00:35 . 2003-01-01 07:25 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-14 22:20 . 2012-04-09 00:21 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" [2012-04-23 338808]
"Driver Wizard"="c:\program files\Driver Wizard\DWLauncher.exe" [2012-06-15 338576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RDListener"="c:\program files\Registry Defense\RDListener.exe" [2009-02-28 111216]
"SRFirstRun"="srclient.dll" [2006-02-28 67584]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2012-05-09 201112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-04-04 1082440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk.disabled [2005-3-15 1908]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0sprestrt\0sprestrt
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2008-02-20 01:05 591696 ----a-w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON WorkForce 600(Network)]
2008-03-04 14:00 188928 ----a-w- c:\windows\SYSTEM32\spool\drivers\w32x86\3\E_FATIEKA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-07-27 03:14 1867776 ----a-w- c:\program files\ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 18:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 23:31 2144088 ----a-w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SysAgent"=c:\sysagent\SysAgent.exe
"MaxtorReg"=c:\sysagent\AUTOREG.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\SYSTEM32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 Achernar;Achernar - SCSI Command Filters;c:\windows\SYSTEM32\DRIVERS\Achernar.sys [12/26/2007 11:25 PM 16855]
R0 viaraid;viaraid;c:\windows\SYSTEM32\DRIVERS\viaraid.sys [3/12/2005 3:57 AM 72192]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\SYSTEM32\DRIVERS\Aldebaran.sys [12/26/2007 11:25 PM 21808]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 FlashNT;FlashNT;c:\windows\SYSTEM32\DRIVERS\FLASHNT.SYS [5/25/2002 11:38 AM 72784]
S2 GLOGODrv;GLOGODrv;c:\windows\SYSTEM32\DRIVERS\GLOGODrv.sys [3/12/2005 6:49 AM 13332]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S2 MSSQL$REALTIME;MSSQL$REALTIME;c:\program files\Microsoft SQL Server\MSSQL$REALTIME\Binn\sqlservr.exe -sREALTIME --> c:\program files\Microsoft SQL Server\MSSQL$REALTIME\Binn\sqlservr.exe -sREALTIME [?]
S2 Sdselect;Sdselect;c:\windows\SYSTEM32\DRIVERS\sdselect.sys [3/9/2002 5:21 PM 73296]
S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\JONMAR~1\LOCALS~1\Temp\ATICDSDr.sys --> c:\docume~1\JONMAR~1\LOCALS~1\Temp\ATICDSDr.sys [?]
S3 cmudax;C-Media Azalia Audio Interface;c:\windows\SYSTEM32\DRIVERS\cmudax.sys [4/2/2005 6:09 PM 1385664]
S3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;c:\windows\SYSTEM32\DRIVERS\DLKRTS.SYS [10/17/2001 8:03 PM 25434]
S3 DSCVc;Video Capture;c:\windows\SYSTEM32\DRIVERS\CoachVc.sys [12/26/2007 11:07 PM 44256]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/8/2012 5:21 PM 113120]
S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\SYSTEM32\DRIVERS\ntapm.sys [8/17/2001 6:47 AM 9344]
S3 SQLAgent$REALTIME;SQLAgent$REALTIME;c:\program files\Microsoft SQL Server\MSSQL$REALTIME\Binn\sqlagent.EXE -i REALTIME --> c:\program files\Microsoft SQL Server\MSSQL$REALTIME\Binn\sqlagent.EXE -i REALTIME [?]
S3 USR1801;U.S. Robotics Faxmodem Driver 1801;c:\windows\SYSTEM32\DRIVERS\USR1801.SYS [12/2/2001 5:32 PM 794654]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2009-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 20:34]
.
2009-04-12 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-10-11 07:25]
.
2012-07-09 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2012-07-09 21:07]
.
2012-07-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
2009-04-06 c:\windows\Tasks\{33834511-CF31-4F01-85A4-FA751D293B9A}_COMPUTER1_Tina.job
- c:\windows\system32\mobsync.exe [2006-02-28 12:00]
.
2009-04-08 c:\windows\Tasks\{4FCCA92D-A61D-45D4-B41B-89D8F65EAF5F}_COMPUTER1_Jon Martinson.job
- c:\windows\system32\mobsync.exe [2006-02-28 12:00]
.
2009-04-08 c:\windows\Tasks\{D0958199-AABA-487A-862F-389AAEDB0AC8}_COMPUTER1_Jared.job
- c:\windows\system32\mobsync.exe [2006-02-28 12:00]
.
2009-04-08 c:\windows\Tasks\{DB0A0DA2-C529-474E-936F-1F67E115EF35}_COMPUTER1_April.job
- c:\windows\system32\mobsync.exe [2006-02-28 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: af.mil
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: Microsoft WFC Forms Designer - file://d:\vj98\wfcforms.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Visual Studio 6 Extensibility Libraries - file://d:\vj98\vstudio6.cab
DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88}
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
FF - ProfilePath - c:\documents and settings\Jon Martinson\Application Data\Mozilla\Firefox\Profiles\hlzy0qid.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{7D688A77-C613-11D0-999B-00C04FD655E1} - (no file)
HKLM-Run-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-POINTER - point32.exe
AddRemove-DriverCD - c:\program files\GIGABYTE\DriverCD\Uninst.isu
AddRemove-Enable S3 for USB Device - c:\program files\Gigabyte\Enable S3 for USB Device\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-09 15:54
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(436)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-07-09 15:57:34
ComboFix-quarantined-files.txt 2012-07-09 22:57
.
Pre-Run: 72,435,003,392 bytes free
Post-Run: 72,389,914,624 bytes free
.
- - End Of File - - 4B76D6D83E233595BC75FBB24B5B1B11

Can't understand why both hard drives are affected, but have tried removing the video card and using the onboard video with no results and evan changed the motherboard, processor, memory and still can't boot normally. Had windows update turned on and "download and install updates" selected. Could it be a SP3 update gone wrong? and if so, why would both drives be affected? I don't get it. Oh well, you are the expert so hope you can find an aswer for me. Appears that the newer 500 gig drive is totally corrupt. When I do a disc check from my XP disc it says the disc appears to have irrepairable damage and even when MY COMPUTER recognizes it, I can't access it.
Thanks again for your help.

Not sure about updates. We'll find out after malware is removed.

Please delete your old copy of ComboFix and download a new one. Do the scans as directed, etc.