Computer locks up at startup / Malewarebytes doesn't work during Safe Mode

Hey again,

So the other day, my system froze, and when I restarted it, it wouldn't go past the initial HP screen and did not go into safe mode, stopping at isapnp.sys. I did a little research and installed Hiren's Boot CD. I removed a 0 KB file from the Windows\systems32/drivers folder, and got XP to start up. However, the computer is useless once it starts up in regular mode, no programs will open. In safe mode, most things work, but Malewarebytes does not. I'm posting from another computer, but I brought over the Hijackthis scan:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:30:34 PM, on 10/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\freecell.exe
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ozubetalajoq] rundll32.exe "C:\WINDOWS\oqirugugavopiwam.dll",Startup
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Dyuvumamumuset] rundll32.exe "C:\WINDOWS\Wagdil6.dll",Startup
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: updugt32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe.vir
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{390AC609-99FE-46AE-BCA2-2769A83AD2BA}: NameServer = 93.188.163.75,93.188.166.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DC2EB99-A323-4564-AD7D-5D29046CCD1C}: NameServer = 93.188.163.75,93.188.166.110
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.75,93.188.166.110
O17 - HKLM\System\CS2\Services\Tcpip\..\{390AC609-99FE-46AE-BCA2-2769A83AD2BA}: NameServer = 93.188.163.75,93.188.166.110
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.163.75,93.188.166.110
O17 - HKLM\System\CS3\Services\Tcpip\..\{390AC609-99FE-46AE-BCA2-2769A83AD2BA}: NameServer = 93.188.163.75,93.188.166.110
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.75,93.188.166.110
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

--
End of file - 9769 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKLM\..\Run: [Ozubetalajoq] rundll32.exe "C:\WINDOWS\oqirugugavopiwam.dll",Startup
  O4 - HKCU\..\Run: [Dyuvumamumuset] rundll32.exe "C:\WINDOWS\Wagdil6.dll",Startup
  O4 - Startup: updugt32.exe
  O17 - HKLM\System\CCS\Services\Tcpip\..\{390AC609-99FE-46AE-BCA2-2769A83AD2BA}: NameServer = 93.188.163.75,93.188.166.110
  O17 - HKLM\System\CCS\Services\Tcpip\..\{4DC2EB99-A323-4564-AD7D-5D29046CCD1C}: NameServer = 93.188.163.75,93.188.166.110
  O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.75,93.188.166.110
  O17 - HKLM\System\CS2\Services\Tcpip\..\{390AC609-99FE-46AE-BCA2-2769A83AD2BA}: NameServer = 93.188.163.75,93.188.166.110
  O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.163.75,93.188.166.110
  O17 - HKLM\System\CS3\Services\Tcpip\..\{390AC609-99FE-46AE-BCA2-2769A83AD2BA}: NameServer = 93.188.163.75,93.188.166.110
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.75,93.188.166.110
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Ran Hijackthis and deleted as told, computer unfortunately still won't load Malewarebytes in neither Safe nor Normal mode:

New Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:45:16 PM, on 10/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe.vir
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

--
End of file - 8822 bytes

OTL log if it helps:

OTL logfile created on: 10/11/2010 7:54:53 PM - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 270.99 Gb Total Space | 42.99 Gb Free Space | 15.86% Space Free | Partition Type: NTFS
Drive D: | 8.45 Gb Total Space | 0.46 Gb Free Space | 5.43% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EVAN
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/13 17:43:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL(2).exe
PRC - [2010/03/17 23:28:24 | 001,230,128 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QuickTimePlayer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/10 00:00:00 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\freecell.exe


========== Modules (SafeList) ==========

MOD - [2010/10/08 01:59:53 | 000,047,616 | -H-- | M] () -- C:\WINDOWS\system32\regethc.dll
MOD - [2010/08/13 17:43:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL(2).exe
MOD - [2008/04/13 20:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll
MOD - [2008/04/13 20:11:52 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dinput.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/09/28 19:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/01/08 16:08:10 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2005/08/03 03:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/09/29 23:14:36 | 000,069,632 | ---- | M] (HP) [Boot | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/08 17:22:56 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/17 12:35:44 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2009/09/28 19:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/12/12 18:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/04 09:17:15 | 000,627,072 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/09/24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2006/08/16 09:23:46 | 000,021,888 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
DRV - [2005/12/12 19:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/10/20 19:01:56 | 001,095,009 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/09/30 14:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/08/14 00:35:00 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/28 21:07:58 | 000,156,800 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/17 09:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fshva%3D1%26ui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1<mpl=default<mplcache=2#inbox"
FF - prefs.js..extensions.enabledItems: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}:2.2010.1.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 1138

FF - HKLM\software\mozilla\Firefox\extensions\\{5B0A9819-6D4B-49EF-B66E-82F93AA1D0B0}: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{5B0A9819-6D4B-49EF-B66E-82F93AA1D0B0} [2010/10/08 02:01:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/22 10:32:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/22 10:32:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/04/24 16:35:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/04/24 16:35:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4 \Extensions\\Components: C:\PROGRA~1\NETSCAPE\NETSCA~1\Components [2010/04/24 16:35:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4 \Extensions\\Plugins: C:\PROGRA~1\NETSCAPE\NETSCA~1\Plugins [2010/04/24 16:35:20 | 000,000,000 | ---D | M]

[2009/09/02 00:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/09/13 21:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jadnwcli.default\extensions
[2010/02/18 21:29:24 | 000,000,000 | ---D | M] (DriverAgent Plugin for Firefox and Opera) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jadnwcli.default\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}
[2010/09/08 17:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jadnwcli.default\extensions\DTToolbar@toolbarnet.com
[2010/09/13 21:52:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/18 09:55:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe.vir (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.64.5 213.109.72.21
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/02 03:18:16 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: contps2 - (C:\WINDOWS\system32\regethc.dll) - C:\WINDOWS\system32\regethc.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/08 02:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{5B0A9819-6D4B-49EF-B66E-82F93AA1D0B0}
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/11 18:38:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/11 18:34:24 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/10/11 18:34:16 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
[2010/10/11 18:32:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/11 18:32:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/11 18:31:18 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/10/11 18:31:17 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/10/11 16:19:41 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/11 13:35:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Yfotivegohek.bin
[2010/10/11 13:17:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/08 13:18:23 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Lxexapimoxih.dat
[2010/10/08 07:54:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/08 07:32:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1423768027-2586421752-2192907715-1008UA.job
[2010/10/08 02:32:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1423768027-2586421752-2192907715-1008Core.job
[2010/10/08 01:59:54 | 000,000,116 | ---- | M] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010/10/08 01:59:53 | 000,047,616 | -H-- | M] () -- C:\WINDOWS\System32\regethc.dll
[2010/10/07 17:44:07 | 287,945,262 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\good.aif
[2010/10/07 16:07:33 | 263,950,894 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\silly 9.aif
[2010/10/07 13:02:00 | 175,163,950 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\mix 8.aif
[2010/10/07 11:44:48 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\avdrn.dat
[2010/10/06 23:58:40 | 298,318,383 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\kaskade deadmau5.aif
[2010/09/28 21:31:29 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/24 15:46:00 | 119,953,966 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dubstep.aif
[2010/09/24 14:58:29 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/15 03:06:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/12 20:52:12 | 002,108,848 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/08 02:01:45 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lxexapimoxih.dat
[2010/10/08 02:01:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Yfotivegohek.bin
[2010/10/08 01:59:54 | 000,000,116 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010/10/08 01:59:53 | 000,047,616 | -H-- | C] () -- C:\WINDOWS\System32\regethc.dll
[2010/10/07 17:44:17 | 287,945,262 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\good.aif
[2010/10/07 16:07:42 | 263,950,894 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\silly 9.aif
[2010/10/07 13:02:08 | 175,163,950 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\mix 8.aif
[2010/10/07 11:44:48 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\avdrn.dat
[2010/10/06 23:58:58 | 298,318,383 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\kaskade deadmau5.aif
[2010/09/24 15:49:15 | 119,953,966 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dubstep.aif
[2010/09/24 14:58:29 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/08 17:22:56 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/18 21:44:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/03/02 03:46:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/02 03:25:43 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/02 03:21:05 | 000,014,315 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/02 03:21:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/02 03:18:48 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/02 03:16:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/02 03:05:25 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/02 03:03:58 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/02 02:48:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/02 02:46:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/03/02 02:42:54 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/02 02:23:20 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/03/02 02:23:20 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/03/02 02:22:59 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 17:03:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/06 01:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 03:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 00:00:00 | 000,037,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\isapnp.sys
[2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/07 02:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
< End of report >

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 10-10-12.03 - HP_Administrator 10/13/2010 10:38:56.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1587 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\avdrn.dat
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{5B0A9819-6D4B-49EF-B66E-82F93AA1D0B0}
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{5B0A9819-6D4B-49EF-B66E-82F93AA1D0B0}\chrome.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{5B0A9819-6D4B-49EF-B66E-82F93AA1D0B0}\chrome\content\_cfg.js
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{5B0A9819-6D4B-49EF-B66E-82F93AA1D0B0}\chrome\content\overlay.xul
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{5B0A9819-6D4B-49EF-B66E-82F93AA1D0B0}\install.rdf
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\regethc.dll

Infected copy of c:\windows\system32\DRIVERS\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-09-13 to 2010-10-13 )))))))))))))))))))))))))))))))
.

2010-10-13 14:25 . 2008-04-13 18:36 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-10-13 14:25 . 2008-04-13 18:36 37248 ----a-w- c:\windows\system32\dllcache\isapnp.sys
2010-10-08 06:01 . 2010-10-11 17:35 0 ----a-w- c:\windows\Yfotivegohek.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-14 321328]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-13 68856]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-03 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-12 1064960]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe.vir [2006-3-2 36903]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-2 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 23:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
S0 fenozzof;fenozzof; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/18/2010 7:54 PM 135664]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2/18/2010 9:29 PM 23456]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [9/2/2009 7:57 AM 627072]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/8/2010 5:22 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 23:54]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 23:54]

2010-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1423768027-2586421752-2192907715-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-03 19:30]

2010-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1423768027-2586421752-2192907715-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-03 19:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jadnwcli.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fshva%3D1%26ui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1<mpl=default<mplcache=2#inbox
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jadnwcli.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jadnwcli.default\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}\plugins\npagent.dll
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe


.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\SOUNDMAN.EXE
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\DISC\DiscStreamHub.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-10-13 10:55:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-13 14:55
ComboFix2.txt 2010-08-18 14:01

Pre-Run: 48,130,187,264 bytes free
Post-Run: 48,211,230,720 bytes free

- - End Of File - - EF930C23E6AB079700029F5018FFAD8B

Hello.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
KillAll::

File::
c:\windows\Yfotivegohek.bin

Driver::
fenozzof

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

ComboFix 10-10-12.03 - HP_Administrator 10/13/2010 19:51:04.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1493 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\windows\Yfotivegohek.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Yfotivegohek.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FENOZZOF
-------\Service_fenozzof


((((((((((((((((((((((((( Files Created from 2010-09-14 to 2010-10-14 )))))))))))))))))))))))))))))))
.

2010-10-13 14:25 . 2008-04-13 18:36 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-10-13 14:25 . 2008-04-13 18:36 37248 ----a-w- c:\windows\system32\dllcache\isapnp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-14 321328]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-13 68856]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-03 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-12 1064960]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe.vir [2006-3-2 36903]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-2 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 23:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [9/2/2009 7:57 AM 627072]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/18/2010 7:54 PM 135664]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2/18/2010 9:29 PM 23456]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/8/2010 5:22 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 23:54]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 23:54]

2010-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1423768027-2586421752-2192907715-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-03 19:30]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1423768027-2586421752-2192907715-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-03 19:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jadnwcli.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fshva%3D1%26ui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1<mpl=default<mplcache=2#inbox
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jadnwcli.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jadnwcli.default\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}\plugins\npagent.dll
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\SOUNDMAN.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\DISC\DiscStreamHub.exe
.
**************************************************************************
.
Completion time: 2010-10-13 20:04:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-14 00:04
ComboFix2.txt 2010-10-13 14:55
ComboFix3.txt 2010-08-18 14:01

Pre-Run: 47,760,314,368 bytes free
Post-Run: 47,749,005,312 bytes free

- - End Of File - - DFCBEDC3DF2A271D21D326E909FC6559

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5aeddbf823179e4f8c3cefe273a5f4c6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-08-19 04:17:16
# local_time=2010-08-19 12:17:16 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=135487
# found=4
# cleaned=4
# scan_time=3503
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fkeqgcvhj\jbwfmgetssd.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) AB84F5B41B5FCE88EE5CD5CF193A35F8 C
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ytgcrjhr\wwlqblx.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 2D72C839DA8D87165329A6E6E412CEE8 C
C:\Program Files\Mozilla Firefox\0.02964694784768651.exe Win32/TrojanDropper.Agent.OVI trojan (cleaned by deleting - quarantined) FBA4AAC7DFDF8E700272ECD6CA235D68 C
C:\WINDOWS\Wagdil6.dll a variant of Win32/Cimag.DC trojan (cleaned by deleting - quarantined) 131F3ECFA402C397A1B7F42C930E6806 C
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5aeddbf823179e4f8c3cefe273a5f4c6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-10-15 12:49:29
# local_time=2010-10-14 08:49:29 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3990449 3990449 0 0
# scanned=142365
# found=3
# cleaned=3
# scan_time=4089
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\backups\backup-20101011-183057-239-updugt32.exe a variant of Win32/Kryptik.HHE trojan (cleaned by deleting - quarantined) 3C051857C46F33B001B45BC4948C7A22 C
C:\WINDOWS\oqirugugavopiwam.dll a variant of Win32/Cimag.CK trojan (cleaned by deleting - quarantined) 708C43F861EF16A19D07E481ECBCF1C5 C
C:\WINDOWS\Wagdil6.dll a variant of Win32/Kryptik.HDE trojan (cleaned by deleting - quarantined) 1EACFB3E79003CC375982ED86D2A29A9 C

Hello.

You aren't running Anti Virus Software

Please install Avira antivirus otherwise you won't be protected.

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Still having problems?

I downloaded the Antivirus program and things seem to be running smoothly.

However, I'm having problems with the internet. Several pages are redirecting, and some sites aren't showing up. For example, if I try to go to ESPN.com, I will get:

Wiki does not exist

From Meta, a wiki about Wikimedia

This wiki does not exist yet. Perhaps you are looking for one of our other projects:

^^Along with a bunch of other code. If I go to, say, ESPN.com/nba, however, it will work, but I won't be able to go back to the homepage.

This has been happening for a while on my computer and the other computers in my house. It seems like it's the Google Redirect Virus or something related to it, and from what I read, the router we have isn't helping us. However, if I scan with Malwarebites or Avira, the computer comes up as clean.

Any suggestions?

Hmmm.

Download MBRCheck to your desktop.

• Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  
• It will show a black screen with some data on it.
  
• A report called MBRcheckxxxx.txt will be on your desktop
  
• Open this report and post its content in your next reply.
  

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 137):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9EB4000 spqk.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E6E000 ACPI.sys
0xB9E5D000 pci.sys
0xBA0A8000 ohci1394.sys
0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA0C8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 viaide.sys
0xBA5AE000 intelide.sys
0xBA0D8000 MountMgr.sys
0xB9E3E000 ftdisk.sys
0xBA5B0000 dmload.sys
0xB9E18000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9D43000 iaStor.sys
0xB9D2B000 atapi.sys
0xB9CE8000 ftsata2.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9CC8000 fltmgr.sys
0xB9CB6000 sr.sys
0xBA118000 bb-run.sys
0xBA338000 PxHelp20.sys
0xB9C9F000 KSecDD.sys
0xB9C12000 Ntfs.sys
0xB9BE5000 NDIS.sys
0xB9BCB000 Mup.sys
0xB8E59000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xBA468000 \SystemRoot\system32\DRIVERS\aracpi.sys
0xB8D0B000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB8CF7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA470000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB8CD3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA228000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA238000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA248000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8CB0000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA480000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8BA4000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xBA488000 \SystemRoot\System32\Drivers\Modem.SYS
0xB8B90000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xBA258000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB87A1000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB877D000 \SystemRoot\system32\drivers\portcls.sys
0xBA268000 \SystemRoot\system32\drivers\drmk.sys
0xB8744000 \SystemRoot\System32\Drivers\am9msy1f.SYS
0xB8730000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA278000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA602000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\PS2.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA604000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
0xB939F000 \SystemRoot\system32\DRIVERS\arpolicy.sys
0xBA71F000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0xBA720000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA288000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB939B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8719000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA298000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8708000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB86D8000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA608000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB867A000 \SystemRoot\system32\DRIVERS\update.sys
0xBA550000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA2D8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA308000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA60A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA60E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7CB000 \SystemRoot\System32\Drivers\Null.SYS
0xBA610000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA400000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA408000 \SystemRoot\System32\drivers\vga.sys
0xBA612000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA614000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA410000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA418000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA594000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB45D7000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB457E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB4556000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB4530000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA148000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB450E000 \SystemRoot\System32\drivers\afd.sys
0xBA158000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA178000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB441B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB43AB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA188000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA428000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB4387000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB42D5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA646000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB865A000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA440000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6FF000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF051000 \SystemRoot\System32\ati2cqag.dll
0xBF08A000 \SystemRoot\System32\atikvmag.dll
0xBF0BF000 \SystemRoot\System32\ati3duag.dll
0xBF30C000 \SystemRoot\System32\ativvaxx.dll
0xB2099000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA458000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xBA490000 \SystemRoot\system32\DRIVERS\purendis.sys
0xB1E10000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB1DD3000 \SystemRoot\system32\drivers\wdmaud.sys
0xB2135000 \SystemRoot\system32\drivers\sysaudio.sys
0xB1BB4000 \SystemRoot\System32\Drivers\HTTP.sys
0xB1B0C000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA640000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xB1D15000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
0xB0E4D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB0A52000 \SystemRoot\system32\drivers\kmixer.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB06F1000 \SystemRoot\system32\DRIVERS\WUSB54GCv3.sys
0xB061E000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA61C000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB0609000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 84):
0 System Idle Process
4 System
632 C:\WINDOWS\system32\smss.exe
844 csrss.exe
876 C:\WINDOWS\system32\winlogon.exe
920 C:\WINDOWS\system32\services.exe
932 C:\WINDOWS\system32\lsass.exe
1120 C:\WINDOWS\system32\ati2evxx.exe
1136 C:\WINDOWS\system32\svchost.exe
1204 svchost.exe
1348 C:\WINDOWS\system32\svchost.exe
1580 svchost.exe
1680 svchost.exe
1984 C:\WINDOWS\system32\spoolsv.exe
144 svchost.exe
236 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
244 C:\WINDOWS\arservice.exe
332 C:\Program Files\Bonjour\mDNSResponder.exe
400 C:\WINDOWS\ehome\ehrecvr.exe
604 C:\WINDOWS\ehome\ehSched.exe
828 C:\Program Files\Java\jre6\bin\jqs.exe
124 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1256 C:\Program Files\LogMeIn\x86\ramaint.exe
1368 C:\Program Files\LogMeIn\x86\LogMeIn.exe
1472 C:\Program Files\LogMeIn\x86\LMIGuardian.exe
1876 C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
1900 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
488 svchost.exe
396 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
1404 mcrdsvc.exe
1836 wmiprvse.exe
3820 C:\WINDOWS\system32\dllhost.exe
3876 alg.exe
2968 C:\WINDOWS\system32\ati2evxx.exe
3624 C:\WINDOWS\explorer.exe
3632 C:\WINDOWS\system32\wscntfy.exe
2232 C:\WINDOWS\ehome\ehtray.exe
2444 C:\WINDOWS\arpwrmsg.exe
2976 C:\Program Files\DISC\DISCover.exe
2988 C:\Program Files\DISC\DISCUpdateMgr.exe
2992 C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
3028 C:\Program Files\DISC\DiscGui.exe
3180 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2824 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
3240 C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
3272 C:\WINDOWS\ehome\ehmsas.exe
2700 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
3444 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3544 C:\WINDOWS\system32\svchost.exe
440 C:\Program Files\LogMeIn\x86\LMIGuardian.exe
1772 C:\WINDOWS\soundman.exe
352 C:\Program Files\iTunes\iTunesHelper.exe
2460 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3040 C:\Program Files\DAEMON Tools Lite\DTLite.exe
4064 C:\WINDOWS\system32\ctfmon.exe
2792 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
452 C:\Program Files\iPod\bin\iPodService.exe
2844 C:\Program Files\DISC\DiscStreamHub.exe
468 C:\hp\KBD\kbd.exe
2280 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
2736 C:\WINDOWS\system\hpsysdrv.exe
3384 C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
2812 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2628 C:\Program Files\iTunes\iTunes.exe
2248 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
1860 C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
3100 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2180 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
3512 C:\Program Files\Avira\AntiVir Desktop\sched.exe
2884 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2336 C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
1100 C:\WINDOWS\system32\notepad.exe
5348 C:\WINDOWS\system32\calc.exe
4560 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
4500 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
5420 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
448 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
5160 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3456 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
4436 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
5616 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
572 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
4256 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
5768 C:\Documents and Settings\HP_Administrator\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000043`bf9c6000 (FAT32)

PhysicalDrive0 Model Number: WDCWD3000JS-60PDB0, Rev: 21.00M21

Size Device Name MBR Status
--------------------------------------------
279 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CEB


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Heh, there's the problem.

Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.

• Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  
• Enter 'Y' and then press Enter.
  
• When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  
• Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  
• Enter 0 and press the Enter key.
  
• The program will show Available MBR codes followed by a list of operating systems as shown below:
  

  Available MBR codes:
  [ 0] Default (Windows XP)
  [ 1] Windows XP
  [ 2] Windows Server 2003
  [ 3] Windows Vista
  [ 4] Windows 2008
  [ 5] Windows 7
  [-1] Cancel
  Please select the MBR code to write to this drive:
  

  
  

• Please select your version of Windows from the list and enter the corresponding number and then press Enter.
  
• When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
  
• Left-click on the title bar (where program name and path is written).
  
• From the menu chose Edit -> Select All.
  
• Press the Enter key to copy selected text.
  
• Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  
• When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  
• Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  
• If your computer does not restart on its own, please restart it manually.
  

Important Note: The Master Boot Record contains the Partition Table for the hard disk and a a little executable code for the boot start. While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the MBR, which may cause the computer to not boot up or it may corrupt a partition.

The following are signs of a damaged MBR:

• Invalid Partition Table
  
• Missing Operating System
  
• Error loading operating system
  

If it is the worst case scenario, and your computer cannot boot, please take note of the following:

Please have your Windows CD available, which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then, if any problems occur, the links below explain how to use and repair the MBR:

• How to use the Recovery Console
  
• How to fix MBR in Windows XP and Vista
  

If you do not have a Windows CD available, please let me know. You will need access to a computer that can burn CDs.

I have Hiren's Boot CD, can I use that?

Hello.
Nah, it's an XP system so we can use the RC.

Please reboot your computer, when prompted with a new menu that lists this:



Select the Recovery Console option. Next, enter option 1 for your OS.



When prompted with C:\Windows>, type in "fixmbr" without the quote marks. You may be prompted with a yes/no warning, if so enter yes.

Next, type exit and reboot your machine.

---

Next, please re-run MBRCheck and post the new log.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000ffc

Kernel Drivers (total 137):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9EB4000 splp.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E6E000 ACPI.sys
0xB9E5D000 pci.sys
0xBA0A8000 ohci1394.sys
0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA0C8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 viaide.sys
0xBA5AE000 intelide.sys
0xBA0D8000 MountMgr.sys
0xB9E3E000 ftdisk.sys
0xBA5B0000 dmload.sys
0xB9E18000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9D43000 iaStor.sys
0xB9D2B000 atapi.sys
0xB9CE8000 ftsata2.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9CC8000 fltmgr.sys
0xB9CB6000 sr.sys
0xBA118000 bb-run.sys
0xBA338000 PxHelp20.sys
0xB9C9F000 KSecDD.sys
0xB9C12000 Ntfs.sys
0xB9BE5000 NDIS.sys
0xB9BCB000 Mup.sys
0xB9041000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xBA450000 \SystemRoot\system32\DRIVERS\aracpi.sys
0xB8EF3000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB8EDF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA458000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB8EBB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA460000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA208000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8E98000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA468000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8D8C000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xBA470000 \SystemRoot\System32\Drivers\Modem.SYS
0xB8D78000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xBA218000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8989000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB8965000 \SystemRoot\system32\drivers\portcls.sys
0xBA228000 \SystemRoot\system32\drivers\drmk.sys
0xB892C000 \SystemRoot\System32\Drivers\anzpacvm.SYS
0xB8918000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA238000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA388000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA600000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
0xBA390000 \SystemRoot\system32\DRIVERS\PS2.sys
0xBA398000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA602000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
0xB97F1000 \SystemRoot\system32\DRIVERS\arpolicy.sys
0xBA7F7000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0xBA7F8000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA248000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB97ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8901000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA258000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA268000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB88F0000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA278000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB88C0000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA288000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA604000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8862000 \SystemRoot\system32\DRIVERS\update.sys
0xBA554000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA298000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA2C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA606000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA608000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA75D000 \SystemRoot\System32\Drivers\Null.SYS
0xBA60A000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3D8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3E0000 \SystemRoot\System32\drivers\vga.sys
0xBA60C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA60E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3E8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3F0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA59C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB4772000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB4719000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB46F1000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB46CB000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB46A9000 \SystemRoot\System32\drivers\afd.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA318000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB45DE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB456E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA148000 \SystemRoot\System32\Drivers\Fips.SYS
0xB4523000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA400000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA612000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB44FF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB4465000 \SystemRoot\system32\DRIVERS\WUSB54GCv3.sys
0xBA168000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB444D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA620000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB884A000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA410000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6E4000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF051000 \SystemRoot\System32\ati2cqag.dll
0xBF08A000 \SystemRoot\System32\atikvmag.dll
0xBF0BF000 \SystemRoot\System32\ati3duag.dll
0xBF30C000 \SystemRoot\System32\ativvaxx.dll
0xB21F8000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB2225000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA430000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xBA438000 \SystemRoot\system32\DRIVERS\purendis.sys
0xB1F73000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB1F0E000 \SystemRoot\system32\drivers\wdmaud.sys
0xB2030000 \SystemRoot\system32\drivers\sysaudio.sys
0xB1A1D000 \SystemRoot\System32\Drivers\HTTP.sys
0xB1975000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA5EA000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xB1B36000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
0xB0A72000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 75):
0 System Idle Process
4 System
640 C:\WINDOWS\system32\smss.exe
892 csrss.exe
924 C:\WINDOWS\system32\winlogon.exe
968 C:\WINDOWS\system32\services.exe
980 C:\WINDOWS\system32\lsass.exe
1172 C:\WINDOWS\system32\ati2evxx.exe
1188 C:\WINDOWS\system32\svchost.exe
1248 svchost.exe
1392 C:\WINDOWS\system32\svchost.exe
1444 svchost.exe
1724 svchost.exe
2028 C:\WINDOWS\system32\spoolsv.exe
220 C:\Program Files\Avira\AntiVir Desktop\sched.exe
276 svchost.exe
436 C:\WINDOWS\system32\ati2evxx.exe
544 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
396 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
684 C:\WINDOWS\arservice.exe
816 C:\WINDOWS\explorer.exe
840 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
660 C:\Program Files\Bonjour\mDNSResponder.exe
900 C:\WINDOWS\ehome\ehrecvr.exe
1308 C:\WINDOWS\ehome\ehSched.exe
1620 C:\Program Files\Java\jre6\bin\jqs.exe
1432 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1744 C:\Program Files\LogMeIn\x86\ramaint.exe
368 C:\Program Files\LogMeIn\x86\LogMeIn.exe
516 C:\Program Files\LogMeIn\x86\LMIGuardian.exe
780 C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
1028 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1560 svchost.exe
2068 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
2184 C:\WINDOWS\system32\wuauclt.exe
2264 mcrdsvc.exe
2748 wmiprvse.exe
2848 C:\WINDOWS\ehome\ehtray.exe
2888 C:\WINDOWS\arpwrmsg.exe
2984 C:\Program Files\DISC\DISCover.exe
2992 C:\Program Files\DISC\DISCUpdateMgr.exe
3004 C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
3020 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
3060 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3068 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
3116 C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
3164 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
3184 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3240 C:\Program Files\DISC\DiscGui.exe
3340 C:\Program Files\LogMeIn\x86\LMIGuardian.exe
3360 C:\WINDOWS\soundman.exe
3576 C:\Program Files\iTunes\iTunesHelper.exe
3616 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3776 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3796 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
3896 C:\Program Files\DAEMON Tools Lite\DTLite.exe
4092 C:\WINDOWS\system32\ctfmon.exe
2076 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3252 C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe
3076 C:\WINDOWS\system32\dllhost.exe
3404 wmiprvse.exe
3592 C:\Program Files\iPod\bin\iPodService.exe
2780 alg.exe
312 C:\WINDOWS\system32\svchost.exe
1908 C:\WINDOWS\ehome\ehmsas.exe
3128 C:\Program Files\DISC\DiscStreamHub.exe
2724 C:\Program Files\iTunes\iTunes.exe
3148 C:\WINDOWS\system32\wscntfy.exe
2284 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1820 C:\Program Files\Mozilla Firefox\firefox.exe
3376 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2440 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
192 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
868 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
4056 C:\Documents and Settings\HP_Administrator\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000043`bf9c6000 (FAT32)

PhysicalDrive0 Model Number: WDCWD3000JS-60PDB0, Rev: 21.00M21

Size Device Name MBR Status
--------------------------------------------
279 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CEB


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000ffc

Kernel Drivers (total 137):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9EB4000 splp.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E6E000 ACPI.sys
0xB9E5D000 pci.sys
0xBA0A8000 ohci1394.sys
0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA0C8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 viaide.sys
0xBA5AE000 intelide.sys
0xBA0D8000 MountMgr.sys
0xB9E3E000 ftdisk.sys
0xBA5B0000 dmload.sys
0xB9E18000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9D43000 iaStor.sys
0xB9D2B000 atapi.sys
0xB9CE8000 ftsata2.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9CC8000 fltmgr.sys
0xB9CB6000 sr.sys
0xBA118000 bb-run.sys
0xBA338000 PxHelp20.sys
0xB9C9F000 KSecDD.sys
0xB9C12000 Ntfs.sys
0xB9BE5000 NDIS.sys
0xB9BCB000 Mup.sys
0xB9041000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xBA450000 \SystemRoot\system32\DRIVERS\aracpi.sys
0xB8EF3000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB8EDF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA458000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB8EBB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA460000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA208000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8E98000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA468000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8D8C000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xBA470000 \SystemRoot\System32\Drivers\Modem.SYS
0xB8D78000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xBA218000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8989000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB8965000 \SystemRoot\system32\drivers\portcls.sys
0xBA228000 \SystemRoot\system32\drivers\drmk.sys
0xB892C000 \SystemRoot\System32\Drivers\anzpacvm.SYS
0xB8918000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA238000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA388000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA600000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
0xBA390000 \SystemRoot\system32\DRIVERS\PS2.sys
0xBA398000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA602000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
0xB97F1000 \SystemRoot\system32\DRIVERS\arpolicy.sys
0xBA7F7000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0xBA7F8000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA248000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB97ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8901000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA258000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA268000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB88F0000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA278000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB88C0000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA288000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA604000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8862000 \SystemRoot\system32\DRIVERS\update.sys
0xBA554000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA298000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA2C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA606000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA608000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA75D000 \SystemRoot\System32\Drivers\Null.SYS
0xBA60A000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3D8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3E0000 \SystemRoot\System32\drivers\vga.sys
0xBA60C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA60E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3E8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3F0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA59C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB4772000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB4719000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB46F1000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB46CB000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB46A9000 \SystemRoot\System32\drivers\afd.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA318000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB45DE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB456E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA148000 \SystemRoot\System32\Drivers\Fips.SYS
0xB4523000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA400000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA612000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB44FF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB4465000 \SystemRoot\system32\DRIVERS\WUSB54GCv3.sys
0xBA168000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB444D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA620000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB884A000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA410000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6E4000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF051000 \SystemRoot\System32\ati2cqag.dll
0xBF08A000 \SystemRoot\System32\atikvmag.dll
0xBF0BF000 \SystemRoot\System32\ati3duag.dll
0xBF30C000 \SystemRoot\System32\ativvaxx.dll
0xB21F8000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB2225000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA430000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xBA438000 \SystemRoot\system32\DRIVERS\purendis.sys
0xB1F73000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB1F0E000 \SystemRoot\system32\drivers\wdmaud.sys
0xB2030000 \SystemRoot\system32\drivers\sysaudio.sys
0xB1A1D000 \SystemRoot\System32\Drivers\HTTP.sys
0xB1975000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA5EA000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xB1B36000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
0xB0A72000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 76):
0 System Idle Process
4 System
640 C:\WINDOWS\system32\smss.exe
892 csrss.exe
924 C:\WINDOWS\system32\winlogon.exe
968 C:\WINDOWS\system32\services.exe
980 C:\WINDOWS\system32\lsass.exe
1172 C:\WINDOWS\system32\ati2evxx.exe
1188 C:\WINDOWS\system32\svchost.exe
1248 svchost.exe
1392 C:\WINDOWS\system32\svchost.exe
1444 svchost.exe
1724 svchost.exe
2028 C:\WINDOWS\system32\spoolsv.exe
220 C:\Program Files\Avira\AntiVir Desktop\sched.exe
276 svchost.exe
436 C:\WINDOWS\system32\ati2evxx.exe
544 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
396 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
684 C:\WINDOWS\arservice.exe
816 C:\WINDOWS\explorer.exe
840 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
660 C:\Program Files\Bonjour\mDNSResponder.exe
900 C:\WINDOWS\ehome\ehrecvr.exe
1308 C:\WINDOWS\ehome\ehSched.exe
1620 C:\Program Files\Java\jre6\bin\jqs.exe
1432 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1744 C:\Program Files\LogMeIn\x86\ramaint.exe
368 C:\Program Files\LogMeIn\x86\LogMeIn.exe
516 C:\Program Files\LogMeIn\x86\LMIGuardian.exe
780 C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
1028 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1560 svchost.exe
2068 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
2264 mcrdsvc.exe
2748 wmiprvse.exe
2848 C:\WINDOWS\ehome\ehtray.exe
2888 C:\WINDOWS\arpwrmsg.exe
2984 C:\Program Files\DISC\DISCover.exe
2992 C:\Program Files\DISC\DISCUpdateMgr.exe
3004 C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
3060 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3068 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
3116 C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
3164 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
3184 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3240 C:\Program Files\DISC\DiscGui.exe
3340 C:\Program Files\LogMeIn\x86\LMIGuardian.exe
3360 C:\WINDOWS\soundman.exe
3576 C:\Program Files\iTunes\iTunesHelper.exe
3616 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3776 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3896 C:\Program Files\DAEMON Tools Lite\DTLite.exe
4092 C:\WINDOWS\system32\ctfmon.exe
2076 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3252 C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe
3076 C:\WINDOWS\system32\dllhost.exe
3592 C:\Program Files\iPod\bin\iPodService.exe
2780 alg.exe
312 C:\WINDOWS\system32\svchost.exe
1908 C:\WINDOWS\ehome\ehmsas.exe
3128 C:\Program Files\DISC\DiscStreamHub.exe
2724 C:\Program Files\iTunes\iTunes.exe
3148 C:\WINDOWS\system32\wscntfy.exe
2284 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3376 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2440 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
192 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1424 C:\hp\KBD\kbd.exe
2940 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
720 C:\WINDOWS\system\hpsysdrv.exe
1348 C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
2932 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3544 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3488 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1980 C:\Documents and Settings\HP_Administrator\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000043`bf9c6000 (FAT32)

PhysicalDrive0 Model Number: WDCWD3000JS-60PDB0, Rev: 21.00M21

Size Device Name MBR Status
--------------------------------------------
279 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CEB


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: dump.datDumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!

Can you attach the dump in your next post?