Inactive Computer running incredibly slow, and it is spreading

Status
Not open for further replies.

Corsaiga

Posts: 18   +0
Hey there fellas, I have been working on a computer on our network here at work, it had reports of taking about 20 minutes to start up, and once started, it just moved incredibly slow, with windows messages of "virtual memory too low." I did standard protocol and started up in safe mode, running malewarebytes, symantec AV scan, and Barracuda malware removal tool. Baracuda found one infected registry key, "Adware.MyWebSearch" but was unable to fix it. I googled the virus and got the same answer of using Bit defender to get rid of it from multiple sites. Bit defender got rid of the virus, but also found "Win32.Sobig.C@mm" which I googled to find out is a worm. BitDefender got rid of it, but the computer showed no signs of improvement.

Since then I have had 4 others, on the same network, come to me with reports of their computers taking forever to start up and moving slowly. (I, and many others, are on the same network, and we are moving as fast as ever, so I don't think our server is infected.) I have scanned 2 of the 4 computer so far, and all scans have come up clean (same tools as used on the first computer, including bit defender)

So now I turn to the experts. I have attached the needed log files from the first computer since they are quite long. Thanks in advance for any help you can provide.

Justin

Edit: In case it is of any importance, I had to run gmer in safe mode because it would not complete the scan in normal mode.
 

Attachments

  • mbam-log-2010-08-12 (09-49-22).txt
    846 bytes · Views: 2
  • gmer.log
    28.4 KB · Views: 1
  • DDS.txt
    9.6 KB · Views: 1
  • Attach.txt
    17.7 KB · Views: 0
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Sorry for taking so long, had a wedding to attend to.

MBR
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x010c000d

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF89C1000 \WINDOWS\system32\KDCOM.DLL
0xF88D1000 \WINDOWS\system32\BOOTVID.dll
0xF8472000 ACPI.sys
0xF89C3000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8461000 pci.sys
0xF84C1000 isapnp.sys
0xF8A89000 pciide.sys
0xF8741000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF84D1000 MountMgr.sys
0xF8442000 ftdisk.sys
0xF89C5000 dmload.sys
0xF841C000 dmio.sys
0xF8749000 PartMgr.sys
0xF84E1000 VolSnap.sys
0xF8404000 atapi.sys
0xF84F1000 disk.sys
0xF8501000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF83E4000 fltmgr.sys
0xF83D2000 sr.sys
0xF8751000 PxHelp20.sys
0xF83BB000 KSecDD.sys
0xF832E000 Ntfs.sys
0xF8301000 NDIS.sys
0xF82E7000 Mup.sys
0xF8288000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF8274000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8861000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF8250000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8869000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF8226000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF8551000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8871000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8879000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8212000 \SystemRoot\system32\DRIVERS\parport.sys
0xF8561000 \SystemRoot\system32\DRIVERS\serial.sys
0xF8989000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF8881000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF8571000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8581000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF8591000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF85A1000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF81EF000 \SystemRoot\system32\DRIVERS\ks.sys
0xF85B1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF8161000 \SystemRoot\system32\drivers\smwdm.sys
0xF813D000 \SystemRoot\system32\drivers\portcls.sys
0xF85C1000 \SystemRoot\system32\drivers\drmk.sys
0xF8125000 \SystemRoot\system32\drivers\aeaudio.sys
0xF85F1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8A0D000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF8B76000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF8611000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8991000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF810E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8621000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8631000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8891000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF80FD000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8641000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8899000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF88A1000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF80A7000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8661000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8049000 \SystemRoot\system32\DRIVERS\teefer2.sys
0xF8A0F000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7FEB000 \SystemRoot\system32\DRIVERS\update.sys
0xF89B5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xEFF57000 \SystemRoot\system32\drivers\ialmkchw.sys
0xEFF3B000 \SystemRoot\system32\drivers\ialmsbw.sys
0xF8681000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF86E1000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8A13000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF88B1000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xEFE29000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xF88B9000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xEFCB8000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xEFF1B000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xF89E5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8AEA000 \SystemRoot\System32\Drivers\Null.SYS
0xF89E7000 \SystemRoot\System32\Drivers\Beep.SYS
0xF87F1000 \SystemRoot\System32\drivers\vga.sys
0xF89E9000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF89EB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF87F9000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8801000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8969000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEFC71000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEFC18000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEFBEA000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xEFBC4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF8511000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF86C1000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
0xEFB9C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEFB7A000 \SystemRoot\System32\drivers\afd.sys
0xF86D1000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEFB10000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xEFAE5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEFA75000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8541000 \SystemRoot\System32\Drivers\Fips.SYS
0xEFA17000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xEF9FA000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xEFF2B000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEF9BA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF89F3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8087000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8819000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8BCF000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF01F000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF071000 \SystemRoot\System32\ialmdd5.DLL
0xEF896000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEF415000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEF39E000 \??\C:\WINDOWS\system32\drivers\WpsHelper.sys
0xEF2C1000 \SystemRoot\system32\drivers\wdmaud.sys
0xEF47A000 \SystemRoot\system32\drivers\sysaudio.sys
0xF8A37000 \SystemRoot\System32\Drivers\MCSTRM.SYS
0xEF157000 \SystemRoot\system32\DRIVERS\srv.sys
0xF87A9000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xEE783000 \SystemRoot\System32\Drivers\HTTP.sys
0xEE277000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100814.002\NAVEX15.SYS
0xEE263000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100814.002\NAVENG.SYS
0xEDF8D000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 47):
0 System Idle Process
4 System
884 C:\WINDOWS\system32\smss.exe
932 csrss.exe
956 C:\WINDOWS\system32\winlogon.exe
1000 C:\WINDOWS\system32\services.exe
1012 C:\WINDOWS\system32\lsass.exe
1180 C:\WINDOWS\system32\svchost.exe
1284 svchost.exe
1396 C:\WINDOWS\system32\svchost.exe
1460 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
1608 svchost.exe
1700 svchost.exe
1844 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
180 C:\WINDOWS\system32\spoolsv.exe
664 svchost.exe
784 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
868 C:\Program Files\Bonjour\mDNSResponder.exe
1360 C:\Program Files\Java\jre6\bin\jqs.exe
1492 C:\WINDOWS\explorer.exe
2036 C:\WINDOWS\system32\PSIService.exe
456 C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe
1480 C:\WINDOWS\system32\igfxtray.exe
1496 C:\WINDOWS\system32\hkcmd.exe
1156 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
1536 C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
1744 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
1784 C:\Program Files\QuickTime\QTTask.exe
1920 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
1980 C:\Program Files\iTunes\iTunesHelper.exe
288 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
1068 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
1532 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2116 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
2176 C:\WINDOWS\system32\svchost.exe
2184 C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe
2192 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
2236 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2264 C:\WINDOWS\system32\ctfmon.exe
2476 C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe
2608 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
2944 C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
812 C:\Program Files\iPod\bin\iPodService.exe
2052 alg.exe
3812 C:\Program Files\Internet Explorer\iexplore.exe
3960 C:\Program Files\Internet Explorer\iexplore.exe
3744 C:\Documents and Settings\chancock\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800BB-60JKA0, Rev: 05.01C05

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: BBF289AC40BA09F2CC1797655D4799D2AB148CB5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
Combo fix

ComboFix 10-08-15.04 - cwright 08/16/2010 13:17:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.183 [GMT -4:00]
Running from: c:\documents and settings\chancock\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\drivers\fad.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
.

2010-08-10 18:10 . 2010-08-10 18:10 -------- d-sh--w- c:\documents and settings\administrator.ENGLISHCONST\PrivacIE
2010-08-10 18:10 . 2010-08-10 18:10 -------- d-----w- c:\documents and settings\administrator.ENGLISHCONST\Local Settings\Application Data\Google
2010-08-10 15:29 . 2010-08-10 15:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-08-10 15:29 . 2010-08-10 15:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-08-10 15:29 . 2010-08-10 15:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-10 15:28 . 2010-08-10 15:28 31304 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-10 15:26 . 2010-08-10 15:26 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-10 13:45 . 2010-08-12 15:27 81984 ----a-w- c:\windows\system32\bdod.bin
2010-08-10 13:39 . 2010-08-10 13:40 -------- d-----w- c:\program files\Common Files\Softwin
2010-08-10 13:33 . 2010-08-10 13:33 -------- d-----w- c:\documents and settings\administrator.ENGLISHCONST\Application Data\Malwarebytes
2010-08-10 13:33 . 2010-08-10 13:33 -------- d-----w- c:\documents and settings\administrator.ENGLISHCONST\Application Data\Share-to-Web Upload Folder
2010-08-10 13:32 . 2010-08-10 13:32 -------- d-sh--w- c:\documents and settings\administrator.ENGLISHCONST\IETldCache
2010-08-06 16:11 . 2010-08-06 16:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-06 15:59 . 2010-08-06 15:59 -------- d-----w- c:\documents and settings\chancock\Application Data\Barracuda
2010-08-06 14:28 . 2010-08-06 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Barracuda
2010-08-06 14:28 . 2010-05-26 23:30 38352 ----a-w- c:\windows\system32\drivers\bmrtswissarmy.sys
2010-08-06 14:28 . 2010-08-06 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Barracuda
2010-08-06 14:28 . 2010-08-06 14:28 -------- d-----w- c:\program files\Barracuda
2010-08-06 14:26 . 2010-08-06 14:26 -------- d-----w- c:\program files\CCleaner
2010-08-06 14:24 . 2010-08-06 14:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-06 14:24 . 2010-08-06 14:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 20:02 . 2010-08-05 20:02 61440 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-47e68a3f-n\decora-sse.dll
2010-08-05 20:02 . 2010-08-05 20:02 503808 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ca9183d-n\msvcp71.dll
2010-08-05 20:02 . 2010-08-05 20:02 499712 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ca9183d-n\jmc.dll
2010-08-05 20:02 . 2010-08-05 20:02 348160 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ca9183d-n\msvcr71.dll
2010-08-05 20:02 . 2010-08-05 20:02 12800 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-47e68a3f-n\decora-d3d.dll
2010-07-08 16:26 . 2010-07-08 16:26 -------- d-----w- c:\documents and settings\chancock\Application Data\GARMIN
2010-06-30 12:31 . 2004-08-04 08:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 08:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 08:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 08:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-04 08:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 08:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-02 23:59 . 2008-06-20 03:12 161920 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
2010-06-02 15:31 . 2005-04-07 13:30 31304 ----a-w- c:\documents and settings\chancock\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-02 15:09 . 2010-06-01 13:22 503808 ------w- c:\windows\Setup1.exe
2010-06-02 15:09 . 2010-06-01 13:22 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-05-27 20:02 . 2010-05-27 20:02 61440 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-69bdbc46-n\decora-sse.dll
2010-05-27 20:02 . 2010-05-27 20:02 503808 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22b078d4-n\msvcp71.dll
2010-05-27 20:02 . 2010-05-27 20:02 499712 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22b078d4-n\jmc.dll
2010-05-27 20:02 . 2010-05-27 20:02 348160 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22b078d4-n\msvcr71.dll
2010-05-27 20:02 . 2010-05-27 20:02 12800 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-69bdbc46-n\decora-d3d.dll
2008-11-03 14:56 . 2008-11-03 14:56 190 ----a-w- c:\program files\Common Files\psasetup.log
2007-12-11 21:27 . 2007-12-11 21:27 8 --sh--r- c:\windows\system32\D8A1ECF8E8.sys
2008-10-09 18:30 . 2007-12-11 21:27 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-19 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-03-11 114688]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2004-12-15 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-12-18 115560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SimNotify.exe"="c:\program files\Sage\SIM\Client\SimNotify.exe" [2010-04-14 38696]
"Corel Photo Downloader"="c:\program files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe" [2007-02-06 478800]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Start Pervasive PSQL Workgroup Engine.lnk - c:\windows\Installer\{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe [2010-6-1 92854]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1950072679-626140327-4129173426-1268\Scripts\Logon\0\0]
"Script"=c:\windows\SYSVOL\sysvol\englishconst.com\scripts\logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1950072679-626140327-4129173426-500\Scripts\Logon\0\0]
"Script"=c:\windows\SYSVOL\sysvol\englishconst.com\scripts\logon.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"=

R2 Sage.LS1.ServiceHost.1.0;Sage Service Host (v1.0);c:\program files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe [4/7/2010 8:04 PM 107816]
R2 SageInstMgrClient;Sage Installation Manager Client;c:\program files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe [4/14/2010 4:01 AM 15144]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 8:32 AM 102448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 6:17 PM 23888]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp
uInternet Settings,ProxyServer = 192.168.0.2:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {D5547583-BD46-4A7F-B9EF-21ABCE83F7FE} = 192.168.0.2,192.168.0.4
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
Notify-NavLogon - (no file)
SafeBoot-Symantec Antvirus
AddRemove-HijackThis - E:\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 13:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1950072679-626140327-4129173426-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,d7,14,ec,8d,72,77,4b,9e,b6,54,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,d7,14,ec,8d,72,77,4b,9e,b6,54,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1012)
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(2336)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PSIService.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-08-16 13:36:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-16 17:36

Pre-Run: 56,997,900,288 bytes free
Post-Run: 56,886,300,672 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 0829ED4A46559AC438D5EB79D5AA2696
 
Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Pres the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 1 for Windows XP, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot, run MBRCheck again and post new log.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF89C1000 \WINDOWS\system32\KDCOM.DLL
0xF88D1000 \WINDOWS\system32\BOOTVID.dll
0xF8472000 ACPI.sys
0xF89C3000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8461000 pci.sys
0xF84C1000 isapnp.sys
0xF8A89000 pciide.sys
0xF8741000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF84D1000 MountMgr.sys
0xF8442000 ftdisk.sys
0xF89C5000 dmload.sys
0xF841C000 dmio.sys
0xF8749000 PartMgr.sys
0xF84E1000 VolSnap.sys
0xF8404000 atapi.sys
0xF84F1000 disk.sys
0xF8501000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF83E4000 fltmgr.sys
0xF83D2000 sr.sys
0xF8751000 PxHelp20.sys
0xF83BB000 KSecDD.sys
0xF832E000 Ntfs.sys
0xF8301000 NDIS.sys
0xF82E7000 Mup.sys
0xF8288000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF8274000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8879000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF8250000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8881000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF8226000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF8561000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8889000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8891000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8212000 \SystemRoot\system32\DRIVERS\parport.sys
0xF8571000 \SystemRoot\system32\DRIVERS\serial.sys
0xF898D000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF8899000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF8581000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8591000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF85A1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF85B1000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF81EF000 \SystemRoot\system32\DRIVERS\ks.sys
0xF85C1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF8161000 \SystemRoot\system32\drivers\smwdm.sys
0xF813D000 \SystemRoot\system32\drivers\portcls.sys
0xF85D1000 \SystemRoot\system32\drivers\drmk.sys
0xF8125000 \SystemRoot\system32\drivers\aeaudio.sys
0xF85E1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8A11000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF8B6C000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF85F1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8995000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF810E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8601000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8611000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF88A1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF80FD000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8621000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF88A9000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF88B1000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF80CD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8631000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF806F000 \SystemRoot\system32\DRIVERS\teefer2.sys
0xF8A13000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7FEB000 \SystemRoot\system32\DRIVERS\update.sys
0xF89BD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xEFF57000 \SystemRoot\system32\drivers\ialmkchw.sys
0xEFF3B000 \SystemRoot\system32\drivers\ialmsbw.sys
0xF8651000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8691000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8A15000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF88C1000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xEFDE9000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xF8761000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xEFC9D000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100814.002\NAVEX15.SYS
0xEFC78000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xEFC64000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100814.002\NAVENG.SYS
0xEFEDB000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xF89F9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8A8D000 \SystemRoot\System32\Drivers\Null.SYS
0xF89FB000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8809000 \SystemRoot\System32\drivers\vga.sys
0xF89FD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF89FF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8811000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8819000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8959000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEFC31000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEFBD8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEFBAA000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xEFB84000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF8661000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF8681000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
0xEFB34000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEFB12000 \SystemRoot\System32\drivers\afd.sys
0xF86B1000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEFAA8000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xEFA7D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEFA0D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8721000 \SystemRoot\System32\Drivers\Fips.SYS
0xEF9AF000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xEF992000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xF8701000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEF97A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8A03000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF80B1000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8839000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8B39000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF01F000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF071000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEF85E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEF47B000 \??\C:\WINDOWS\system32\drivers\WpsHelper.sys
0xEF3AE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF89EF000 \SystemRoot\System32\Drivers\MCSTRM.SYS
0xEF217000 \SystemRoot\system32\DRIVERS\srv.sys
0xEEE42000 \SystemRoot\system32\drivers\wdmaud.sys
0xEF6EA000 \SystemRoot\system32\drivers\sysaudio.sys
0xEE923000 \SystemRoot\System32\Drivers\HTTP.sys
0xF8849000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xEE4C0000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
884 C:\WINDOWS\system32\smss.exe
932 csrss.exe
956 C:\WINDOWS\system32\winlogon.exe
1000 C:\WINDOWS\system32\services.exe
1012 C:\WINDOWS\system32\lsass.exe
1184 C:\WINDOWS\system32\svchost.exe
1288 svchost.exe
1400 C:\WINDOWS\system32\svchost.exe
1476 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
1688 svchost.exe
1772 svchost.exe
1816 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
2032 C:\WINDOWS\system32\spoolsv.exe
644 svchost.exe
696 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
760 C:\Program Files\Bonjour\mDNSResponder.exe
1704 C:\Program Files\Java\jre6\bin\jqs.exe
1796 C:\WINDOWS\system32\PSIService.exe
452 C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe
652 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
716 C:\WINDOWS\system32\svchost.exe
740 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
1236 C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe
1620 C:\WINDOWS\system32\wuauclt.exe
2756 alg.exe
3436 C:\WINDOWS\explorer.exe
3464 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
2924 C:\WINDOWS\system32\igfxtray.exe
2948 C:\WINDOWS\system32\hkcmd.exe
2992 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
3024 C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
3148 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
3332 C:\Program Files\QuickTime\QTTask.exe
3340 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
3348 C:\Program Files\iTunes\iTunesHelper.exe
3456 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
3600 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
3980 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4048 C:\Program Files\Sage\SIM\Client\SimNotify.exe
1596 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3692 C:\WINDOWS\system32\ctfmon.exe
3052 C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
4024 C:\Program Files\iPod\bin\iPodService.exe
1644 C:\Program Files\Internet Explorer\iexplore.exe
588 C:\Program Files\Internet Explorer\iexplore.exe
2720 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
200 SescLU.exe
3756 C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
2940 C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
2044 C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
1072 C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800BB-60JKA0, Rev: 05.01C05

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: BBF289AC40BA09F2CC1797655D4799D2AB148CB5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
 
After Reboot

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 127):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF89C1000 \WINDOWS\system32\KDCOM.DLL
0xF88D1000 \WINDOWS\system32\BOOTVID.dll
0xF8472000 ACPI.sys
0xF89C3000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8461000 pci.sys
0xF84C1000 isapnp.sys
0xF8A89000 pciide.sys
0xF8741000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF84D1000 MountMgr.sys
0xF8442000 ftdisk.sys
0xF89C5000 dmload.sys
0xF841C000 dmio.sys
0xF8749000 PartMgr.sys
0xF84E1000 VolSnap.sys
0xF8404000 atapi.sys
0xF84F1000 disk.sys
0xF8501000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF83E4000 fltmgr.sys
0xF83D2000 sr.sys
0xF8751000 PxHelp20.sys
0xF83BB000 KSecDD.sys
0xF832E000 Ntfs.sys
0xF8301000 NDIS.sys
0xF82E7000 Mup.sys
0xF8288000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF8274000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8849000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF8250000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8851000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF8226000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF8731000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8859000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8861000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8212000 \SystemRoot\system32\DRIVERS\parport.sys
0xF8511000 \SystemRoot\system32\DRIVERS\serial.sys
0xF8985000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF8869000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF8521000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8531000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF8541000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8551000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF81EF000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8561000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF8161000 \SystemRoot\system32\drivers\smwdm.sys
0xF813D000 \SystemRoot\system32\drivers\portcls.sys
0xF8571000 \SystemRoot\system32\drivers\drmk.sys
0xF8125000 \SystemRoot\system32\drivers\aeaudio.sys
0xF8581000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF89F7000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF8B08000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF8591000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF898D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF810E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF85A1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF85B1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8871000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF80FD000 \SystemRoot\system32\DRIVERS\psched.sys
0xF85C1000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8879000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8881000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF80CD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF85D1000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF806F000 \SystemRoot\system32\DRIVERS\teefer2.sys
0xF89F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF8011000 \SystemRoot\system32\DRIVERS\update.sys
0xF89B9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xEFF57000 \SystemRoot\system32\drivers\ialmkchw.sys
0xEFF3B000 \SystemRoot\system32\drivers\ialmsbw.sys
0xF85F1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8621000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF89FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8889000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xEFDE9000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xF8891000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xEEEDD000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100814.002\NAVEX15.SYS
0xEEEB8000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xEEEA4000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100814.002\NAVENG.SYS
0xEFF0B000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xF8A0D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8BA6000 \SystemRoot\System32\Drivers\Null.SYS
0xF8A0F000 \SystemRoot\System32\Drivers\Beep.SYS
0xF88A9000 \SystemRoot\System32\drivers\vga.sys
0xF8A11000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8A13000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF88B1000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF88B9000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8961000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEEE71000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEEE18000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEEDEA000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xEEDC4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEFEFB000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
0xEED9C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEED7A000 \SystemRoot\System32\drivers\afd.sys
0xEFEEB000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEED10000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xEFEAB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEECE5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEEC75000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8601000 \SystemRoot\System32\Drivers\Fips.SYS
0xEEC17000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xEEBFA000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xF86B1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEEB1A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8A17000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF80B9000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8761000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8B6B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF01F000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF071000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEEAA6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEE61B000 \??\C:\WINDOWS\system32\drivers\WpsHelper.sys
0xEE5EE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF89F1000 \SystemRoot\System32\Drivers\MCSTRM.SYS
0xEE457000 \SystemRoot\system32\DRIVERS\srv.sys
0xEDF42000 \SystemRoot\system32\drivers\wdmaud.sys
0xEE506000 \SystemRoot\system32\drivers\sysaudio.sys
0xEDC53000 \SystemRoot\System32\Drivers\HTTP.sys
0xF8779000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 50):
0 System Idle Process
4 System
880 C:\WINDOWS\system32\smss.exe
928 csrss.exe
952 C:\WINDOWS\system32\winlogon.exe
996 C:\WINDOWS\system32\services.exe
1008 C:\WINDOWS\system32\lsass.exe
1184 C:\WINDOWS\system32\svchost.exe
1284 svchost.exe
1396 C:\WINDOWS\system32\svchost.exe
1444 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
1644 svchost.exe
1760 svchost.exe
1812 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
2024 C:\WINDOWS\system32\spoolsv.exe
660 svchost.exe
708 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
748 C:\Program Files\Bonjour\mDNSResponder.exe
1484 C:\Program Files\Java\jre6\bin\jqs.exe
1672 C:\WINDOWS\system32\PSIService.exe
184 C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe
468 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
528 C:\WINDOWS\system32\svchost.exe
544 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
872 C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe
1228 C:\WINDOWS\system32\wuauclt.exe
2512 alg.exe
3312 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
2428 C:\WINDOWS\explorer.exe
828 C:\WINDOWS\system32\igfxtray.exe
1460 C:\WINDOWS\system32\hkcmd.exe
1536 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
3888 C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
2188 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
2260 C:\Program Files\QuickTime\QTTask.exe
2276 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
2284 C:\Program Files\iTunes\iTunesHelper.exe
2712 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
1272 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3592 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3652 C:\WINDOWS\system32\ctfmon.exe
3772 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
1852 C:\Program Files\iPod\bin\iPodService.exe
1488 C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
2968 SescLU.exe
4016 C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
2312 C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
2932 C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
720 C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\MBRCheck.exe
2584 C:\Program Files\Common Files\Java\Java Update\jucheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800BB-60JKA0, Rev: 05.01C05

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: BBF289AC40BA09F2CC1797655D4799D2AB148CB5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
Our fix didn't work :(
Let's try a different way...

Restart computer
When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

You should get a black screen with a C:\> prompt. Type with an Enter after each line:

fixmbr

(If it asks you if you are sure then say "Y".)

exit

Reboot computer.

Post fresh MBRCheck log.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF89C1000 \WINDOWS\system32\KDCOM.DLL
0xF88D1000 \WINDOWS\system32\BOOTVID.dll
0xF8472000 ACPI.sys
0xF89C3000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8461000 pci.sys
0xF84C1000 isapnp.sys
0xF8A89000 pciide.sys
0xF8741000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF84D1000 MountMgr.sys
0xF8442000 ftdisk.sys
0xF89C5000 dmload.sys
0xF841C000 dmio.sys
0xF8749000 PartMgr.sys
0xF84E1000 VolSnap.sys
0xF8404000 atapi.sys
0xF84F1000 disk.sys
0xF8501000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF83E4000 fltmgr.sys
0xF83D2000 sr.sys
0xF8751000 PxHelp20.sys
0xF83BB000 KSecDD.sys
0xF832E000 Ntfs.sys
0xF8301000 NDIS.sys
0xF82E7000 Mup.sys
0xF8288000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF8274000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8829000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF8250000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8831000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF8226000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF8591000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8839000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8841000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8212000 \SystemRoot\system32\DRIVERS\parport.sys
0xF85A1000 \SystemRoot\system32\DRIVERS\serial.sys
0xF8995000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF8849000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF85B1000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF85C1000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF85D1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF85E1000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF81EF000 \SystemRoot\system32\DRIVERS\ks.sys
0xF85F1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF8161000 \SystemRoot\system32\drivers\smwdm.sys
0xF813D000 \SystemRoot\system32\drivers\portcls.sys
0xF8601000 \SystemRoot\system32\drivers\drmk.sys
0xF8125000 \SystemRoot\system32\drivers\aeaudio.sys
0xF8611000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8A19000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF8B49000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF8621000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF899D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF810E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8631000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8641000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8851000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF80FD000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8651000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8859000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8861000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF80CD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8661000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF806F000 \SystemRoot\system32\DRIVERS\teefer2.sys
0xF8A1B000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF8011000 \SystemRoot\system32\DRIVERS\update.sys
0xF82C3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xEFF57000 \SystemRoot\system32\drivers\ialmkchw.sys
0xEFF3B000 \SystemRoot\system32\drivers\ialmsbw.sys
0xF8681000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF86D1000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8A1D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8869000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xEFDE9000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xF8879000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xEFC9D000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100816.016\NAVEX15.SYS
0xEFC78000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xEFC64000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100816.016\NAVENG.SYS
0xEFEEB000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xF89F5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8BD7000 \SystemRoot\System32\Drivers\Null.SYS
0xF89F7000 \SystemRoot\System32\Drivers\Beep.SYS
0xF87C9000 \SystemRoot\System32\drivers\vga.sys
0xF89F9000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF89FB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF87D1000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF87D9000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8981000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEFC31000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEFBD8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEFBAA000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xEFB84000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF86B1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF86C1000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
0xEFB5C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEFB3A000 \SystemRoot\System32\drivers\afd.sys
0xF8711000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEFAD0000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xEFAA5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEFA35000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8511000 \SystemRoot\System32\Drivers\Fips.SYS
0xEF9D7000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xEF9BA000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xF8561000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEF97A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8A03000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEFE97000 \SystemRoot\System32\drivers\Dxapi.sys
0xF87F9000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8A8C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF01F000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF071000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEF862000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEF3ED000 \SystemRoot\system32\drivers\wdmaud.sys
0xEF592000 \SystemRoot\system32\drivers\sysaudio.sys
0xEF39E000 \??\C:\WINDOWS\system32\drivers\WpsHelper.sys
0xEF283000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8A0D000 \SystemRoot\System32\Drivers\MCSTRM.SYS
0xEEFCC000 \SystemRoot\system32\DRIVERS\srv.sys
0xF8779000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xEE8D3000 \SystemRoot\System32\Drivers\HTTP.sys
0xEE740000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 47):
0 System Idle Process
4 System
884 C:\WINDOWS\system32\smss.exe
932 csrss.exe
956 C:\WINDOWS\system32\winlogon.exe
1000 C:\WINDOWS\system32\services.exe
1012 C:\WINDOWS\system32\lsass.exe
1184 C:\WINDOWS\system32\svchost.exe
1288 svchost.exe
1400 C:\WINDOWS\system32\svchost.exe
1460 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
1608 svchost.exe
1776 svchost.exe
1860 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
2032 C:\WINDOWS\system32\spoolsv.exe
728 C:\WINDOWS\explorer.exe
868 svchost.exe
1540 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1600 C:\Program Files\Bonjour\mDNSResponder.exe
1876 C:\Program Files\Java\jre6\bin\jqs.exe
544 C:\WINDOWS\system32\PSIService.exe
1388 C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe
244 C:\WINDOWS\system32\igfxtray.exe
272 C:\WINDOWS\system32\hkcmd.exe
404 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
560 C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
712 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
844 C:\Program Files\QuickTime\QTTask.exe
792 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
1220 C:\Program Files\iTunes\iTunesHelper.exe
928 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
1348 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
1344 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
1988 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2096 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2104 C:\WINDOWS\system32\ctfmon.exe
2256 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
2296 C:\WINDOWS\system32\svchost.exe
2308 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
2316 C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
2612 C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe
2888 C:\WINDOWS\system32\wuauclt.exe
3232 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
3892 C:\Program Files\iPod\bin\iPodService.exe
3924 wmiprvse.exe
3928 alg.exe
936 C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800BB-60JKA0, Rev: 05.01C05

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
Looks good :)


1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\windows\system32\D8A1ECF8E8.sys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

DDS::
uInternet Settings,ProxyServer = 192.168.0.2:8080
uInternet Settings,ProxyOverride = <local>


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 10-08-18.02 - administrator 08/19/2010 8:14.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.315 [GMT -4:00]
Running from: c:\documents and settings\administrator.ENGLISHCONST\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\administrator.ENGLISHCONST\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

FILE ::
"c:\windows\system32\D8A1ECF8E8.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\D8A1ECF8E8.sys

.
((((((((((((((((((((((((( Files Created from 2010-07-19 to 2010-08-19 )))))))))))))))))))))))))))))))
.

2010-08-16 17:54 . 2010-08-16 17:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-08-16 17:54 . 2010-08-16 17:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-10 18:10 . 2010-08-10 18:10 -------- d-sh--w- c:\documents and settings\administrator.ENGLISHCONST\PrivacIE
2010-08-10 18:10 . 2010-08-18 12:07 -------- d-----w- c:\documents and settings\administrator.ENGLISHCONST\Local Settings\Application Data\Google
2010-08-10 15:29 . 2010-08-10 15:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-08-10 15:29 . 2010-08-10 15:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-08-10 15:29 . 2010-08-10 15:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-10 15:28 . 2010-08-10 15:28 31304 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-10 15:26 . 2010-08-10 15:26 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-10 13:45 . 2010-08-12 15:27 81984 ----a-w- c:\windows\system32\bdod.bin
2010-08-10 13:39 . 2010-08-10 13:40 -------- d-----w- c:\program files\Common Files\Softwin
2010-08-10 13:33 . 2010-08-10 13:33 -------- d-----w- c:\documents and settings\administrator.ENGLISHCONST\Application Data\Malwarebytes
2010-08-10 13:33 . 2010-08-10 13:33 -------- d-----w- c:\documents and settings\administrator.ENGLISHCONST\Application Data\Share-to-Web Upload Folder
2010-08-10 13:32 . 2010-08-10 13:32 -------- d-sh--w- c:\documents and settings\administrator.ENGLISHCONST\IETldCache
2010-08-06 16:11 . 2010-08-06 16:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-06 15:59 . 2010-08-06 15:59 -------- d-----w- c:\documents and settings\chancock\Application Data\Barracuda
2010-08-06 14:28 . 2010-08-06 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Barracuda
2010-08-06 14:28 . 2010-05-26 23:30 38352 ----a-w- c:\windows\system32\drivers\bmrtswissarmy.sys
2010-08-06 14:28 . 2010-08-06 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Barracuda
2010-08-06 14:28 . 2010-08-06 14:28 -------- d-----w- c:\program files\Barracuda
2010-08-06 14:26 . 2010-08-06 14:26 -------- d-----w- c:\program files\CCleaner
2010-08-06 14:24 . 2010-08-06 14:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-06 14:24 . 2010-08-06 14:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder
2010-08-05 20:02 . 2010-08-05 20:02 61440 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-47e68a3f-n\decora-sse.dll
2010-08-05 20:02 . 2010-08-05 20:02 503808 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ca9183d-n\msvcp71.dll
2010-08-05 20:02 . 2010-08-05 20:02 499712 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ca9183d-n\jmc.dll
2010-08-05 20:02 . 2010-08-05 20:02 348160 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ca9183d-n\msvcr71.dll
2010-08-05 20:02 . 2010-08-05 20:02 12800 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-47e68a3f-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 17:49 . 2005-08-11 14:50 -------- d-----w- c:\program files\Google
2010-07-08 16:26 . 2010-07-08 16:26 -------- d-----w- c:\documents and settings\chancock\Application Data\GARMIN
2010-06-30 12:31 . 2004-08-04 08:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 08:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 08:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 08:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-04 08:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 08:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-02 23:59 . 2008-06-20 03:12 161920 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
2010-06-02 15:31 . 2005-04-07 13:30 31304 ----a-w- c:\documents and settings\chancock\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-02 15:09 . 2010-06-01 13:22 503808 ------w- c:\windows\Setup1.exe
2010-06-02 15:09 . 2010-06-01 13:22 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-05-27 20:02 . 2010-05-27 20:02 61440 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-69bdbc46-n\decora-sse.dll
2010-05-27 20:02 . 2010-05-27 20:02 503808 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22b078d4-n\msvcp71.dll
2010-05-27 20:02 . 2010-05-27 20:02 499712 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22b078d4-n\jmc.dll
2010-05-27 20:02 . 2010-05-27 20:02 348160 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22b078d4-n\msvcr71.dll
2010-05-27 20:02 . 2010-05-27 20:02 12800 ----a-w- c:\documents and settings\chancock\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-69bdbc46-n\decora-d3d.dll
2008-11-03 14:56 . 2008-11-03 14:56 190 ----a-w- c:\program files\Common Files\psasetup.log
2008-10-09 18:30 . 2007-12-11 21:27 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-19 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-03-11 114688]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2004-12-15 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-12-18 115560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SimNotify.exe"="c:\program files\Sage\SIM\Client\SimNotify.exe" [2010-04-14 38696]
"Corel Photo Downloader"="c:\program files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe" [2007-02-06 478800]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Start Pervasive PSQL Workgroup Engine.lnk - c:\windows\Installer\{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe [2010-6-1 92854]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1950072679-626140327-4129173426-1268\Scripts\Logon\0\0]
"Script"=c:\windows\SYSVOL\sysvol\englishconst.com\scripts\logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1950072679-626140327-4129173426-500\Scripts\Logon\0\0]
"Script"=c:\windows\SYSVOL\sysvol\englishconst.com\scripts\logon.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"=

R2 Sage.LS1.ServiceHost.1.0;Sage Service Host (v1.0);c:\program files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe [4/7/2010 8:04 PM 107816]
R2 SageInstMgrClient;Sage Installation Manager Client;c:\program files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe [4/14/2010 4:01 AM 15144]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 8:32 AM 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/16/2010 1:49 PM 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 6:17 PM 23888]
.
Contents of the 'Scheduled Tasks' folder

2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 17:49]

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 17:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {D5547583-BD46-4A7F-B9EF-21ABCE83F7FE} = 192.168.0.2,192.168.0.4
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-19 08:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1950072679-626140327-4129173426-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,d7,14,ec,8d,72,77,4b,9e,b6,54,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,d7,14,ec,8d,72,77,4b,9e,b6,54,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1012)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2010-08-19 08:23:57
ComboFix-quarantined-files.txt 2010-08-19 12:23
ComboFix2.txt 2010-08-16 17:36

Pre-Run: 56,474,988,544 bytes free
Post-Run: 56,533,495,808 bytes free

- - End Of File - - 4C4B107872B78CFF8DEEAF0DB21374A3
 
Good :)

How is computer doing at the moment?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

=====================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
The computer is doing much better. I won't be able to perform the next step until Monday though.
Thanks so much for your time. I believe you now deserve a portion of my pay check, so I will be making a donation (as soon as I get payed next Friday :p). I don't have much else to offer except for a pretty good knowledge of food and cooking, so if you ever need an awesome recipe, I would be happy to oblige ;)

Thanks again sir, and I will get back to you with those OTL logs on Monday.
 
You're very welcome :)
I'll be around on Monday :)

I don't have much else to offer except for a pretty good knowledge of food and cooking, so if you ever need an awesome recipe, I would be happy to oblige
Hahaha....I'll consider :)
 
I'm sorry for the delay, had some personal issues to address. Here are the OTL scans. Also, IE doesnt seem to be wanting to let me throw on attachments, so the Logs are split up into parts.

Part 1
OTL logfile created on: 8/27/2010 4:32:03 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\administrator.ENGLISHCONST\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 51.00 Mb Available Physical Memory | 10.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 53.40 Gb Free Space | 71.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HANCOCK-HR
Current User Name: administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/27 16:31:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\OTL.exe
PRC - [2010/04/14 04:01:38 | 000,038,696 | ---- | M] () -- C:\Program Files\Sage\SIM\Client\SimNotify.exe
PRC - [2010/04/14 04:01:24 | 000,015,144 | ---- | M] () -- C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe
PRC - [2010/04/07 20:04:58 | 000,107,816 | ---- | M] (Timberline Software Corp.) -- C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe
PRC - [2009/10/22 13:48:58 | 000,435,488 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2009/02/26 15:07:10 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/02/26 15:07:08 | 001,799,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/02/01 23:37:00 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/18 16:47:22 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/12/18 16:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/11/19 10:39:41 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2004/12/14 20:59:56 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
PRC - [2003/05/08 08:34:32 | 000,069,632 | ---- | M] (adi) -- C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
PRC - [2003/05/05 12:57:30 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/04/17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 10:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (SafeList) ==========

MOD - [2010/08/27 16:31:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/04/14 04:01:24 | 000,015,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe -- (SageInstMgrClient)
SRV - [2010/04/07 20:04:58 | 000,107,816 | ---- | M] (Timberline Software Corp.) [Auto | Running] -- C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe -- (Sage.LS1.ServiceHost.1.0) Sage Service Host (v1.0)
SRV - [2009/02/26 15:07:08 | 001,799,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/02/01 23:37:00 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/02/01 21:43:02 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/12/18 16:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/12/18 16:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/12/10 15:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/05/08 04:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 17:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 17:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 17:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\trufos.sys -- (Trufos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1.ENG\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
DRV - [2010/07/14 04:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100825.040\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/14 04:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100825.040\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/17 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/02 19:59:06 | 000,161,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010/05/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/10/03 20:37:11 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/02/26 15:11:00 | 000,091,976 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/02/26 15:08:38 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/12/19 15:08:12 | 000,319,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/12/19 15:08:12 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/12/19 15:08:12 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/11/18 18:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/14 11:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/09/09 14:54:42 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/08/21 11:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 11:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/03/28 08:51:27 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2005/08/11 10:47:58 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 13:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 13:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 13:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 13:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 13:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 13:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 13:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 13:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 13:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 13:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 13:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 13:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 13:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 13:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 13:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2003/02/17 08:22:24 | 000,170,880 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/02/05 16:22:32 | 000,050,816 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2002/05/08 14:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2002/04/04 02:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 03:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
Part 2
O1 HOSTS File: ([2010/08/19 08:19:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SimNotify.exe] C:\Program Files\Sage\SIM\Client\SimNotify.exe ()
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [srmclean] C:\cpqs\scom\srmclean.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk = C:\WINDOWS\Installer\{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = englishconst.com
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/08/27 16:31:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\OTL.exe
[2010/08/16 13:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/08/16 13:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/08/16 13:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Adobe
[2010/08/16 13:16:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/16 13:09:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/12 11:34:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/10 14:10:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\PrivacIE
[2010/08/10 14:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Local Settings\Application Data\Google
[2010/08/10 14:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Google
[2010/08/10 09:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Softwin
[2010/08/10 09:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Malwarebytes
[2010/08/10 09:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Share-to-Web Upload Folder
[2010/08/10 09:32:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\IETldCache
[2010/08/10 09:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Macromedia
[2010/08/10 09:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Identities
[2010/08/10 09:31:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Microsoft
[2010/08/10 09:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Sun
[2010/08/10 09:31:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data
[2010/08/10 09:31:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Favorites
[2010/08/10 09:31:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Cookies
[2010/08/10 09:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Local Settings\Application Data\Symantec
[2010/08/10 09:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Symantec
[2010/08/10 09:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Local Settings\Application Data\Microsoft
[2010/08/10 09:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Desktop
[2010/08/10 09:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Local Settings\Application Data\ApplicationHistory
[2010/08/10 09:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2010/08/10 09:31:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\SendTo
[2010/08/10 09:31:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Recent
[2010/08/10 09:31:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Start Menu
[2010/08/10 09:31:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\My Documents\My Pictures
[2010/08/10 09:31:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\My Documents\My Music
[2010/08/10 09:31:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\My Documents
[2010/08/10 09:31:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Templates
[2010/08/10 09:31:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\PrintHood
[2010/08/10 09:31:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\NetHood
[2010/08/10 09:31:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\administrator.ENGLISHCONST\Local Settings
[2010/08/06 10:28:41 | 000,038,352 | ---- | C] (Barracuda Networks) -- C:\WINDOWS\System32\drivers\bmrtswissarmy.sys
[2010/08/06 10:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Barracuda
[2010/08/06 10:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Barracuda
[2010/08/06 10:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/02 11:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\Barracuda Message Archiver Outlook Add-In
[2010/06/02 11:50:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/06/01 15:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Pervasive Software
[2010/06/01 15:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pervasive Software
[2010/06/01 09:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Event 1
[2010/06/01 09:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Event 1
[2010/06/01 09:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\Aatrix Software
[2010/06/01 09:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Aatrix Software
[2010/06/01 09:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sage
[2010/06/01 09:17:25 | 004,210,688 | R--- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
 
part 3
========== Files - Modified Within 90 Days ==========

[2010/08/27 16:31:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\OTL.exe
[2010/08/27 16:29:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/27 16:28:39 | 000,002,537 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
[2010/08/27 16:28:18 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/27 16:28:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/27 16:27:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/27 16:27:31 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\administrator.ENGLISHCONST\ntuser.ini
[2010/08/27 16:27:30 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\administrator.ENGLISHCONST\NTUSER.DAT
[2010/08/27 14:54:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/27 09:48:22 | 000,000,617 | ---- | M] () -- C:\WINDOWS\System32\NTS5CSET.INI
[2010/08/24 08:31:41 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/19 08:25:46 | 004,851,962 | -H-- | M] () -- C:\Documents and Settings\administrator.ENGLISHCONST\Local Settings\Application Data\IconCache.db
[2010/08/19 08:19:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/19 08:19:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/17 09:51:02 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\MBRCheck_MBR_Backup_08-17-10_09-51-02.bak
[2010/08/17 09:47:54 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\MBRCheck.exe
[2010/08/16 13:16:07 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/13 08:14:51 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 08:14:51 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/13 08:14:50 | 000,522,384 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 08:03:26 | 000,155,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 17:14:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 17:13:10 | 000,000,655 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/12 11:27:32 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010/08/10 13:44:52 | 000,001,384 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/08/10 11:29:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/10 09:32:38 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/10 09:32:05 | 000,002,008 | RHS- | M] () -- C:\Documents and Settings\administrator.ENGLISHCONST\ntuser.pol
[2010/08/06 10:28:41 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Barracuda Malware Removal Tool.lnk
[2010/08/05 10:06:59 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/08/04 16:33:18 | 000,008,628 | -H-- | M] () -- C:\WINDOWS\System32\ZSHP1020.GID
[2010/06/02 19:59:06 | 000,161,920 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WpsHelper.sys
[2010/06/02 11:17:21 | 000,007,139 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\services
[2010/06/02 11:10:16 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Office Connector Launch Pad.lnk
[2010/06/01 15:24:37 | 000,004,633 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/01 15:24:36 | 000,002,642 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

========== Files Created - No Company Name ==========

[2010/08/17 09:51:02 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\MBRCheck_MBR_Backup_08-17-10_09-51-02.bak
[2010/08/17 09:47:51 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\administrator.ENGLISHCONST\Desktop\MBRCheck.exe
[2010/08/16 13:49:21 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/16 13:49:20 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/16 13:16:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/16 13:16:02 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/11 17:04:25 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/08/10 11:29:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/10 09:45:56 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2010/08/10 09:32:05 | 000,002,008 | RHS- | C] () -- C:\Documents and Settings\administrator.ENGLISHCONST\ntuser.pol
[2010/08/10 09:31:39 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/10 09:31:39 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\administrator.ENGLISHCONST\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/10 09:31:30 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\administrator.ENGLISHCONST\NTUSER.DAT
[2010/08/10 09:31:30 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\administrator.ENGLISHCONST\ntuser.dat.LOG
[2010/08/10 09:31:30 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\administrator.ENGLISHCONST\ntuser.ini
[2010/08/06 10:28:41 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Barracuda Malware Removal Tool.lnk
[2010/06/01 15:24:24 | 000,002,537 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
[2010/06/01 09:23:56 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Office Connector Launch Pad.lnk
[2009/10/22 15:38:56 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\BTRDRVR.SYS
[2009/08/17 10:38:45 | 000,005,357 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/11/03 10:56:03 | 000,000,190 | ---- | C] () -- C:\Program Files\Common Files\psasetup.log
[2008/11/03 10:55:32 | 000,043,760 | ---- | C] () -- C:\WINDOWS\System32\nwlocale.dll
[2008/09/09 15:07:07 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2008/09/09 15:07:02 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2008/09/09 15:05:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\StiRegstEng.dll
[2007/12/11 17:27:54 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/08/16 17:17:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2007/06/05 08:14:39 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/03/28 11:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/12/21 18:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 18:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2005/10/28 10:12:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/09/19 09:08:05 | 000,000,285 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/08/03 09:08:35 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2005/07/21 16:08:03 | 000,000,617 | ---- | C] () -- C:\WINDOWS\System32\NTS5CSET.INI
[2005/04/04 11:11:42 | 000,000,184 | ---- | C] () -- C:\WINDOWS\bti.ini
[2005/03/16 15:41:23 | 000,001,384 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/12 03:14:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/12 03:09:12 | 000,001,058 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/12 03:08:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2003/06/03 08:08:30 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/06/01 09:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aatrix Software
[2010/08/06 10:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Barracuda
[2010/06/01 09:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Event 1
[2007/03/28 08:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/06/01 15:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pervasive Software
[2010/06/02 11:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
[2009/08/03 15:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/03/28 16:49:33 | 000,003,389 | ---- | M] () -- C:\additdiag.txt
[2004/02/12 13:34:24 | 000,391,594 | ---- | M] () -- C:\BLUEFI00.100
[2010/08/06 10:28:45 | 000,000,130 | ---- | M] () -- C:\bmrt-error.txt
[2005/03/16 15:06:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/16 13:16:07 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/19 08:23:58 | 000,014,213 | ---- | M] () -- C:\ComboFix.txt
[2008/01/23 13:42:46 | 000,000,772 | ---- | M] () -- C:\EasyShareInstall.log
[2005/08/03 08:28:26 | 000,413,985 | ---- | M] () -- C:\hpfr5550.log
[2005/08/03 08:28:26 | 000,000,545 | ---- | M] () -- C:\hpfr5550.xml
[2005/04/04 11:12:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002/09/09 05:02:46 | 000,221,184 | ---- | M] (Crystal Decisions) -- C:\keycode.dll
[2005/04/04 11:12:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/02 08:18:14 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/27 16:27:47 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2006/05/01 13:42:07 | 000,007,082 | ---- | M] () -- C:\Rescued document.txt
[2008/11/03 10:58:49 | 000,000,579 | ---- | M] () -- C:\v9installdebug.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/12/14 21:01:24 | 000,049,152 | R--- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IMFPRINT.DLL
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >
[2009/02/26 15:07:32 | 000,049,480 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2009/02/26 15:08:20 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
[2009/02/26 15:08:22 | 000,357,704 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sysfer.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/09 02:20:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/09 02:20:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/09 02:20:08 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
 
Extras.txt part 1
OTL Extras logfile created on: 8/27/2010 4:32:03 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\administrator.ENGLISHCONST\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 51.00 Mb Available Physical Memory | 10.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 53.40 Gb Free Space | 71.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HANCOCK-HR
Current User Name: administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe" = C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe:*:Enabled:Database Service Manager -- (Pervasive Software Inc.)
"C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe" = C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe:*:Enabled:Sage Service Host (v1.0) -- (Timberline Software Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe" = C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe:*:Disabled:Database Service Manager -- (Pervasive Software Inc.)
 
Part 2
========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0030188A-533E-42EE-9837-E044F10E4369}" = Palm
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}" = Pervasive PSQL v10 SP3 Workgroup (32-bit)
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21461F67-7C02-407E-9DF2-EF1752F55142}" = Aatrix Forms for Sage Timberline Office
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{3CA9D105-113C-11D8-AB3E-000102B0F79A}" = Readiris Pro 9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5F0C7588-DC73-4465-8BAB-21813C1EC047}" = PDF Manual NW-E000 Series
"{65438A88-7717-47F9-8078-EA745EF83580}" = Presto! BizCard 4.0 Eng
"{6710FE30-27F7-492B-A660-D31D4A898A43}" = MSN Toolbar
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{71715DF4-3167-489A-B843-9EEFC71D97E8}" = Sage Installation Manager CLIENT programs
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{750DFF5E-C559-11D4-A441-00B0D0436EE7}" = Broadcom Management Programs
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83CDDBA5-0306-4173-9851-71F0F0E8412A}" = HP Photo and Imaging 2.2 - Scanjet 8200 Series
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90150409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003
"{939E2189-9B65-41FC-A842-1BBC1588BFD1}" = HP eServices Local Prints and Save
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AE41BE84-761C-0F5E-451B-3D145E8A8840}" = Acrobat.com
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}" = Symantec Endpoint Protection
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C378651D-4F97-450E-9D33-8AF8C02FC287}" = Sage Timberline Office Accounting Client
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA706D05-B655-4F31-AA68-03BB2441F8EC}" = Barracuda Message Archiver Outlook Add-In 2.2.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E0150C73-3138-4FD2-B038-7F2637C9B5C7}" = CVS Photo Editor Plus
"{EEF5C81F-46E4-4C41-9554-541800A33766}" = Timberline Office requirements
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"Barracuda Malware Removal Tool_is1" = Barracuda Malware Removal Tool
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"HP-LaserJet 1020 series" = LaserJet 1020 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office Connector" = Office Connector (Remove Only)
"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"Software Setup" = Software Setup
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========
 
Part 3
[ Application Events ]
Error - 8/24/2010 4:35:54 PM | Computer Name = HANCOCK-HR | Source = Timberline | ID = 100
Description =

Error - 8/26/2010 8:11:48 AM | Computer Name = HANCOCK-HR | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 simnotify.exe, P2 9.7.0.0, P3 4bc5a08e, P4 sage.sim.desktopnotification.clientlibrary,
P5 9.7.0.0, P6 4bc5a06b, P7 1e, P8 2e, P9 system.nullreferenceexception, P10 NIL.

Error - 8/26/2010 8:12:17 AM | Computer Name = HANCOCK-HR | Source = UserInit | ID = 1000
Description = Could not execute the following script C:\WINDOWS\SYSVOL\sysvol\englishconst.com\scripts\logon.bat.
The system cannot find the file specified. .

Error - 8/26/2010 9:15:55 AM | Computer Name = HANCOCK-HR | Source = Application Error | ID = 1000
Description = Faulting application zshp1020.exe, version 1.0.1007.0, faulting module
zshp1020.exe, version 1.0.1007.0, fault address 0x0001eb8f.

Error - 8/26/2010 2:43:20 PM | Computer Name = HANCOCK-HR | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application msaccess.exe, version 11.0.8321.0, stamp 4b4f9cfd,
faulting module tscommon.dll, version 9.7.1.114, stamp 4bbd50f1, debug? 0, fault
address 0x00244846.

Error - 8/26/2010 4:13:46 PM | Computer Name = HANCOCK-HR | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application msaccess.exe, version 11.0.8321.0, stamp 4b4f9cfd,
faulting module tscommon.dll, version 9.7.1.114, stamp 4bbd50f1, debug? 0, fault
address 0x00244846.

Error - 8/27/2010 7:58:29 AM | Computer Name = HANCOCK-HR | Source = UserInit | ID = 1000
Description = Could not execute the following script C:\WINDOWS\SYSVOL\sysvol\englishconst.com\scripts\logon.bat.
The system cannot find the file specified. .

Error - 8/27/2010 8:00:08 AM | Computer Name = HANCOCK-HR | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 simnotify.exe, P2 9.7.0.0, P3 4bc5a08e, P4 sage.sim.desktopnotification.clientlibrary,
P5 9.7.0.0, P6 4bc5a06b, P7 1e, P8 2e, P9 system.nullreferenceexception, P10 NIL.

Error - 8/27/2010 4:22:22 PM | Computer Name = HANCOCK-HR | Source = UserInit | ID = 1000
Description = Could not execute the following script C:\WINDOWS\SYSVOL\sysvol\englishconst.com\scripts\logon.bat.
The system cannot find the file specified. .

Error - 8/27/2010 4:29:05 PM | Computer Name = HANCOCK-HR | Source = UserInit | ID = 1000
Description = Could not execute the following script C:\WINDOWS\SYSVOL\sysvol\englishconst.com\scripts\logon.bat.
The system cannot find the file specified. .

[ Sage Events ]
Error - 6/29/2010 2:11:28 PM | Computer Name = HANCOCK-HR | Source = Sage Diagnostics | ID = 0
Description = Minidump created at: T:\9.5\Accounting\Misc\Dumps\PR(9e8)-20100629-14112778.dmp

Error - 6/29/2010 2:11:28 PM | Computer Name = HANCOCK-HR | Source = Sage Diagnostics | ID = 0
Description = Aborted. Pervasive status code 161. Your system has reached the maximum
number of licenses. This situation can occur when the Pervasive Server engine shuts
down and another workstation takes control of the processing. Contact Timberline
Support for a resolution [TS 2696]

Error - 6/29/2010 2:11:45 PM | Computer Name = HANCOCK-HR | Source = Sage Diagnostics | ID = 0
Description = Minidump created at: T:\9.5\Accounting\Misc\Dumps\IA(8d8)-20100629-14114481.dmp

Error - 6/29/2010 2:11:45 PM | Computer Name = HANCOCK-HR | Source = Sage Diagnostics | ID = 0
Description = Aborted. Pervasive status code 161. Your system has reached the maximum
number of licenses. This situation can occur when the Pervasive Server engine shuts
down and another workstation takes control of the processing. Contact Timberline
Support for a resolution [TS 2696]

Error - 6/29/2010 2:11:48 PM | Computer Name = HANCOCK-HR | Source = Sage Diagnostics | ID = 0
Description = End Information Assistant

Error - 6/29/2010 2:12:21 PM | Computer Name = HANCOCK-HR | Source = Sage Diagnostics | ID = 0
Description = Minidump created at: T:\9.5\Accounting\Misc\Dumps\IA(5e8)-20100629-14122162.dmp

Error - 6/29/2010 2:12:21 PM | Computer Name = HANCOCK-HR | Source = Sage Diagnostics | ID = 0
Description = Aborted. Pervasive status code 161. Your system has reached the maximum
number of licenses. This situation can occur when the Pervasive Server engine shuts
down and another workstation takes control of the processing. Contact Timberline
Support for a resolution [TS 2696]

Error - 6/29/2010 2:12:26 PM | Computer Name = HANCOCK-HR | Source = Sage Diagnostics | ID = 0
Description = End Information Assistant

Error - 7/29/2010 3:07:00 PM | Computer Name = HANCOCK-HR | Source = Sage Diagnostics | ID = 0
Description =

Error - 8/6/2010 11:13:06 AM | Computer Name = HANCOCK-HR | Source = Business Layer | ID = 0
Description = Message Source: tsGoldSuiteManager.SuiteManager FinalConstruct Invalid
System Mode

[ System Events ]
Error - 8/12/2010 12:43:52 PM | Computer Name = HANCOCK-HR | Source = Service Control Manager | ID = 7000
Description = The BDFsDrv service failed to start due to the following error: %%2

Error - 8/12/2010 12:43:52 PM | Computer Name = HANCOCK-HR | Source = Service Control Manager | ID = 7000
Description = The BDRsDrv service failed to start due to the following error: %%2

Error - 8/12/2010 12:46:52 PM | Computer Name = HANCOCK-HR | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain ENGLISHCONST due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 8/12/2010 12:48:40 PM | Computer Name = HANCOCK-HR | Source = Print | ID = 33
Description = The PrintQueue Container could not be found because the DNS Domain
name could not be retrieved. Error: 54b

Error - 8/18/2010 8:13:31 AM | Computer Name = HANCOCK-HR | Source = DCOM | ID = 10010
Description = The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register
with DCOM within the required timeout.

Error - 8/23/2010 8:16:02 AM | Computer Name = HANCOCK-HR | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 8/23/2010 8:16:16 AM | Computer Name = HANCOCK-HR | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate service to
connect.

Error - 8/23/2010 8:16:16 AM | Computer Name = HANCOCK-HR | Source = Service Control Manager | ID = 7000
Description = The LiveUpdate service failed to start due to the following error:
%%1053

Error - 8/27/2010 4:32:28 PM | Computer Name = HANCOCK-HR | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 8/27/2010 4:32:29 PM | Computer Name = HANCOCK-HR | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >
 
Your computer would definitely benefit from adding another 512MB of RAM.

========================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\trufos.sys -- (Trufos)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\profos.sys -- (Profos)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1.ENG\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    
    
    :Services
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" =-
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Go to Kaspersky website and perform an online antivirus scan.

  • Disable your active antivirus program.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
 
Status
Not open for further replies.
Back