Firefox infected with Google Search Result Redirect

Even though ComboFix found and fixed the error, the problem came back.

I had AdBlock and NoScript in my Firefox but somehow I made the mistake of over looking a popup and hit OK or something, I do not remember
but after that is when the problem started. The problem being when I click on a google search result, I am redirected to other pages. I used ComboFix
before actually asking for help on here because I saw another thread stating to use it. After the the problem came back, I later read another thread stating
that each problem for each user is different and specific and is best to start a new thread asking for help, so here I am.


DDS Log


DDS (Ver_10-03-17.01) - NTFSx86
Run by atcmonke at 18:44:43.80 on Fri 08/20/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_05
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3573.2148 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Vista & XP Virtual Desktops\Virtual Desktops.exe
C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Users\atcmonke\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Users\atcmonke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\atcmonke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\atcmonke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\atcmonke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\atcmonke\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.7.0.12\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Active Desktop Calendar] c:\program files\xemicomputers\active desktop calendar\ADC.exe
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [Google Update] "c:\users\atcmonke\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [MacDrive 8 application] "c:\program files\mediafour\macdrive 8\MacDrive.exe"
mRun: [Getting started with MacDrive 8] "c:\program files\mediafour\macdrive 8\MDGetStarted.exe" /auto
StartupFolder: c:\users\atcmonke\appdata\roaming\micros~1\windows\startm~1\programs\startup\vista&~1.lnk - c:\users\atcmonke\appdata\roaming\microsoft\installer\{f4735c64-9a74-4e48-894b-1ca5d83b99c8}\MainIcon.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\windows\system32\acaptuser32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\atcmonke\appdata\roaming\mozilla\firefox\profiles\1vn17qtb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (Eng)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.1.0.19\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\atcmonke\appdata\roaming\mozilla\firefox\profiles\1vn17qtb.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\users\atcmonke\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\atcmonke\appdata\local\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\users\atcmonke\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\atcmonke\appdata\roaming\mozilla\firefox\profiles\1vn17qtb.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\users\atcmonke\appdata\roaming\mozilla\firefox\profiles\1vn17qtb.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2010-2-4 231016]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2010-1-22 29792]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1107000.00c\symds.sys [2010-8-6 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1107000.00c\symefa.sys [2010-8-6 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.1.0.19\definitions\bashdefs\20100810.004\BHDrvx86.sys [2010-8-9 692272]
R1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-8-5 57800]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1107000.00c\cchpx86.sys [2010-8-6 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.1.0.19\definitions\ipsdefs\20100820.001\IDSvix86.sys [2010-8-20 344112]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1107000.00c\ironx86.sys [2010-8-6 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1107000.00c\symtdiv.sys [2010-8-6 339504]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-4-18 73728]
R2 MacDrive8Service;MacDrive 8 service;c:\program files\mediafour\macdrive 8\MacDrive8Service.exe [2010-1-7 192512]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2007-2-10 206192]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.7.0.12\ccsvchst.exe [2010-8-6 126392]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-6-4 4497704]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2009-10-22 563760]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-6-4 113448]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-6 102448]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-10 122880]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-6-4 13480]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2008-12-9 24636]
S2 MMK_NTD;MMK_NTD;c:\windows\system32\drivers\MMK_NTD.SYS [2010-6-3 14528]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-10 30192]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2010-4-19 32377]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-6-4 16168]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2007-2-22 2808664]

============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-08-20 23:28:48 0 ----a-w- c:\users\atcmonke\defogger_reenable
2010-08-15 03:25:35 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-09 03:32:30 0 d-----w- c:\windows\system32\%LOCALAPPDATA%
2010-08-09 02:48:43 0 d-----w- c:\users\atcmonke\Manager
2010-08-09 01:43:46 77312 ----a-w- c:\windows\MBR.exe
2010-08-09 01:43:45 256512 ----a-w- c:\windows\PEV.exe
2010-08-09 01:43:44 98816 ----a-w- c:\windows\sed.exe
2010-08-09 01:43:44 161792 ----a-w- c:\windows\SWREG.exe
2010-08-08 05:43:46 0 d-----w- c:\program files\ESET
2010-08-06 20:40:14 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-06 20:40:14 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-06 20:40:14 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-06 20:40:13 0 d-----w- c:\program files\Symantec
2010-08-06 20:39:20 0 d-----w- c:\windows\system32\drivers\NAV
2010-08-06 20:39:17 0 d-----w- c:\program files\Norton AntiVirus
2010-08-06 20:39:16 0 d-----w- c:\programdata\Norton
2010-08-06 20:32:02 0 d-----w- c:\programdata\NortonInstaller
2010-08-06 20:32:02 0 d-----w- c:\program files\NortonInstaller
2010-08-06 20:04:15 0 d-----w- c:\program files\Trend Micro
2010-08-06 05:10:57 57800 ----a-w- c:\windows\system32\drivers\CBDisk.sys
2010-08-06 05:10:39 0 d-----w- c:\programdata\Mediafour
2010-08-06 05:10:39 0 d-----w- c:\program files\common files\Mediafour
2010-08-06 05:09:46 0 d-----w- c:\program files\Mediafour
2010-08-05 22:24:09 0 d---a-w- C:\.Trashes
2010-08-05 20:35:34 396322891 ----a-w- C:\iPhone2,1_4.0.1_8A306_Restore.ipsw
2010-08-05 20:35:13 320237975 ----a-w- C:\iPhone1,2_4.0.1_8A306_Restore.ipsw
2010-08-05 20:35:02 396281280 ----a-w- C:\iPhone2,1_4.0_8A293_Restore.ipsw
2010-08-05 20:34:55 306274631 ----a-w- C:\iPhone1,2_4.0_8A293_Restore.ipsw
2010-08-04 16:29:24 0 d-----w- c:\program files\iPhoneBrowser
2010-08-01 22:12:41 0 d-----w- C:\CloneZillaUSB
2010-07-29 22:06:48 0 d-----w- c:\users\atcmonke\appdata\roaming\LolClient
2010-07-29 21:55:26 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-07-29 21:55:26 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-07-29 21:55:26 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-07-29 21:55:26 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-07-29 21:55:26 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-07-29 21:51:48 0 d-----w- C:\Riot Games
2010-07-29 21:34:36 0 d-----w- c:\programdata\PMB Files
2010-07-29 21:34:28 0 d-----w- c:\program files\Pando Networks
2010-07-23 04:36:15 0 d-----w- c:\program files\common files\Real
2010-07-23 04:36:14 0 d-----w- c:\programdata\Real

==================== Find3M ====================

2010-08-03 00:28:49 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-03 00:28:49 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-01 21:43:00 143360 ----a-w- c:\windows\inf\infstor.dat
2010-07-01 16:25:10 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2008-07-08 19:15:06 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-04 20:44:56 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-05-04 20:44:56 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-05-04 20:44:56 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-04-22 19:15:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008042220080423\index.dat
2008-04-25 00:23:47 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008042420080425\index.dat
2009-02-24 01:32:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009022320090224\index.dat
2009-06-02 06:35:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009060120090602\index.dat
2009-06-02 21:09:04 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009060220090603\index.dat
2009-06-04 05:26:55 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009060320090604\index.dat
2009-06-05 00:29:48 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009060420090605\index.dat
2009-06-05 17:54:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009060520090606\index.dat
2009-06-08 03:12:54 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009060720090608\index.dat
2009-07-30 01:48:47 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009072920090730\index.dat
2009-07-31 22:09:27 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009073120090801\index.dat
2009-08-03 05:47:12 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009080220090803\index.dat
2009-09-08 06:42:34 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009090720090908\index.dat
2009-09-09 06:57:33 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009090820090909\index.dat
2009-09-11 04:09:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091020090911\index.dat
2009-09-12 05:34:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091120090912\index.dat
2009-09-12 16:38:54 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091220090913\index.dat
2009-09-14 01:50:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091320090914\index.dat
2009-09-14 17:24:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091420090915\index.dat
2009-09-15 18:08:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091520090916\index.dat
2009-09-17 04:09:36 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091620090917\index.dat
2009-09-18 05:13:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091720090918\index.dat
2009-09-18 17:22:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091820090919\index.dat
2009-09-20 03:01:33 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091920090920\index.dat
2009-09-21 04:24:53 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009092020090921\index.dat
2009-09-22 02:49:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009092120090922\index.dat
2009-09-22 18:55:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009092220090923\index.dat
2009-09-24 05:37:52 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009092320090924\index.dat
2009-09-24 16:57:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009092420090925\index.dat
2009-09-26 02:17:05 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009092520090926\index.dat
2009-09-28 02:51:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009092720090928\index.dat
2009-10-06 06:59:07 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009100520091006\index.dat
2009-10-07 04:51:16 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009100620091007\index.dat
2009-10-08 05:28:34 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009100720091008\index.dat
2009-10-08 19:57:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009100820091009\index.dat
2009-10-09 20:20:35 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009100920091010\index.dat
2009-10-10 21:28:59 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009101020091011\index.dat
2009-10-12 04:07:04 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009101120091012\index.dat
2009-10-20 00:29:52 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009101920091020\index.dat
2009-10-21 05:53:21 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009102020091021\index.dat
2009-10-21 18:04:54 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009102120091022\index.dat
2009-10-23 07:37:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009102220091023\index.dat
2009-10-23 17:05:53 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009102320091024\index.dat
2009-10-24 16:48:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009102420091025\index.dat
2009-10-26 01:48:34 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009102520091026\index.dat
2009-11-02 18:36:22 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009110220091103\index.dat
2009-11-04 04:21:21 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009110320091104\index.dat
2009-11-05 06:47:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009110420091105\index.dat
2009-11-05 23:29:04 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009110520091106\index.dat
2009-11-07 01:49:05 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009110620091107\index.dat
2009-11-07 18:25:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009110720091108\index.dat
2009-11-08 18:22:36 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009110820091109\index.dat
2009-11-09 17:50:10 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009110920091110\index.dat
2009-11-10 20:21:09 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111020091111\index.dat
2009-11-11 19:45:06 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111120091112\index.dat
2009-11-12 18:00:58 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111220091113\index.dat
2009-11-13 21:56:12 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111320091114\index.dat
2009-11-14 19:52:33 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111420091115\index.dat
2009-11-16 00:52:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111520091116\index.dat
2009-11-23 19:37:27 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111620091123\index.dat
2009-11-23 19:37:27 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009112320091124\index.dat
2009-11-25 01:35:33 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009112420091125\index.dat
2009-11-26 00:07:09 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009112520091126\index.dat
2009-11-26 17:28:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009112620091127\index.dat
2009-11-27 18:47:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009112720091128\index.dat
2009-11-29 04:47:44 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009112820091129\index.dat
2009-11-30 00:26:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009112920091130\index.dat
2009-11-30 21:54:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009113020091201\index.dat
2009-12-01 21:46:01 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009120120091202\index.dat
2009-12-03 02:04:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009120220091203\index.dat
2009-12-04 01:14:37 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009120320091204\index.dat
2009-12-04 20:57:54 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009120420091205\index.dat
2009-12-05 20:44:35 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009120520091206\index.dat
2009-12-07 05:43:37 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009120620091207\index.dat
2009-12-08 01:09:41 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009120720091208\index.dat
2009-12-08 22:06:21 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009120820091209\index.dat
2009-12-09 21:00:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009120920091210\index.dat
2009-12-10 20:45:54 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009121020091211\index.dat
2009-12-11 20:01:46 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009121120091212\index.dat
2009-12-12 23:11:03 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009121220091213\index.dat
2009-12-13 22:45:33 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009121320091214\index.dat
2010-01-05 03:35:14 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010010420100105\index.dat
2010-01-05 19:33:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010010520100106\index.dat
2010-01-07 05:41:25 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010010620100107\index.dat
2010-01-07 23:51:58 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010010720100108\index.dat
2010-01-09 15:13:06 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010010920100110\index.dat
2010-01-11 00:47:04 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010011020100111\index.dat
2010-03-01 18:23:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022220100301\index.dat
2010-03-09 01:59:13 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030120100308\index.dat
2010-03-17 13:25:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030820100315\index.dat
2010-03-18 00:53:39 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031720100318\index.dat

============= FINISH: 18:45:43.35 ===============

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

• Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.
  
  
• Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  
  
• Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks

I am ready.

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


If you still have the Combofix program I would like to see the log that was generated.

Please go to Start >Run > and copy/paste the following, then press Enter

C:\QooBox\ComboFix-quarantined-files.txt

A log file should open. Please post that in your next reply.

2010-08-15 02:26:04 . 2010-08-15 02:26:04 822 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PROCEXP141.reg.dat
2010-08-09 02:25:33 . 2010-08-09 02:25:33 1,468 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-KB921896_SQLTools9.reg.dat
2010-08-09 02:25:33 . 2010-08-09 02:25:33 1,410 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-KB921896_NS9.reg.dat
2010-08-09 02:25:33 . 2010-08-09 02:25:33 1,414 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-KB921896_DTS9.reg.dat
2010-08-09 02:25:33 . 2010-08-09 02:25:33 1,242 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe_6c8e2cb4fd241c55406016127a6ab2e.reg.dat
2010-08-09 02:25:33 . 2010-08-09 02:25:33 1,244 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe_3e054d2218e7aa282c2369d939e58ff.reg.dat
2010-08-09 02:25:12 . 2010-08-09 02:25:12 906 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-PCMService.reg.dat
2010-08-09 02:25:12 . 2010-08-09 02:25:12 970 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-MacDrive7.0.reg.dat
2010-08-09 02:25:11 . 2010-08-09 02:25:11 876 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AVG7_CC.reg.dat
2010-08-09 02:25:11 . 2010-08-09 02:25:11 1,000 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AppleSyncNotifier.reg.dat
2010-08-09 02:25:11 . 2010-08-09 02:25:11 906 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Aim6.reg.dat
2010-08-09 02:25:11 . 2010-08-09 02:25:11 840 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AIM.reg.dat
2010-08-09 02:25:11 . 2010-08-09 02:25:11 988 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Adobe Reader Speed Launcher.reg.dat
2010-08-09 02:25:11 . 2010-08-09 02:25:11 922 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Adobe ARM.reg.dat
2010-08-09 02:25:10 . 2010-08-09 02:25:10 970 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-!AVG Anti-Spyware.reg.dat
2010-08-09 02:24:56 . 2010-08-09 02:24:56 97 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-AdobeBridge.reg.dat
2010-08-09 02:24:56 . 2010-08-09 02:24:56 169 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-MacDrive volume icons.reg.dat
2010-08-09 02:01:35 . 2010-08-15 03:20:56 9,067 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-08-09 01:43:25 . 2010-08-15 03:09:43 299 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-08-04 16:28:38 . 2010-08-08 21:50:14 100 ----a-w- C:\Qoobox\Quarantine\C\Users\atcmonke\AppData\Local\Windows Server\flags.ini.vir
2010-08-04 16:28:38 . 2010-08-08 21:50:14 50 ----a-w- C:\Qoobox\Quarantine\C\Users\atcmonke\AppData\Local\Windows Server\uses32.dat.vir
2010-08-04 16:28:35 . 2010-08-04 16:28:35 38,384 ----a-w- C:\Qoobox\Quarantine\C\Users\atcmonke\AppData\Local\Windows Server\server.dat.vir
2010-05-23 07:21:33 . 2010-05-23 07:21:33 34,569 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\uninstall.exe.vir
2010-02-23 14:35:37 . 2010-02-23 14:35:38 608,256 ----a-w- C:\Qoobox\Quarantine\C\Users\atcmonke\blackra1n.exe.vir
2008-01-21 02:23:42 . 2008-01-21 02:23:42 96,768 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir

Let's look for the rootkit which may still be present

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.

Hope attachment is ok unless you wanted it copy and paste?

Attachments are fine.

Please rerun MBRCheck as below

The MBR has been rewritten.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:

• How to use the Recovery Console
• How to fix MBR in Windows XP and Vista

If you do not have a recovery disk then please burn one as shown here


Run MBRCheck.exe

• Run MBRCheck.exe
• Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Please push the 'Y' key and then press Enter
• When program ask you Enter 2 and press the Enter key
• Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
• Enter 0 and press the Enter key.
• The program will show Available MBR codes:, followed by a list of operating systems. Please enter the correct number for your operating system, and then press Enter.
• when asked Do you want to fix the MRB code? type in YES and press enter
• Restart your PC.

After you restart the PC

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some data on it
• a report called MBRcheck will be on your desktop
• open this report
• Right click on the screen and select > Select All
• Press Control+C
• now please copy that report to this thread

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1525
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 183):
0x82A08000 \SystemRoot\system32\ntkrnlpa.exe
0x82DC1000 \SystemRoot\system32\hal.dll
0x8060F000 \SystemRoot\system32\kdcom.dll
0x80617000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80677000 \SystemRoot\system32\PSHED.dll
0x80688000 \SystemRoot\system32\BOOTVID.dll
0x80690000 \SystemRoot\system32\CLFS.SYS
0x806D1000 \SystemRoot\system32\CI.dll
0x83405000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83476000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83484000 \SystemRoot\system32\drivers\acpi.sys
0x834CA000 \SystemRoot\system32\drivers\WMILIB.SYS
0x834D3000 \SystemRoot\system32\drivers\msisadrv.sys
0x834DB000 \SystemRoot\system32\drivers\pci.sys
0x83502000 \SystemRoot\System32\drivers\partmgr.sys
0x83511000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x83514000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8351E000 \SystemRoot\system32\drivers\volmgr.sys
0x8352D000 \SystemRoot\System32\drivers\volmgrx.sys
0x83577000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8357E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8358C000 \SystemRoot\system32\drivers\pciide.sys
0x83593000 \SystemRoot\System32\drivers\mountmgr.sys
0x83604000 \SystemRoot\system32\drivers\iastor.sys
0x836CB000 \SystemRoot\system32\drivers\atapi.sys
0x836D3000 \SystemRoot\system32\drivers\ataport.SYS
0x836F1000 \SystemRoot\System32\Drivers\MDPMGRNT.sys
0x836FC000 \SystemRoot\system32\drivers\fltmgr.sys
0x8372E000 \SystemRoot\system32\drivers\NAV\1107000.00C\SYMDS.SYS
0x83784000 \SystemRoot\system32\drivers\fileinfo.sys
0x83794000 \SystemRoot\system32\drivers\NAV\1107000.00C\SYMEFA.SYS
0x837C1000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x837CA000 \SystemRoot\system32\DRIVERS\symsnap.sys
0x8C209000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C27A000 \SystemRoot\system32\drivers\ndis.sys
0x8C385000 \SystemRoot\system32\drivers\msrpc.sys
0x8C3B0000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C40D000 \SystemRoot\System32\drivers\tcpip.sys
0x8C4F6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C605000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C714000 \SystemRoot\system32\drivers\volsnap.sys
0x8C74D000 \SystemRoot\System32\Drivers\spldr.sys
0x8C755000 \SystemRoot\system32\speedfan.sys
0x8C757000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x8C76D000 \SystemRoot\System32\Drivers\mup.sys
0x8C77C000 \SystemRoot\System32\Drivers\MDFSYSNT.sys
0x8C7BC000 \SystemRoot\system32\giveio.sys
0x8C7BD000 \SystemRoot\System32\drivers\ecache.sys
0x8C7E4000 \SystemRoot\system32\drivers\disk.sys
0x8C511000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8C7F5000 \SystemRoot\system32\drivers\crcdisk.sys
0x902C8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x902D3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x902DC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90604000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x90B0D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90BAC000 \SystemRoot\System32\drivers\watchdog.sys
0x90BB9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x902EB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90BC4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90BD3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90329000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x90E0F000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0x90F22000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x90F32000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x90F40000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x90F5A000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x90F69000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x90F7D000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x90FCE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90375000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x90FE1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90FEC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90FF7000 \??\C:\Windows\system32\drivers\VMkbd.sys
0x90BE5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90E00000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x90E06000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x903A1000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90E0A000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x903AA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x903BA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90E0D000 \SystemRoot\system32\DRIVERS\WacomVTHid.sys
0x903C1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C53F000 \SystemRoot\system32\DRIVERS\storport.sys
0x903EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C580000 \SystemRoot\System32\Drivers\RootMdm.sys
0x8C588000 \SystemRoot\system32\drivers\modem.sys
0x8C595000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C5AC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C5B7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C5DA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C5E9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C3EA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C400000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x837EA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x835A3000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x835BB000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x90FFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x807B1000 \SystemRoot\system32\DRIVERS\ks.sys
0x835E1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x835EB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91000000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91034000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9103C000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x91044000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91055000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x91092000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x9120E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x912C2000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x912E5000 \SystemRoot\system32\drivers\portcls.sys
0x91312000 \SystemRoot\system32\drivers\drmk.sys
0x91337000 \SystemRoot\system32\drivers\stwrt.sys
0x9138C000 \SystemRoot\System32\Drivers\NAV\1107000.00C\SRTSP.SYS
0x91195000 \SystemRoot\system32\drivers\NAV\1107000.00C\Ironx86.SYS
0x913E3000 \SystemRoot\system32\drivers\NAV\1107000.00C\SRTSPX.SYS
0x91E05000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100831.018\NAVEX15.SYS
0x91F51000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x91F76000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100831.018\NAVENG.SYS
0x91F8A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91F93000 \SystemRoot\System32\Drivers\Null.SYS
0x91F9A000 \SystemRoot\System32\Drivers\Beep.SYS
0x91FAA000 \SystemRoot\System32\drivers\vga.sys
0x91FB6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91FD7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91FDF000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91FE7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91FF2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91FA1000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x911B4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9560F000 \SystemRoot\System32\Drivers\NAV\1107000.00C\SYMTDIV.SYS
0x95668000 \SystemRoot\system32\DRIVERS\smb.sys
0x9567C000 \SystemRoot\system32\drivers\afd.sys
0x956C4000 \SystemRoot\System32\DRIVERS\netbt.sys
0x956F6000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x956FF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x95715000 \SystemRoot\system32\DRIVERS\netbios.sys
0x95723000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x95736000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x95744000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x95780000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9578A000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\IPSDefs\20100830.002\IDSvix86.sys
0x96800000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9685E000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x9687B000 \SystemRoot\System32\Drivers\dfsc.sys
0x96892000 \SystemRoot\system32\drivers\NAV\1107000.00C\ccHPx86.sys
0x96911000 \??\C:\Windows\system32\drivers\CBDisk.sys
0x9691E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\BASHDefs\20100810.004\BHDrvx86.sys
0x969CA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90200000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9D210000 \SystemRoot\System32\win32k.sys
0x969D7000 \SystemRoot\System32\drivers\Dxapi.sys
0x969E1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9D430000 \SystemRoot\System32\TSDDD.dll
0x9D450000 \SystemRoot\System32\cdd.dll
0x9D460000 \SystemRoot\System32\ATMFD.DLL
0x957E2000 \SystemRoot\system32\drivers\luafv.sys
0x969F0000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0x957FD000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0x913ED000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x911CA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x95600000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x807DB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xB360B000 \SystemRoot\system32\drivers\spsys.sys
0xB36BA000 \SystemRoot\system32\drivers\HTTP.sys
0xB3727000 \SystemRoot\system32\DRIVERS\bowser.sys
0xB3740000 \SystemRoot\System32\drivers\mpsdrv.sys
0xB3755000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB3774000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xB37AD000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB37DD000 \??\C:\Windows\system32\drivers\hcmon.sys
0xB37E7000 \??\C:\Windows\system32\Drivers\vmci.sys
0xB4C0E000 \??\C:\Windows\system32\Drivers\vmx86.sys
0xB4CDD000 \SystemRoot\System32\Drivers\adfs.SYS
0xB4CEE000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB4CF2000 \SystemRoot\system32\drivers\peauth.sys
0xB4DD0000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB4DDA000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB4DE6000 \SystemRoot\system32\DRIVERS\v2imount.sys
0xB4DEE000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
0xB4DF3000 \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
0xB4DF7000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xB37C5000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77CA0000 \Windows\System32\ntdll.dll

Processes (total 77):
0 System Idle Process
4 System
556 C:\Windows\System32\smss.exe
692 csrss.exe
736 csrss.exe
744 C:\Windows\System32\wininit.exe
784 C:\Windows\System32\services.exe
808 C:\Windows\System32\winlogon.exe
824 C:\Windows\System32\lsass.exe
844 C:\Windows\System32\lsm.exe
988 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\audiodg.exe
1360 C:\Windows\System32\svchost.exe
1376 C:\Windows\System32\SLsvc.exe
1452 C:\Windows\System32\svchost.exe
1540 C:\Program Files\WTouch\WTouchService.exe
1656 C:\Windows\System32\svchost.exe
1756 C:\Windows\System32\WLTRYSVC.EXE
1768 C:\Windows\System32\BCMWLTRY.EXE
1844 C:\Windows\System32\spoolsv.exe
1868 C:\Windows\System32\svchost.exe
1992 C:\Windows\System32\AEstSrv.exe
2024 C:\Windows\System32\svchost.exe
2040 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
224 C:\Program Files\Bonjour\mDNSResponder.exe
352 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
656 C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
684 C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
1512 C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe
1664 C:\Windows\System32\stacsv.exe
984 C:\Windows\System32\svchost.exe
2012 C:\Windows\System32\Pen_Tablet.exe
2240 C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
2300 C:\Windows\System32\vmnat.exe
2348 C:\Program Files\RealVNC\VNC4\winvnc4.exe
2404 C:\Windows\System32\SearchIndexer.exe
2476 C:\Windows\System32\drivers\XAudio.exe
2488 dllhost.exe
2540 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2616 C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
2728 C:\Windows\System32\vmnetdhcp.exe
2600 C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe
2472 C:\Windows\System32\taskeng.exe
1908 C:\Program Files\WTouch\WTouchUser.exe
2968 C:\Windows\System32\dwm.exe
2956 C:\Windows\explorer.exe
3428 C:\Program Files\DellTPad\Apoint.exe
956 C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
3432 C:\Windows\System32\hkcmd.exe
1532 C:\Windows\System32\igfxpers.exe
3308 C:\Program Files\Logitech\SetPointP\SetPoint.exe
1292 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3368 C:\Program Files\iTunes\iTunesHelper.exe
2588 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
1096 C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
3256 C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
2592 C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
3516 C:\Users\atcmonke\AppData\Local\Google\Update\GoogleUpdate.exe
3600 C:\Program Files\Dell\QuickSet\quickset.exe
3468 C:\Program Files\Vista & XP Virtual Desktops\Virtual Desktops.exe
1492 C:\Windows\System32\igfxsrvc.exe
1132 C:\Windows\System32\wbem\unsecapp.exe
3128 WmiPrvSE.exe
3504 C:\Program Files\DellTPad\ApMsgFwd.exe
3704 C:\Users\atcmonke\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
3424 C:\Program Files\iPod\bin\iPodService.exe
672 C:\Program Files\DellTPad\hidfind.exe
3484 C:\Program Files\DellTPad\ApntEx.exe
4244 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
4652 C:\Windows\System32\taskeng.exe
5060 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
5900 C:\Windows\System32\msfeedssync.exe
6080 C:\Users\atcmonke\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000031`85c28600 (HFSJ)

PhysicalDrive0 Model Number: WDCWD3200BEVT-00ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 9E043D80D3AFEC13FA3F6DEBC13C86B31DC0B818


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!




Will this disable my dualboot? I know how to get it back but wondering if it will disable it.
Also, I know we're not finished, I've been using Chrome to do all the forum replies; i know you'll let me know when I am
finally finished but let me know when to use firefox again to test everything out. Thanks m0le.

To be honest I'm not sure. I don't believe it will.


The rewrite using MBRCheck hasn't worked, but don't worry we can do this a few other ways.

Locate your Vista disk.

If your PC is not booting from the CD, you need to change the boot order:

• Restart your PC
• As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
• Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
• Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
• The tab should now show your current boot order.
  If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
• Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
• Your PC should now boot from your CD.
  Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

• Select your Vista Install from the list in Windows Boot Manager
  
  · Microsoft Vista Setup (x86)
  · Microsoft Vista Setup (x64)
  
  
• Press enter.
  
• You will then see Windows is Loading Files.
  
• Next, the Language Screen will come up. Since you have already selected this option when you installed Vista, just click on Next.
  
• Now you will see the Vista Installation Screen.
  
  DO NOT CHOOSE Install Now
  
  Instead, towards the bottom left of the window you will see.
  
  · What to know before installing Windows
  
  · Repair your Computer
  
  Choose and click on Repair your Computer
  
• Select "1" Startup repair

Exit the recovery console, reboot your PC and then run MBRCheck and post the log.

having trouble locating recovery disc. please give a bit more time.

I downloaded a generic Vista Recovery disc and ran the repair and got an error.


Problem signature:
Problem Event Name: StartupRepairV2
Problem Signature 01: ExternalMedia
Problem Signature 02: 6.0.6000.116386.6.0.6001.18000
Problem Signature 03: 6
Problem Signature 04: 196611
Problem Signature 05: NoRootCause
Problem Signature 06: NoRootCause
Problem Signature 07: 0
Problem Signature 08: 1
Problem Signature 09: SystemRestore
Problem Signature 10: 0
OS Version: 6.0.6000.2.0.0.256.1
Locale ID: 1033

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x0409


I am typing this up on my desktop, the problem is on a laptop.
I will post up the log after this post.

Here is the attachment of the latest MBRCheck log.

No go there.

Try these instructions to burn the Vista repair disk.

1. Put the disk in the disk drive, and then start the computer.
2. Press a key when you are prompted.
3. Select a language, a time, a currency, a keyboard or an input method, and then click Next.
4. Click Repair your computer.
5. Click the operating system that you want to repair, and then click Next.
6. In the System Recovery Options dialog box, click Command Prompt.
7. Type Bootrec.exe, and then press ENTER.
8. Type bootrec.exe /FixMbr

Found my Dell Recovery Disc. I did the bootrec.exe /FixMbr and here is the new MBRCheck Log.