I'm trying to get rid of two malware infections on my computer. First is the redirect malware that redirects all my search results to random pages. Second is System Check. This thing got ahold of my computer and really messed things up. I was finally able to download and run Malwarebytes and have restored most functions on my computer. But I still have many folder and files that I can’t access, and there are still some shortcuts and favorites that have not restored.
Thanks for the help

Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Database version: v2012.02.17.02
Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Jan :: DELL [administrator]
2/17/2012 9:22:43 AM
mbam-log-2012-02-17 (09-22-43).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 354818
Time elapsed: 1 hour(s), 10 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-21 08:32:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDS728080PLAT20 rev.PF2OA27A
Running: v9n994os.exe; Driver: C:\DOCUME~1\Jan\LOCALS~1\Temp\pxtdapob.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
SSDT spgu.sys ZwEnumerateKey [0xF74FCDA4]
SSDT spgu.sys ZwEnumerateValueKey [0xF74FD132]
SSDT spgu.sys ZwOpenKey [0xF74E40C0]
SSDT spgu.sys ZwQueryKey [0xF74FD20A]
SSDT spgu.sys ZwQueryValueKey [0xF74FD08A]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]

INT 0x62 ? 8A811BF8
INT 0x63 ? 8A637BF8
INT 0x73 ? 8A637BF8
INT 0x73 ? 8A637BF8
INT 0x82 ? 8A811BF8
INT 0xB4 ? 8A637BF8

---- Kernel code sections - GMER 1.0.15 ----

? spgu.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B98D88AC 5 Bytes JMP 8A6371D8
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB97D0F80]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1840] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\WINDOWS\Explorer.EXE[1840] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\LifePics\LifeSync\LifeSync.exe[1904] shell32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\LifePics\LifeSync\LifeSync.exe[1904] shell32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[2816] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[2816] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe[2936] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe[2936] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Brother\ControlCenter2\brctrcen.exe[3128] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Brother\ControlCenter2\brctrcen.exe[3128] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3204] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3204] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Documents and Settings\Jan\Desktop\v9n994os.exe[3280] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Documents and Settings\Jan\Desktop\v9n994os.exe[3280] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\DellSupport\DSAgnt.exe[3676] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text C:\Program Files\DellSupport\DSAgnt.exe[3676] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text c:\program files\common files\installshield\updateservice\isuspm.exe[3752] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
.text c:\program files\common files\installshield\updateservice\isuspm.exe[3752] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A8132D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F750FDDC] spgu.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F750FE30] spgu.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74E5042] spgu.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74E513E] spgu.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74E50C0] spgu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74E5800] spgu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74E56D6] spgu.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A6372D8

---- Devices - GMER 1.0.15 ----

Device 8A8101F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device 8A0BA1F8
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-0 8A4B81F8
Device \Driver\usbuhci \Device\USBPDO-1 8A4B81F8
Device \Driver\usbuhci \Device\USBPDO-2 8A4B81F8
Device \Driver\usbehci \Device\USBPDO-3 8A6281F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\USBSTOR \Device\00000062 8A1961F8
Device \Driver\USBSTOR \Device\00000063 8A1961F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7A61F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7A61F8
Device \Driver\Cdrom \Device\CdRom0 8A61F1F8
Device \Driver\Cdrom \Device\CdRom1 8A61F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A7A61F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A7A61F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1446A377-3821-403F-9A8F-4FAB79DC2928} 8A1F2500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A1F2500
Device \Driver\NetBT \Device\NetbiosSmb 8A1F2500

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 8A4B81F8
Device \Driver\usbuhci \Device\USBFDO-1 8A4B81F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A1B11F8
Device \Driver\usbuhci \Device\USBFDO-2 8A4B81F8
Device 8A1B11F8
Device \Driver\usbehci \Device\USBFDO-3 8A6281F8
Device \Driver\Ftdisk \Device\FtControl 8A7A61F8

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs 8A06E500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{32C0D695-970E-464D-5B5C-F043F042CA9A}\InprocServer32@ C:\WINDOWS\system32\COMCTL32.OCX
Reg HKLM\SOFTWARE\Classes\CLSID\{9F24EC95-B232-FBF6-D67B-4CF36A1144A7}\InprocServer32@ C:\Program Files\Musicmatch\Musicmatch Jukebox\MMRadioEngine.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{9F24EC95-B232-FBF6-D67B-4CF36A1144A7}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{9F24EC95-B232-FBF6-D67B-4CF36A1144A7}\ProgID@ MMRadioEngine.RadioEngineObj.1
Reg HKLM\SOFTWARE\Classes\CLSID\{9F24EC95-B232-FBF6-D67B-4CF36A1144A7}\TypeLib@ {0C5D39A3-460B-11D4-ADE1-0050DACD3DB9}
Reg HKLM\SOFTWARE\Classes\CLSID\{9F24EC95-B232-FBF6-D67B-4CF36A1144A7}\VersionIndependentProgID@ MMRadioEngine.RadioEngineObj
Reg HKLM\SOFTWARE\Classes\CLSID\{D699BD77-1D24-645F-2FBC-5C3D1DB6FED7}\InProcServer32@ C:\WINDOWS\ime\sptip.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{D699BD77-1D24-645F-2FBC-5C3D1DB6FED7}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E4379E50-68C5-D33E-7FBA-56058C6AAC72}\InprocServer32@ C:\Program Files\Musicmatch\Musicmatch Jukebox\MusicNet\mninet20.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{E4379E50-68C5-D33E-7FBA-56058C6AAC72}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E4379E50-68C5-D33E-7FBA-56058C6AAC72}\ProgID@ MNInetYahooMM.MNBrowseArtists.1
Reg HKLM\SOFTWARE\Classes\CLSID\{E4379E50-68C5-D33E-7FBA-56058C6AAC72}\TypeLib@ {67D3F5B4-CF95-7E65-12A1-F45849F139A4}
Reg HKLM\SOFTWARE\Classes\CLSID\{E4379E50-68C5-D33E-7FBA-56058C6AAC72}\VersionIndependentProgID@ MNInetYahooMM.MNBrowseArtists

---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Jan at 8:54:08 on 2012-02-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.922 [GMT -7:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LifePics\LifeSync\LifeSync.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.shockwave.com/contentPlay/shockwave.jsp?id=dinerdash&refCode=&brand=ag"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SetDefPrt] c:\program files\brother\brmfl04b\BrStDvPt.exe
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [Iomega Drive Icons] c:\program files\iomega\driveicons\ImgIcon.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Deskup] c:\program files\iomega\driveicons\deskup.exe /IMGSTART
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.e xe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManage r.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LifeSync] c:\program files\lifepics\lifesync\LifeSync.exe caslevi224@yahoo.com
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [BEwayyOQwaSlI.exe] c:\documents and settings\all users\application data\BEwayyOQwaSlI.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe " -t
dRun: [wpoualqg] c:\documents and settings\networkservice\local settings\application data\jfbkafeha\vifwcnxtssd.exe
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mca fee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ris cor~1.lnk - c:\program files\risco readerkey2 client\rk2client.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: convergys.com\sharepoint
Trusted Zone: google.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: myitlab.com
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
Trusted Zone: musicmatch.com\online
DPF: PUFLITE - hxxp://2levis.point2agent.com/Office/ColpaControls/Photo/Control/PUFLITE.CAB
DPF: {00110000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://docimg.co.utah.ut.us/bmiweb/controls/ltocx11n.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://uvapps.uvsc.edu/ScriptX/smsx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB40} - hxxp://161.28.215.210/home/SonySncZ20View.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://161.28.166.230/activex/AxisCamControl.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://pcpitstop.com/mhLbl.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - hxxp://161.28.163.226/activex/AMC.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://maceys.lifepics.com/net/Uploader/LPUploader57.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} - hxxp://uvscnet.com/cameras/xplugLiteAL.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://download-games.pogo.com/online2/pogo/diner_dash/DinerDash.1.0.0.80.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://161.28.215.212/activex/AMC.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} - hxxp://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://66.237.84.30/user/TSBnwCam.CAB
TCP: DhcpNameServer = 160.7.240.20 160.7.240.4
TCP: Interfaces\{1446A377-3821-403F-9A8F-4FAB79DC2928} : DhcpNameServer = 160.7.240.20 160.7.240.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jan\application data\mozilla\firefox\profiles\3na5t7aa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillapl ugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\jan\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-7-15 64512]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-3 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-3 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-3 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-3 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-3 297752]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-6-20 2152152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-6-20 15232]
S1 MpKsl2f7a35e9;MpKsl2f7a35e9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49402ecb-c49d-4155-b0e7-02e27255437a}\mpksl2f7a35e9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49402ecb-c49d-4155-b0e7-02e27255437a}\MpKsl2f7a35e9.sys [?]
S1 MpKsl5a88931f;MpKsl5a88931f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0380a1c2-a655-41fe-982a-e48eefbf0812}\mpksl5a88931f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0380a1c2-a655-41fe-982a-e48eefbf0812}\MpKsl5a88931f.sys [?]
S1 MpKsl647518f9;MpKsl647518f9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0265be02-992c-4f2e-92c4-0339edc21047}\mpksl647518f9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0265be02-992c-4f2e-92c4-0339edc21047}\MpKsl647518f9.sys [?]
S1 MpKsl6a240e17;MpKsl6a240e17;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0d2e2eea-3f05-4ba2-a22f-84dd301cc77a}\mpksl6a240e17.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0d2e2eea-3f05-4ba2-a22f-84dd301cc77a}\MpKsl6a240e17.sys [?]
S1 MpKslb87078dc;MpKslb87078dc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{889e0cf4-357f-41c7-b75c-eb5e198c76c5}\mpkslb87078dc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{889e0cf4-357f-41c7-b75c-eb5e198c76c5}\MpKslb87078dc.sys [?]
S1 MpKslcca61cef;MpKslcca61cef;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fc542c36-d7b4-4364-ae27-9cba6cb76053}\mpkslcca61cef.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fc542c36-d7b4-4364-ae27-9cba6cb76053}\MpKslcca61cef.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c988f24423eabc;Google Update Service (gupdate1c988f24423eabc);c:\program files\google\update\GoogleUpdate.exe [2009-2-7 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-7 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
.
=============== Created Last 30 ================
.
2012-02-14 13:58:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-22 16:23:59 -------- d--h--w- c:\documents and settings\jan\local settings\application data\Amazon
2012-01-22 16:23:38 -------- d-----w- c:\program files\Amazon
.
==================== Find3M ====================
.
2012-02-16 16:08:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-16 16:08:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-13 19:52:04 104 --sh--r- c:\windows\system32\11F256692C.sys
2012-02-13 19:52:03 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-12-10 22:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 17:08:21 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19 293376 ---ha-w- c:\windows\system32\winsrv.dll
2007-08-13 21:07:14 532480 -c-ha-w- c:\program files\CWShredder.exe
2006-01-25 01:31:18 11817800 -c--a-w- c:\program files\GoogleEarth.exe
.
============= FINISH: 9:04:12.46 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/25/2005 1:09:14 PM
System Uptime: 2/20/2012 10:24:59 PM (11 hours ago)
.
Motherboard: Dell Computer Corp. | | 0CF458
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 8.039 GiB free.
D: is CDROM ()
E: is CDROM ()
H: is FIXED (FAT32) - 466 GiB total, 384.89 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP204: 1/20/2012 9:49:55 AM - Removed TurboTax 2008 WinPerUserEducation
RP205: 1/20/2012 9:50:38 AM - Removed TurboTax 2008 WinPerProgramHelp
RP206: 1/20/2012 9:51:35 AM - Removed TurboTax 2008 WinPerTaxSupport
RP207: 1/20/2012 9:52:15 AM - Removed TurboTax 2008 WinPerFedFormset
RP208: 1/20/2012 9:53:06 AM - Removed TurboTax 2008 WinPerReleaseEngine
RP209: 1/20/2012 9:54:59 AM - Removed TurboTax 2008 wrapper
RP210: 1/20/2012 10:02:05 AM - Removed Scrabble 2
RP211: 1/20/2012 10:03:57 AM - Configured DIY Deck Designer 6.5.4 - The Home Depot
RP212: 1/21/2012 12:10:06 PM - System Checkpoint
RP213: 1/22/2012 12:36:23 PM - System Checkpoint
RP214: 1/23/2012 1:36:11 PM - System Checkpoint
RP215: 1/24/2012 2:36:11 PM - System Checkpoint
RP216: 1/25/2012 3:52:10 PM - System Checkpoint
RP217: 1/26/2012 9:40:13 AM - Avg8 Update
RP218: 1/26/2012 9:41:58 AM - Avg8 Update
RP219: 1/27/2012 10:25:51 AM - System Checkpoint
RP220: 1/28/2012 10:36:13 AM - System Checkpoint
RP221: 1/29/2012 10:37:22 AM - System Checkpoint
RP222: 1/30/2012 11:36:23 AM - System Checkpoint
RP223: 1/31/2012 12:29:54 PM - System Checkpoint
RP224: 2/1/2012 1:41:38 PM - System Checkpoint
RP225: 2/2/2012 2:30:03 PM - System Checkpoint
RP226: 2/3/2012 3:30:03 PM - System Checkpoint
RP227: 2/4/2012 3:48:37 PM - System Checkpoint
RP228: 2/4/2012 5:20:12 PM - Installed TurboTax 2011 wrapper
RP229: 2/5/2012 5:29:43 PM - System Checkpoint
RP230: 2/6/2012 6:29:38 PM - System Checkpoint
RP231: 2/7/2012 9:18:59 AM - Installed TurboTax 2011 wutiper
RP232: 2/8/2012 9:42:14 AM - System Checkpoint
RP233: 2/9/2012 10:05:22 AM - System Checkpoint
RP234: 2/10/2012 10:29:34 AM - System Checkpoint
RP235: 2/11/2012 10:34:49 AM - System Checkpoint
RP236: 2/12/2012 11:30:40 AM - System Checkpoint
RP237: 2/13/2012 226 PM - System Checkpoint
RP238: 2/14/2012 2:45:23 PM - System Checkpoint
RP239: 2/15/2012 3:45:15 PM - System Checkpoint
RP240: 2/16/2012 9:07:42 AM - Removed Java(TM) 6 Update 10
RP241: 2/16/2012 9:08:35 AM - Installed Java(TM) 6 Update 31
RP242: 2/17/2012 10:07:56 AM - System Checkpoint
RP243: 2/18/2012 10:46:36 AM - System Checkpoint
RP244: 2/19/2012 11:01:07 AM - System Checkpoint
RP245: 2/20/2012 11:51:55 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
A Fresh Start Quick Pages-(LeeLou)
Active Disk
Ad-Aware
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS5.1
Adobe Premiere Pro CS5.5
Adobe Reader 8.3.1
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
All I Want for Christmas Pack
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Autumn Flair
AVG Free 8.5
AXIS Media Control Embedded
Batty Backgrounds
Big Fish Games: Game Manager
Birthday Flair
Bonjour
Brother 1440
Brother MFL-Pro Suite
Brownie
CCleaner (remove only)
CCScore
Celebrate Summer Extras
Christel's Wedding Frame
Christmas Snow
Classmates
ColorDot Papers
Corel Photo Album 6
Cottage Dreams Cluster Single
Coupon Printer for Windows
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell System Restore
DellSupport
Diner Dash
Dirty Denim Monograms
Empty Nest Quick Page
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
Family Feud
Fleur de Lis
Flower Doodles
Flower Shoppe
Google Earth
Google Update Helper
GroupWise
Happy Go Lucky Papers
HLPPDOCK
Holiday Glow
Honeycomb Solids-(StyRock)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hugs and Kisses Quick Page 2-(paperst)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
InterActual Player
Internet Explorer Default Page
IomegaWare 4.0.3
It Happened This Year Borders
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 31
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Jingle Bells Extras-(MagsGfx)
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kitty and Tweet Quick Page
Kodak EasyShare software
KSU
LDS Activities 7.2
Learn2 Player (Uninstall Only)
LifeSync
Little Princess Quick Page
Lovable Huggable You
Loved Ones Extras
Loving You 2
Macromedia Flash Player
Malwarebytes Anti-Malware version 1.60.1.1000
Maple
Marble Drop
McAfee Security Scan Plus
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MSDN 2005 Express Edition - ENU
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Moment
Move Media Player
Mozilla Firefox 10.0.2 (x86 en-US)
MS Access 97 SP2
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Musicmatch® Jukebox
My Memories Suite 2.0
MyITLab ActiveX Installer 2, 9, 8, 65535
Never Stop Smiling Quick Page
Notifier
OfotoXMI
OTtBP
OTtBPSDK
PaperPort
Passion Pink-(bryan73)
PDF Settings CS5
PowerDVD 5.5
Pumpkin Flair-(StyRock)
PxMergeModule
QuickTime
RealPlayer
RealUpgrade 1.0
Revo Uninstaller 1.89
Roots and Branches Quick Page Sampler
SA30xx Device Manager
SA30xx Media Converter
Scarecrow Wannabe Quick Page
Scripture Heroes Word Art
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
Sibelius Scorch (ActiveX Only)
SimCity 3000 Unlimited
SKIN0001
SKINXSDK
Snow in Love Quick Page
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Splendor Quick Page
Spring It On Extras
Stars & Stripes Monograms
staticcr
Theme Hospital
This is My Day!
Transverse
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2009 wutiper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2011 wutiper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vine Overlay
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WD Diagnostics
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows NT Messaging
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WIRELESS
WordPerfect Office 12
Worn Paper Pack
.
==== Event Viewer Messages From Past Week ========
.
2/21/2012 8:54:30 AM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
2/20/2012 11:22:27 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
2/20/2012 11:09:42 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
2/20/2012 10:32:49 PM, error: System Error [1003] - Error code 1000007f, parameter1 0000000d, parameter2 00000000, parameter3 00000000, parameter4 00000000.
2/17/2012 7:42:38 PM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 001320AEE419 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/14/2012 7:43:47 AM, error: Service Control Manager [7022] - The Intuit Update Service v4 service hung on starting.
2/14/2012 7:41:17 PM, error: Dhcp [1002] - The IP address lease 192.168.1.106 for the Network Card with network address 001320AEE419 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/14/2012 6:41:05 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
.
==== End Of File ===========================

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== ===========

You're running 3 AV programs, Lavasoft Ad-Watch Live! Anti-Virus, AVG and MSE.
TWO of them have to go.
If AVG is one of them use AVG Remover to uninstall it: AVG - Download tools and utilities

I still need aswMBR log.

I'm removing AVG and Lavasoft. I haven't been able to run MSE (Microsoft Security Essentials) since the redirect malware got ahold of things. I uninstalled it and reinstalled it, but couldn't even find it to run it. Heres the aswMBR log.

aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-21 08:35:44
-----------------------------
08:35:44.656 OS Version: Windows 5.1.2600 Service Pack 3
08:35:44.656 Number of processors: 1 586 0x401
08:35:44.656 ComputerName: DELL UserName: Jan
08:36:26.734 Initialize success
08:44:00.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:44:00.968 Disk 0 Vendor: HDS728080PLAT20 PF2OA27A Size: 76293MB BusType: 3
08:44:01.156 Disk 0 MBR read successfully
08:44:01.156 Disk 0 MBR scan
08:44:01.156 Disk 0 unknown MBR code
08:44:01.171 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 31 MB offset 63
08:44:01.187 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 73076 MB offset 64260
08:44:01.234 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3176 MB offset 149725800
08:44:01.328 Disk 0 scanning sectors +156232125
08:44:01.703 Disk 0 scanning C:\WINDOWS\system32\drivers
08:44:35.843 Service scanning
08:47:23.484 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
08:47:43.656 Modules scanning
08:48:25.531 Disk 0 trace - called modules:
08:48:26.078 ntoskrnl.exe CLASSPNP.SYS DISK.SYS iomdisk.sys hal.dll atapi.sys spgu.sys >>UNKNOWN [0x8a7c5938]<<
08:48:26.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a760ab8]
08:48:26.078 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8a737d78]
08:48:26.093 5 iomdisk.sys[f7717bc3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a80fd98]
08:48:26.093 Scan finished successfully
08:52:58.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jan\Desktop\MBR.dat"
08:52:58.296 The log file has been saved successfully to "C:\Documents and Settings\Jan\Desktop\aswMBR.txt"

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Here is the Combofix log

ComboFix 12-02-21.02 - Jan 02/21/2012 1926.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1324 [GMT -7:00]
Running from: c:\documents and settings\Jan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\~FjjsPPOSZAHujl
c:\documents and settings\All Users\Application Data\~FjjsPPOSZAHujlr
c:\documents and settings\All Users\Application Data\Dell
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\AxInterop.SHDocVw.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\BackgroundCopyManager.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\da-DK\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\da\TransferAgent.resources .dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\de-DE\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\de\TransferAgent.resources .dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\en-US\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\en\TransferAgent.resources .dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\es-ES\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\es\TransferAgent.resources .dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\fi-FI\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\fi\TransferAgent.resources .dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\fr-FR\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\fr\TransferAgent.resources .dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\Interop.SHDocVw.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\it-IT\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\it\TransferAgent.resources .dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\ja-JP\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\ja\TransferAgent.resources .dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\ko-KR\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\ko\TransferAgent.resources .dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\Microsoft.Msdn.Samples.BIT S.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_da-DK.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_de-DE.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_en-US.htm
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_en-US.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_en.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_es-ES.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_fi-FI.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_fr-FR.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_it-IT.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_ja-JP.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_ko-KR.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_nb-NO.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_nl-BE.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_nl-NL.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_pt-BR.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_sv-FI.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_sv-SE.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_zh-CN.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_zh-HK.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_zh-TW.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\nb-NO\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\nl-BE\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\nl-NL\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\nl\TransferAgent.resources .dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\nn-NO\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\no\TransferAgent.resources .dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\pt-BR\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\pt\TransferAgent.resources .dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\SIDUtilities.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\sv-FI\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\sv-SE\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\sv\TransferAgent.resources .dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe.config
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\zh-CHS\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\zh-CHT\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\zh-CN\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\zh-HK\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\zh-TW\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\FjjsPPOSZAHujl
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Cheryl\WINDOWS
c:\documents and settings\Jan\eqffw32.dll
c:\documents and settings\Jan\eqfow32.dll
c:\documents and settings\Jan\eqfow32a.dll
c:\documents and settings\Jan\eqfow32b.dll
c:\documents and settings\Jan\eqfow32c.dll
c:\documents and settings\Jan\ProcessMSV8Dgn.exe
c:\documents and settings\Jan\Start Menu\Programs\System Check
c:\documents and settings\Jan\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\Jan\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\documents and settings\Jan\WINDOWS
c:\documents and settings\Marshall\WINDOWS
c:\documents and settings\Paige\WINDOWS
c:\documents and settings\Tara\WINDOWS
c:\program files\Common Files\rizo
c:\program files\Common Files\rizo\rizoa.lck
c:\program files\Common Files\rizo\rizod\class-barrel
c:\program files\Common Files\rizo\rizoh
c:\program files\Common Files\rizo\rizol.lck
c:\program files\Common Files\rizo\rizom.lck
c:\program files\Common Files\rizo\rizop.lck
c:\program files\outlook
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.pn g
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\custom er_cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart. png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_d own.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_u p.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates .png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket .png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.p ng
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainme numusic.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_brin g_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deli ver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deli ver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dine r.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish _dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food _ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain _heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_ drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_part y_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_penc il_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pick up_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_roll over_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat _people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choose difficulty.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credit s.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lo se.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_wi n.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1. jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2. jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highsc ores.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\leveli ntro.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\leveli ntro_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelo ver.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelo ver_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainme nu.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup. jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_ mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgrad egrid.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgrad etitle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell .jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_ blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_ yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright _blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright _yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue. png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yello w.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk. png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalku p.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu _blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu _yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.p ng
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_ove r.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.pn g
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.p ng
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueov er.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_bl ue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_ye llow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_b lue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_y ellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over. png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshi ft.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshi ft_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over. png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over. png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores .png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores _over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructio ns_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructio ns_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.p ng
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayov er.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_ove r.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.p ng
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup .png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover. png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.p ng
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameov er.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.p ng
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame .png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.p ng
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.p ng
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainov er.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_ov er.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up .png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal .png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighsc ore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighsc oreon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal. png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalu p.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jp g
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xm l
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xm l
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male \anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male \blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male \blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male \blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male \green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male \green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male \green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male \purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male \purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male \purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male \red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male \red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male \red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male \yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male \yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male \yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_fe male\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_fe male\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_fe male\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_fe male\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_fe male\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_fe male\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_fe male\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_fe male\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_fe male\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_fe male\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_fe male\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_fe male\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_fe male\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_fe male\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_fe male\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_fe male\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.m vec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.pn g
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xm l
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top .png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top .png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart .png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart .xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinksta tion_off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinksta tion_on1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinksta tion_on2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketst ation.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketst ation.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown. png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdowno n.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft. png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefto n.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright .png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.pn g
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon. png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.p ng
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_ 1.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_ 1_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_ 1_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_ 1_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_ 2.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_ 2_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_ 2_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_ 2_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_ 2_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_ 3.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_ 3_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_ 3_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_ 3_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_ 3_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_leve l_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_leve l_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_lev el_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_lev el_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\ background.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\ food\food1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\ food\food1.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\ food\food2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\ food\food2.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\ food\food3.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\ food\food3.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\ frames\upgrade_0001.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\ tables\2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\ tables\2top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\ tables\4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\ tables\4top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\ upgrades.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tables hadow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosediff iculty.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplay er.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserest aurant.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lu a
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighsco re.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lu a
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinf o.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresub mit.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro .lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover. lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lu a
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.l ua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.l ua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialin tro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lu a
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.l ua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.pn g
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabspla sh.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_l ogo.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee. png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables. png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpap er.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.p ng
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.pn g
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.p ng
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_charac ter.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.p ng
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks .png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitre d.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.p ng
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select .png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes. png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo .png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table. png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\EventSystem.log
c:\windows\system32\micro1
H:\autorun.inf
H:\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
.
.
2012-02-14 13:58 . 2012-02-14 13:58 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-02-16 16:08 . 2007-04-20 17:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-16 16:08 . 2010-07-19 20:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 22:24 . 2010-07-02 02:34 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 17:08 . 2011-08-17 18:24 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2004-08-10 18:51 293376 ---ha-w- c:\windows\system32\winsrv.dll
2007-08-13 21:07 . 2007-08-13 21:07 532480 -c-ha-w- c:\program files\CWShredder.exe
2006-01-25 01:31 . 2006-01-25 01:30 11817800 -c--a-w- c:\program files\GoogleEarth.exe
2012-02-20 00:41 . 2011-11-12 16:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"SetDefPrt"="c:\program files\Brother\Brmfl04b\BrStDvPt.exe" [2004-05-25 49152]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-10-06 110592]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.e xe" [2005-10-06 8192]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2010-03-24 75320]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" [2011-03-16 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManage r.exe" [2011-01-12 1523360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"LifeSync"="c:\program files\LifePics\LifeSync\LifeSync.exe" [2010-05-28 9171384]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Risco ReaderKEY2 Client.lnk - c:\program files\Risco ReaderKEY2 Client\rk2client.exe [N/A]
.
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\program files\MSN\rtememo.html
FriendlyName=
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Novell\\GroupWise\\grpwise.exe"=
"c:\\Novell\\GroupWise\\notify.exe"=
"%windir%\\system32\\sessmgr.exe"=
"h:\\World of Warcraft\\Launcher.exe"=
"h:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"h:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"h:\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/5/2011 6:58 PM 691696]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
S1 MpKsl2f7a35e9;MpKsl2f7a35e9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{49402ECB-C49D-4155-B0E7-02E27255437A}\MpKsl2f7a35e9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{49402ECB-C49D-4155-B0E7-02E27255437A}\MpKsl2f7a35e9.sys [?]
S1 MpKsl5a88931f;MpKsl5a88931f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0380A1C2-A655-41FE-982A-E48EEFBF0812}\MpKsl5a88931f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0380A1C2-A655-41FE-982A-E48EEFBF0812}\MpKsl5a88931f.sys [?]
S1 MpKsl647518f9;MpKsl647518f9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0265BE02-992C-4F2E-92C4-0339EDC21047}\MpKsl647518f9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0265BE02-992C-4F2E-92C4-0339EDC21047}\MpKsl647518f9.sys [?]
S1 MpKsl6a240e17;MpKsl6a240e17;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D2E2EEA-3F05-4BA2-A22F-84DD301CC77A}\MpKsl6a240e17.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D2E2EEA-3F05-4BA2-A22F-84DD301CC77A}\MpKsl6a240e17.sys [?]
S1 MpKslb87078dc;MpKslb87078dc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{889E0CF4-357F-41C7-B75C-EB5E198C76C5}\MpKslb87078dc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{889E0CF4-357F-41C7-B75C-EB5E198C76C5}\MpKslb87078dc.sys [?]
S1 MpKslcca61cef;MpKslcca61cef;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC542C36-D7B4-4364-AE27-9CBA6CB76053}\MpKslcca61cef.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC542C36-D7B4-4364-AE27-9CBA6CB76053}\MpKslcca61cef.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1c988f24423eabc;Google Update Service (gupdate1c988f24423eabc);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2009 12:04 AM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2009 12:04 AM 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 10:15 AM 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [1/9/2010 8:37 PM 4640000]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Lavasoft Kernexplorer
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\AdobeAAMUpdater-1.0-DELL-Jan.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.e xe [2011-11-13 00:42]
.
2012-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 07:03]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 07:03]
.
2012-02-21 c:\windows\Tasks\LifeSync.job
- c:\program files\LifePics\LifeSync\LifeSync.exe [2010-05-28 20:24]
.
2012-02-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-193927594-1547177712-2939904102-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
.
2012-02-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-193927594-1547177712-2939904102-1015.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
.
2012-02-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-193927594-1547177712-2939904102-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
.
2012-02-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-193927594-1547177712-2939904102-1015.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: convergys.com\sharepoint
Trusted Zone: google.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: myitlab.com
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 160.7.240.20 160.7.240.4
DPF: PUFLITE - hxxp://2levis.point2agent.com/Office/ColpaControls/Photo/Control/PUFLITE.CAB
DPF: {00110000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://docimg.co.utah.ut.us/bmiweb/controls/ltocx11n.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - hxxp://161.28.163.226/activex/AMC.cab
DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} - hxxp://uvscnet.com/cameras/xplugLiteAL.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://download-games.pogo.com/online2/pogo/diner_dash/DinerDash.1.0.0.80.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://161.28.215.212/activex/AMC.cab
DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} - hxxp://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://66.237.84.30/user/TSBnwCam.CAB
FF - ProfilePath - c:\documents and settings\Jan\Application Data\Mozilla\Firefox\Profiles\3na5t7aa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-BEwayyOQwaSlI.exe - c:\documents and settings\All Users\Application Data\BEwayyOQwaSlI.exe
HKU-Default-RunOnce-AutoLaunch - c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe
Notify-avgrsstarter - avgrsstx.dll
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-21 20:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\03\05\13\0d0\0cO"
.
Completion time: 2012-02-21 20:27:23
ComboFix-quarantined-files.txt 2012-02-22 03:27
ComboFix2.txt 2007-08-10 00:20
.
Pre-Run: 9,233,924,096 bytes free
Post-Run: 14,528,823,296 bytes free
.
- - End Of File - - 001D34423427467D2FC49725C8F0EAB4

Looks good.

How is computer doing?

If MSE is not working see if you can reinstall it.

Then....

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Things are much improved, thank you. MSE seems to be working, no more redirects, and the lingering effects of System Check seem to be gone, i.e. desktop icons appear normal and the remaining files, favoirtes, and shortcuts are all restored. I downloaded OTL, but I cant get it to run. I get an error "Exception EOleSysError in module OTL.exe at 00571A5. Class not registered." I deleted it and downloaded again, same error. Also, and I dont know if this is related to what we have done, the sound on my computer has really crapped out. For lack of a better term, it sounds really crackly and distorted.

Download BTKR_RunBox to your desktop.

Double click on downloaded BTKR_RunBox.exe file.
Small RunBox DOS window will open.
Press any key to continue.
Press "1" to select "Run a scan with Bootkit Remover" option.
Press "Enter".
Press "Enter" one more time to generate log.
Click OK, IF any "Warning" message pops up.
Notepad will open with Bootkit Remover log.
Copy the content and post it in your next reply.
In RunBox press "4" then Enter to exit it.

NOTE. In case you lost the log it's also located on your desktop as "scan.txt"

================================================== =========

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  
• Otherwise just double-click on RogueKiller.exe
• Click on SCAN.
  [/b]
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Here are those logs

Bootkit Remover
(c) 2009 eSage Lab
Esage Lab - Digital security research and consulting - Main
Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`01f60800
Boot sector MD5 is: e7e6f498a5aad54bc8d066e2192a8456

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;


RogueKiller V7.1.0 [02/15/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: RogueKiller - Geeks to Go Forums
Blog: tigzy-RK

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Jan [Admin rights]
Mode: Scan -- Date: 02/21/2012 23:49:50

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[PROXY IE] HKLM\[...]\Internet Settings : ProxyServer (hxxp=localhost:7171) -> FOUND
[PROXY IE] HKLM\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HDS728080PLAT20 +++++
--- User ---
[MBR] d06eb76b96488697c3dec4a5670a5599
[BSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 73076 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 149725800 | Size: 3176 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WD 5000AAV External USB Device +++++
--- User ---
[MBR] 07886398f5223b638cfda8b3ebd2ffd6
[BSP] 96545aae4c3a8e5d84fbb99372be0652 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.