Error messages as soon as PC starts; no programs will open

[lemonlime]

I updated MBAM which was already installed.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.19.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Compaq_Administrator :: YOUR-4DACD0EA75 [administrator]

Protection: Enabled

8/19/2012 12:45:48 AM
mbam-log-2012-08-19 (00-45-48).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 349559
Time elapsed: 2 hour(s), 28 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 17
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 10
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: ©Ž±#¥aI¶»
äG\Ê -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000345&p=ZLxdm378YYUS&si=2459-FT&a=qx7hFEhKI4J_p3.Eb23CXQ&n=2011111209 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: Explorer.exe,C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Intel (Trojan.Agent) -> Data: C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin (PUP.MyWebSearch) -> Data: C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|5516 (Trojan.Agent) -> Data: C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\mswauao.scr -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Documents and Settings\Compaq_Administrator\My Documents\My Music\iTunes\ac3filter_app_1200.exe (PUP.BundleOffers.IIQ) -> No action taken.
c:\documents and settings\compaq_administrator\application data\iyvgvo.scr (Worm.DorkBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\12F.exe.gonewiththewings (Trojan.Obfuscated) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\35D.exe.gonewiththewings (Trojan.Obfuscated) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_administrator\application data\cxvgvi.scr (Trojan.Ircbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\5.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

[SuperDave]

I had to reset my Internet security options to default in order to install the latest JAVA.  Should I leave it there?

Set it back to where it was.

Please run MBAM again. There was one infection not dealt with.
Files Detected: 6
C:\Documents and Settings\Compaq_Administrator\My Documents\My Music\iTunes\ac3filter_app_1200.exe (PUP.BundleOffers.IIQ) -> No action taken.

Please uninstall Winferno.

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.
************************************************************
Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  
• Double click the setup file to run it.
• Click Next to continue.
• Accept the License agreement and click on next.
• It will, by default, install it to your desktop folder. Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.
• Hidden Startup Objects
  
• System Memory
  
• Disk Boot Sectors.
  
• My Computer.
  
• Also any other drives (Removable that you may have)
  

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

[lemonlime]

Ran MBAM again and removed the PUP file.

Still getting those 5 or 6 error messages.

Cannot remove Winferno.  It deleted from Desktop, but it is still there in programs. When I tried the Hijack Uninstall tool, it does not show up as an option to remove.  I also saw it there during the scans.

mrt.exe said 4201 files were infected, however only one was on the report: Rogue:Win32/Fake Cog

The Kapersky tool must have changed; there was no option to check anything under Automatic Scan.  The scan did not find anything.

[SuperDave]

Cannot remove Winferno.  It deleted from Desktop, but it is still there in programs. When I tried the Hijack Uninstall tool, it does not show up as an option to remove.  I also saw it there during the scans.

Please try removing it with UnLocker or Revo Uninstaller.

You can download and install Unlocker .

Download Revo Uninstaller
* Open Revo and let the list populate (can take several seconds to finish).
* Right click what you want to uninstall and choose Uninstall
* Next choose Advanced then click Next
* This will (try to) launch the programs built in uninstaller and go through the normal uninstall process.
* If the uninstaller fails just continue on with the Revo instructions.
* Once complete: In Revo Uninstaller click Next and Revo will scan the registry for leftovers.
* This scan can take several seconds.
* Once the results are shown look at each one to ensure they are all related to the program that was uninstalled.
* Choose Select All then click Delete
* Click Next and Revo will scan for any files or folders that were not removed.
* If any files/folders are found choose Select all > Delete
********************************************************

The Kapersky tool must have changed; there was no option to check anything under Automatic Scan.

That's very possible.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply .

[lemonlime]

Unlocker or Revo did not find the file.

I think I made a mistake, though, because I could not get into Unlocker at first. After I ran Revo and did not see Winferno I went to All Programs.  It was there again and I deleted it.  There was no uninstall option. It deleted too fast for it to be a real delete; I think it just disappeared off the visible list of programs. So Unlocker did not find it either. 

Still a lot of websites in today's history that I did not go to.


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-20 22:51:03
-----------------------------
22:51:03.593    OS Version: Windows 5.1.2600 Service Pack 3
22:51:03.593    Number of processors: 1 586 0x2F02
22:51:03.593    ComputerName: YOUR-4DACD0EA75  UserName:
22:51:05.031    Initialize success
22:51:26.812    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
22:51:26.812    Disk 0 Vendor: WDC_WD2500JS-60NCB1 10.02E02 Size: 238475MB BusType: 3
22:51:26.859    Disk 0 MBR read successfully
22:51:26.859    Disk 0 MBR scan
22:51:26.859    Disk 0 unknown MBR code
22:51:26.859    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       230071 MB offset 63
22:51:26.890    Disk 0 Partition 2 00     0C    FAT32 LBA RECOVERY     8393 MB offset 471202515
22:51:26.890    Disk 0 scanning sectors +488392065
22:51:26.937    Disk 0 scanning C:\WINDOWS\system32\drivers
22:51:48.953    Service scanning
22:52:07.218    Modules scanning
22:52:18.500    Disk 0 trace - called modules:
22:52:18.531    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:52:18.531    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862b2ab8]
22:52:19.031    3 CLASSPNP.SYS[f7610fd7] -> nt!IofCallDriver -> \Device\00000078[0x86339f18]
22:52:19.031    5 ACPI.sys[f7487620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8632e940]
22:52:19.031    Scan finished successfully
22:52:42.078    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat"
22:52:42.265    The log file has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.txt"

[SuperDave]

We need to fix the infection found with aswMBR now

• Double click aswMBR.exe to run it like before
  
• Once the scan finishes click Fix to remove the infection as illustrated below
  

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  

[lemonlime]

Ran it again, scanned, but Fix was not clickable.

[SuperDave]

• Download RogueKiller on the desktop
  
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  
• Otherwise just double-click on RogueKiller.exe
  
• Pre-scan will start. Let it finish.
• Click on SCAN button.
  
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  

**********************************************************
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

[lemonlime]

RogueKiller prompted me to delete what was checked. You didn't say to do this, so I didn't.

RogueKiller V7.6.6 [08/10/2012]  by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Compaq_Administrator [Admin rights]
Mode: Scan -- Date: 08/22/2012 21:35:41

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] arpwrmsg.exe -- C:\WINDOWS\ARPWRMSG.EXE -> KILLED [TermProc]

¤¤¤ Registry Entries: 9 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Intel (C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe) -> FOUND
[SUSP PATH] HKCU\[...]\Run : Iyvgvo (C:\Documents and Settings\Compaq_Administrator\Application Data\Iyvgvo.scr) -> FOUND
[SUSP PATH] HKCU\[...]\Run : Cxvgvi (C:\Documents and Settings\Compaq_Administrator\Application Data\Cxvgvi.scr) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3642355760-1211948261-21286445-1008[...]\Run : Intel (C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3642355760-1211948261-21286445-1008[...]\Run : Iyvgvo (C:\Documents and Settings\Compaq_Administrator\Application Data\Iyvgvo.scr) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3642355760-1211948261-21286445-1008[...]\Run : Cxvgvi (C:\Documents and Settings\Compaq_Administrator\Application Data\Cxvgvi.scr) -> FOUND
[SUSP PATH] HKCU\[...]\Windows : load (C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3642355760-1211948261-21286445-1008[...]\Windows : load (C:\Documents and Settings\Compaq_Administrator\Application Data\Intel\Intel.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500JS-60NCB1 +++++
--- User ---
[MBR] 660fd9b99918e0b5a3661b8c69037b40
[BSP] 05e3161cf4ce79602881f99911e8893d : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 230071 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 471202515 | Size: 8393 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt





MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:         
Windows Version:      Windows XP Professional
Windows Information:      Service Pack 3 (build 2600)
Logical Drives Mask:      0x000001ec

Kernel Drivers (total 136):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E5000 \WINDOWS\system32\hal.dll
  0xF7A70000 \WINDOWS\system32\KDCOM.DLL
  0xF7980000 \WINDOWS\system32\BOOTVID.dll
  0xF7441000 ACPI.sys
  0xF7A72000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF7430000 pci.sys
  0xF7570000 isapnp.sys
  0xF7580000 ohci1394.sys
  0xF7590000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xF7B38000 pciide.sys
  0xF77F0000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF7A74000 viaide.sys
  0xF7A76000 intelide.sys
  0xF75A0000 MountMgr.sys
  0xF7411000 ftdisk.sys
  0xF7A78000 dmload.sys
  0xF73EB000 dmio.sys
  0xF77F8000 PartMgr.sys
  0xF75B0000 VolSnap.sys
  0xF7316000 iaStor.sys
  0xF72FE000 atapi.sys
  0xF72BB000 ftsata2.sys
  0xF72A3000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
  0xF75C0000 disk.sys
  0xF75D0000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF7283000 fltmgr.sys
  0xF7271000 sr.sys
  0xF7202000 mfehidk.sys
  0xF75E0000 bb-run.sys
  0xF75F0000 PxHelp20.sys
  0xF71EB000 KSecDD.sys
  0xF715E000 Ntfs.sys
  0xF7131000 NDIS.sys
  0xF7117000 Mup.sys
  0xF7620000 \SystemRoot\system32\DRIVERS\nic1394.sys
  0xF7720000 \SystemRoot\system32\DRIVERS\AmdK8.sys
  0xF7950000 \SystemRoot\system32\DRIVERS\aracpi.sys
  0xF6387000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xF6373000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF7958000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0xF634F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF7960000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF6236000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0xF6213000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF7AB2000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF7968000 \SystemRoot\System32\Drivers\Modem.SYS
  0xF61EB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF70D3000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
  0xF61A0000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
  0xF6169000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
  0xF7730000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF7970000 \SystemRoot\system32\DRIVERS\PS2.sys
  0xF7978000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF7AB4000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
  0xF70CF000 \SystemRoot\system32\DRIVERS\arpolicy.sys
  0xF7BD0000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF7740000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF7A08000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF6152000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF7750000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF7760000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF7800000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF6141000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF7770000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF6116000 \SystemRoot\system32\drivers\mfeavfk.sys
  0xF609C000 \SystemRoot\system32\drivers\mfefirek.sys
  0xF7840000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF7848000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF606C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xF7780000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF7850000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF7AB6000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF600E000 \SystemRoot\system32\DRIVERS\update.sys
  0xF7A24000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF7790000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF77A0000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF77B0000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
  0xF35FF000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xF35DB000 \SystemRoot\system32\drivers\portcls.sys
  0xF77C0000 \SystemRoot\system32\drivers\drmk.sys
  0xF7ABA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF7BAD000 \SystemRoot\System32\Drivers\Null.SYS
  0xF7ABC000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF7878000 \SystemRoot\System32\drivers\vga.sys
  0xF7ABE000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7AC0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF7880000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF7888000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF6106000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xF3558000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xF34FF000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xF34EA000 \SystemRoot\system32\drivers\mfetdi2k.sys
  0xF34C4000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF349C000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xF60F2000 \SystemRoot\System32\drivers\ws2ifsl.sys
  0xF347A000 \SystemRoot\System32\drivers\afd.sys
  0xF6A23000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF3458000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0xF7890000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0xF342D000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xF33BD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF69E3000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF69D3000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xF69C3000 \SystemRoot\system32\DRIVERS\arp1394.sys
  0xF5FFE000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xF69B3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xF7898000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF78A0000 \SystemRoot\system32\DRIVERS\arhidfltr.sys
  0xF78A8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xF5FFA000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xF7AC2000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
  0xF30D1000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
  0xF30AD000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xF3095000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF7AC8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xF35C7000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF78B8000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF7BF8000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\nv4_disp.dll
  0xBA5D4000 \??\C:\WINDOWS\system32\drivers\mbam.sys
  0xBA584000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB922B000 \SystemRoot\system32\drivers\wdmaud.sys
  0xBA528000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB9110000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xB8FB7000 \SystemRoot\System32\Drivers\HTTP.sys
  0xB8E6F000 \SystemRoot\system32\DRIVERS\srv.sys
  0xB8C17000 \SystemRoot\system32\drivers\cfwids.sys
  0xB8F27000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
  0xB7B1B000 \SystemRoot\system32\drivers\mfeapfk.sys
  0xB7BE7000 \SystemRoot\system32\drivers\mfebopk.sys
  0xB7AF0000 \SystemRoot\system32\drivers\kmixer.sys
  0xBA448000 \??\c:\windows\system32\drivers\TrueSight.sys
  0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 65):
       0 System Idle Process
       4 System
     740 C:\WINDOWS\system32\smss.exe
     816 csrss.exe
     840 C:\WINDOWS\system32\winlogon.exe
     884 C:\WINDOWS\system32\services.exe
     896 C:\WINDOWS\system32\lsass.exe
    1084 C:\WINDOWS\system32\svchost.exe
    1136 svchost.exe
    1228 C:\WINDOWS\system32\svchost.exe
    1272 svchost.exe
    1604 C:\WINDOWS\system32\spoolsv.exe
    1768 C:\WINDOWS\explorer.exe
     164 svchost.exe
     288 C:\Program Files\SUPERAntiSpyware\SASCore.exe
     296 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
     316 C:\WINDOWS\arservice.exe
     356 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
     416 C:\Program Files\Bonjour\mDNSResponder.exe
     540 C:\WINDOWS\ehome\ehrecvr.exe
     660 C:\WINDOWS\ehome\ehSched.exe
    1200 C:\Program Files\Java\jre7\bin\jqs.exe
    1256 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1292 C:\Program Files\Google\Update\GoogleUpdate.exe
    1300 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    1396 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    1488 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    1512 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    1704 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1812 C:\WINDOWS\system32\mfevtps.exe
    1924 C:\WINDOWS\system32\nvsvc32.exe
    1952 svchost.exe
    1764 svchost.exe
     260 C:\WINDOWS\system32\svchost.exe
     568 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2320 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    2372 mcrdsvc.exe
    2412 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3420 alg.exe
    3012 C:\WINDOWS\system32\svchost.exe
    3964 C:\Program Files\McAfee.com\Agent\mcagent.exe
    4092 C:\WINDOWS\system32\ctfmon.exe
    1364 C:\WINDOWS\ehome\ehtray.exe
    2748 C:\WINDOWS\RTHDCPL.EXE
    2852 C:\Program Files\DISC\DISCUpdMgr.exe
    2092 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    2868 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    2916 C:\Program Files\iTunes\iTunesHelper.exe
    2944 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    2952 C:\Program Files\Unlocker\UnlockerAssistant.exe
    2972 C:\Program Files\Messenger\msmsgs.exe
    2996 C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    2884 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    3308 C:\Program Files\OpenOffice.org 3\program\soffice.exe
    3372 C:\Program Files\OpenOffice.org 3\program\soffice.bin
     900 C:\Program Files\iPod\bin\iPodService.exe
    1108 C:\hp\KBD\kbd.exe
    3772 C:\WINDOWS\system\hpsysdrv.exe
    2688 C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    3492 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    2404 C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
    3000 RogueKiller.exe
    2196 C:\WINDOWS\system32\notepad.exe
    3208 C:\Program Files\Internet Explorer\iexplore.exe
    3716 C:\Documents and Settings\Compaq_Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`2bf5a600  (FAT32)

PhysicalDrive0 Model Number: WDCWD2500JS-60NCB1, Rev: 10.02E02

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CE B


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice:

Done!

[SuperDave]

Reboot your machine and when the Boot Menu flashes up - select "Microsoft Windows Recovery Console"
(you need to be very fast with the arrow key as you only have a couple of seconds before it defaults to the windows XP bootup)





When you get to the above screen, take note of the number that references your operating system.

If it's '1' like the picture above, type 1 and press Enter



Next type FIXMBR

If it ask if you're sure you want to write a new MBR, answer 'Y'

Then type EXIT to reboot the machine.

With that done, please post back and let me know how things are now.

[lemonlime]

I was having some trouble with Internet Explorer; would not open.

The FIXMBR took only a second, I got the completed successfully message right away: seemed too fast.

IE working now, but still getting the error messages when windows opens, strange websites in today's IE history.

[SuperDave]

Please run MBRCheck.exe as described in Reply # 22 and post the log.

[lemonlime]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:         
Windows Version:      Windows XP Professional
Windows Information:      Service Pack 3 (build 2600)
Logical Drives Mask:      0x000001ec

Kernel Drivers (total 135):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E5000 \WINDOWS\system32\hal.dll
  0xF7AB0000 \WINDOWS\system32\KDCOM.DLL
  0xF79C0000 \WINDOWS\system32\BOOTVID.dll
  0xF7481000 ACPI.sys
  0xF7AB2000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF7470000 pci.sys
  0xF75B0000 isapnp.sys
  0xF75C0000 ohci1394.sys
  0xF75D0000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xF7B78000 pciide.sys
  0xF7830000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF7AB4000 viaide.sys
  0xF7AB6000 intelide.sys
  0xF75E0000 MountMgr.sys
  0xF7451000 ftdisk.sys
  0xF7AB8000 dmload.sys
  0xF742B000 dmio.sys
  0xF7838000 PartMgr.sys
  0xF75F0000 VolSnap.sys
  0xF7356000 iaStor.sys
  0xF733E000 atapi.sys
  0xF72FB000 ftsata2.sys
  0xF72E3000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
  0xF7600000 disk.sys
  0xF7610000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF72C3000 fltmgr.sys
  0xF72B1000 sr.sys
  0xF7242000 mfehidk.sys
  0xF7620000 bb-run.sys
  0xF7630000 PxHelp20.sys
  0xF722B000 KSecDD.sys
  0xF719E000 Ntfs.sys
  0xF7171000 NDIS.sys
  0xF7157000 Mup.sys
  0xF7660000 \SystemRoot\system32\DRIVERS\nic1394.sys
  0xF76F0000 \SystemRoot\system32\DRIVERS\AmdK8.sys
  0xF7880000 \SystemRoot\system32\DRIVERS\aracpi.sys
  0xF6518000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xF6504000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF7888000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0xF64E0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF7890000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF63C7000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0xF63A4000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF7AF0000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF7898000 \SystemRoot\System32\Drivers\Modem.SYS
  0xF637C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF711B000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
  0xF6331000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
  0xF62FA000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
  0xF7700000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF78A0000 \SystemRoot\system32\DRIVERS\PS2.sys
  0xF78A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF7AF2000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
  0xF7117000 \SystemRoot\system32\DRIVERS\arpolicy.sys
  0xF7C44000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF7710000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF7113000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF62E3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF7720000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF7730000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF78B0000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF62D2000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF7740000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF62A7000 \SystemRoot\system32\drivers\mfeavfk.sys
  0xF622D000 \SystemRoot\system32\drivers\mfefirek.sys
  0xF78B8000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF78C0000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF61FD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xF7750000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF78C8000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF7AF4000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF619F000 \SystemRoot\system32\DRIVERS\update.sys
  0xF7A5C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF7760000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF7770000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF7780000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
  0xF2A40000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xF2A1C000 \SystemRoot\system32\drivers\portcls.sys
  0xF7790000 \SystemRoot\system32\drivers\drmk.sys
  0xF7AF8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF7C9C000 \SystemRoot\System32\Drivers\Null.SYS
  0xF7AFA000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF78F0000 \SystemRoot\System32\drivers\vga.sys
  0xF7AFC000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7AFE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF78F8000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF7900000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF6293000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xF2999000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xF2940000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xF292B000 \SystemRoot\system32\drivers\mfetdi2k.sys
  0xF2905000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF28DD000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xF6283000 \SystemRoot\System32\drivers\ws2ifsl.sys
  0xF28BB000 \SystemRoot\System32\drivers\afd.sys
  0xF77C0000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF2899000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0xF7908000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0xF286E000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xF27FE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF7800000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF7810000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xF7820000 \SystemRoot\system32\DRIVERS\arp1394.sys
  0xF618F000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xF6A74000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xF7910000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF7918000 \SystemRoot\system32\DRIVERS\arhidfltr.sys
  0xF7920000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xF618B000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xF7B00000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
  0xF2778000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
  0xF2754000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xF273C000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF7B06000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xF2A08000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF7930000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF7CBC000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\nv4_disp.dll
  0xBA5D4000 \??\C:\WINDOWS\system32\drivers\mbam.sys
  0xBA580000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB922B000 \SystemRoot\system32\drivers\wdmaud.sys
  0xB9368000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB90E8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xB8F8F000 \SystemRoot\System32\Drivers\HTTP.sys
  0xB8E6F000 \SystemRoot\system32\DRIVERS\srv.sys
  0xB87C3000 \SystemRoot\system32\drivers\mfeapfk.sys
  0xB89DF000 \SystemRoot\system32\drivers\mfebopk.sys
  0xB8D47000 \SystemRoot\system32\drivers\cfwids.sys
  0xB93A8000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
  0xB5BC9000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 69):
       0 System Idle Process
       4 System
     732 C:\WINDOWS\system32\smss.exe
     804 csrss.exe
     828 C:\WINDOWS\system32\winlogon.exe
     876 C:\WINDOWS\system32\services.exe
     888 C:\WINDOWS\system32\lsass.exe
    1076 C:\WINDOWS\system32\svchost.exe
    1128 svchost.exe
    1220 C:\WINDOWS\system32\svchost.exe
    1264 svchost.exe
    1672 C:\WINDOWS\explorer.exe
    1752 C:\WINDOWS\system32\spoolsv.exe
     156 svchost.exe
     284 C:\Program Files\SUPERAntiSpyware\SASCore.exe
     300 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
     320 C:\WINDOWS\arservice.exe
     360 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
     396 C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
     420 C:\Program Files\Bonjour\mDNSResponder.exe
     544 C:\WINDOWS\ehome\ehrecvr.exe
     648 C:\WINDOWS\ehome\ehSched.exe
    1204 C:\Program Files\Java\jre7\bin\jqs.exe
    1248 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1344 C:\Program Files\Google\Update\GoogleUpdate.exe
    1380 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    1272 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    1408 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    1508 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    1592 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1620 C:\WINDOWS\system32\mfevtps.exe
    1864 C:\WINDOWS\system32\nvsvc32.exe
    1916 svchost.exe
    2020 svchost.exe
     604 C:\WINDOWS\system32\svchost.exe
     500 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    1048 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    2140 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    2280 mcrdsvc.exe
    2596 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3108 alg.exe
    3744 wmiprvse.exe
    3100 C:\WINDOWS\ehome\ehtray.exe
    3204 C:\WINDOWS\system32\svchost.exe
    3284 C:\WINDOWS\RTHDCPL.EXE
    3292 C:\WINDOWS\arpwrmsg.exe
    1412 C:\Program Files\DISC\DISCUpdMgr.exe
    3380 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    3388 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    3404 C:\Program Files\McAfee.com\Agent\mcagent.exe
    3332 C:\Program Files\iTunes\iTunesHelper.exe
    3464 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    3480 C:\Program Files\Unlocker\UnlockerAssistant.exe
    3496 C:\WINDOWS\system32\ctfmon.exe
    3540 C:\Program Files\Messenger\msmsgs.exe
    3596 C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    3628 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    3732 C:\Program Files\iPod\bin\iPodService.exe
    3772 C:\Program Files\OpenOffice.org 3\program\soffice.exe
    2248 C:\Program Files\OpenOffice.org 3\program\soffice.bin
    3952 C:\hp\KBD\kbd.exe
     392 C:\Program Files\Internet Explorer\iexplore.exe
    4024 C:\Program Files\DoNotTrackPlus\IE\DNTPService.exe
    2976 C:\Program Files\Internet Explorer\iexplore.exe
    3604 C:\WINDOWS\system\hpsysdrv.exe
    2332 C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    4092 C:\Program Files\Internet Explorer\iexplore.exe
     372 C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
    2300 C:\Documents and Settings\Compaq_Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`2bf5a600  (FAT32)

PhysicalDrive0 Model Number: WDCWD2500JS-60NCB1, Rev: 10.02E02

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644 A


Done!

[SuperDave]

How's the computer running now?

[lemonlime]

Still getting the error messages and websites in history.  When I turn off the PC I get the message: CiceroU1Wind not responding. I have to end task about 6 times before it goes away.

Remember, I was never able to uninstall Winferno, maybe that's part of the problem?

McAfee is not automatically turning on virus protection.  It tells me I have to turn it on. Also McAfee does not seem to have the Parental Control settings which I need.  I do not want access to X rated sites. Should I switch to Norton?