1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved IE Pop-Up Ads

Discussion in 'Malware and Virus Removal Archive' started by latemodelsedan, 2010/12/01.

Page 1 of 2
  1. 2010/12/01
    latemodelsedan

    latemodelsedan Well-Known Member Thread Starter

    Joined:
    2010/12/01
    Messages:
    40
    Likes Received:
    0
    [Resolved] IE Pop-Up Ads

    good evening. having an issue with ie pop ups even though i use firefox primarily as my browser. i did a pretty tedious search before posting this and tried several methods to resolve this issue. i found that some of the tools recommended in other threads did not work for me particularly Combofix which apparently does not support a 64-Bit Vista OS. i have also run a complete AVG scan as well as a Malwarebytes scan and they havent found anything. i presumed starting off here with a DDS log was best. ive read in other posts that the log should also be attached to the post but i do not see an option to do so. maybe im overlooking it. if someone can direct me i will gladly zip it up and add it. please forgive anything i may have left out as i'm new here and although i like to think im pretty tech savvy im sure nowhere near some of you guys. any help is greatly appreciated. thanks in advance.


    DDS (Ver_10-11-27.01) - NTFS_AMD64
    Run by **** at 20:50:03.03 on Wed 12/01/2010
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_12
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2255 [GMT -5:00]

    AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

    ============== Running Processes ===============

    C:\Windows\SYSTEM32\wininit.exe
    C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
    C:\Windows\system32\agr64svc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\SysWOW64\ASTSRV.EXE
    C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    C:\Program Files (x86)\AVG\AVG9\avgam.exe
    C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\nlsInterface.exe
    C:\Program Files (x86)\Novosoft\Handy Backup\BackupNetworkCoordinator.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\SYSTEM32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SYSTEM32\taskeng.exe
    C:\Windows\RAVCpl64.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
    C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Bret\Desktop\dds.com
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.aol.com/
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=1006&m=aspire_x1700
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=1006&m=aspire_x1700
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=1006&m=aspire_x1700
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    uRun: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
    uRun: [Google Update] "C:\Users\Bret\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [JP595IR86O] C:\Users\Bret\AppData\Local\Temp\Idd.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe "
    mRun: [DT ACR] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -ACR
    mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    mRun: [<NO NAME>]
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe "
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe "
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1241289195610
    DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    TB-X64: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    TB-X64: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    mRun-x64: [RtHDVCpl] "RAVCpl64.exe "
    mRun-x64: [Skytel] "Skytel.exe "
    AppInit_DLLs-X64: avgrssta.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    Hosts: 216.55.133.9 handybackup.com www.handybackup.com www.softlogica.com softlogica.com

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\
    FF - prefs.js: browser.search.selectedEngine - eBay
    FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=wn
    FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
    FF - component: C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
    FF - plugin: C:\Users\Bret\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Users\Bret\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Users\Bret\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Bret\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Users\Bret\AppData\Roaming\Mozilla\plugins\npPxPlay.dll
    FF - plugin: C:\Users\Bret\Program Files (x86)\DNA\plugins\npbtdna.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Kodak EasyShare Gallery Companion: kodak-companion@mozilla.com - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\kodak-companion@mozilla.com
    FF - Extension: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
    FF - Extension: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Gradient iCool: {de5809e0-2b07-11dd-bd0b-0800200c9a66} - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
    FF - Extension: Gradient iBlu: {bf70ba50-e70d-11dd-ba2f-0800200c9a66} - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\{bf70ba50-e70d-11dd-ba2f-0800200c9a66}
    FF - Extension: Hide Google Options: googleoptions@bruceclay.com - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\googleoptions@bruceclay.com
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Extension: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - C:\Program Files (x86)\Google\Google Gears\Firefox
    FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG9\Firefox

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    ============= SERVICES / DRIVERS ===============

    R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\drivers\avgrkx64.sys [2010-4-21 56008]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-2-28 55856]
    R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2010-9-12 27120]
    R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2010-9-12 19952]
    R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-4-21 269904]
    R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-4-21 35536]
    R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-4-21 317520]
    R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2010-9-12 27632]
    R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200]
    R2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-6-23 921952]
    R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-6-23 308136]
    R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-7-14 32240]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-3-3 16384]
    R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2009-3-13 24576]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-12-16 187416]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2009-3-11 236368]
    R2 nlscc;Nalpeiron X64 Service;C:\Windows\System32\nlsInterface.EXE [2010-5-6 72192]
    R2 NovosoftBackupNetworkCoordinator;Novosoft Backup Network Coordinator;C:\Program Files (x86)\Novosoft\Handy Backup\BackupNetworkCoordinator.exe [2008-10-31 32856]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-4-25 45056]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-4-25 131072]
    R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-3-30 90112]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-1-11 240232]
    R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-11-20 2011944]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-3-4 24652]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2008-12-16 30232]
    R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2009-3-5 50072]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-3-26 22104]
    R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-5-24 626176]
    S2 .1160484212SsTR;1160484212SsTR;C:\ProgramData\Webroot\Bret6780119.exe [2009-6-1 343435]
    S2 ASTSRV;Nalpeiron Licensing Service;C:\Windows\system32\ASTSRV.EXE --> C:\Windows\system32\ASTSRV.EXE [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 135664]
    S2 KMService;KMService;C:\Windows\system32\srvany.exe --> C:\Windows\system32\srvany.exe [?]
    S2 RoxLiveShare10;LiveShare P2P Server 10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288]
    S2 SessionLauncher;SessionLauncher;C:\Users\Bret\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\Bret\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
    S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2009-3-30 16776]
    S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2009-3-30 9096]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2009-11-12 1527900]
    S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    S3 ITEIO.SYS;ITEIO.SYS;C:\Windows\System32\drivers\ITEIO.sys [2006-10-10 13144]
    S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2009-3-5 1381528]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-3-5 1133848]
    S3 LVUVC64;QuickCam Communicate Deluxe(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-3-5 5965080]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
    S3 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2007-1-25 40208]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-3-13 56352]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11; "C:\Program Files (x86)\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" --> C:\Program Files (x86)\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [?]
    S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-1-21 89920]

    =============== Created Last 30 ================

    2010-12-01 22:31:59 -------- d-----w- C:\_OTM
    2010-12-01 12:36:40 388096 ----a-r- C:\Users\Bret\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-01 12:36:40 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2010-12-01 10:46:54 176640 ----a-w- C:\Windows\Igawaa.exe
    2010-12-01 10:32:27 -------- d-----w- C:\Program Files (x86)\Your Uninstaller 2010
    2010-12-01 10:01:15 -------- d-----w- C:\Users\Bret\AppData\Roaming\Athentech
    2010-12-01 09:57:00 -------- d-----w- C:\Program Files\Athentech
    2010-12-01 09:57:00 -------- d-----w- C:\Program Files (x86)\Athentech
    2010-12-01 09:46:15 -------- d-----w- C:\PROGRA~3\Mr Retro
    2010-12-01 09:44:53 -------- d-----w- C:\Program Files (x86)\MW Vol 4 Washes Folder
    2010-11-21 12:49:22 -------- d-----w- C:\Windows\XSxS
    2010-11-21 12:49:22 -------- d-----w- C:\Program Files (x86)\Xenocode
    2010-11-21 00:58:12 -------- d-----w- C:\Users\Bret\AppData\Roaming\TeamViewer
    2010-11-21 00:58:08 -------- d-----w- C:\Program Files (x86)\TeamViewer
    2010-11-11 01:08:06 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
    2010-11-11 01:04:57 52568 ----a-r- C:\Windows\System32\AdobePDF.dll
    2010-11-06 13:04:00 -------- d-sh--w- C:\found.001
    2010-11-04 20:40:30 179 ----a-w- C:\Users\Bret\AppData\Roaming\dkfjasdfshd.bat
    2010-11-04 18:11:52 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2010-11-04 18:11:52 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2010-11-04 18:11:52 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2010-11-04 18:11:26 -------- d-----w- C:\Program Files\iPod
    2010-11-04 18:11:25 -------- d-----w- C:\Program Files\iTunes
    2010-11-04 18:11:25 -------- d-----w- C:\Program Files (x86)\iTunes
    2010-11-04 18:11:25 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2010-11-04 18:07:44 -------- d-----w- C:\Program Files\Bonjour
    2010-11-04 18:07:44 -------- d-----w- C:\Program Files (x86)\Bonjour

    ==================== Find3M ====================

    2010-10-04 12:13:30 64512 ----a-w- C:\Windows\SysWow64\nlssrv32.exe
    2010-10-04 12:13:30 64512 ----a-w- C:\Windows\System32\nlssrv32.exe
    2010-09-25 18:43:14 1724416 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
    2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-08 19:23:12 1032192 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 17:50:13 485376 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 17:23:42 78336 ----a-w- C:\Windows\SysWow64\ieencode.dll
    2010-09-08 17:07:35 834048 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 16:43:11 86528 ----a-w- C:\Windows\System32\ieencode.dll
    2010-09-08 15:23:27 389632 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 15:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-09-08 15:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-09-06 18:28:38 179712 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-09-06 18:28:38 12288 ----a-w- C:\Windows\System32\sscore.dll
    2010-09-06 18:27:03 17920 ----a-w- C:\Windows\System32\netevent.dll
    2010-09-06 16:20:29 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-09-06 16:19:06 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
    2010-09-06 15:34:14 451584 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-09-06 15:33:51 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-09-06 15:33:49 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2007-07-11 21:15:54 2334720 ----a-w- C:\Program Files (x86)\MachineWashVol4.8bf

    ============= FINISH: 20:50:42.00 ===============
     
    latemodelsedan,
    #1
  2. 2010/12/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, read this post, then post the requested log(s).

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/12/01
    latemodelsedan

    latemodelsedan Well-Known Member Thread Starter

    Joined:
    2010/12/01
    Messages:
    40
    Likes Received:
    0
    MBAM Log:

    Malwarebytes' Anti-Malware 1.44
    Database version: 3510
    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    12/1/2010 10:45:20 PM
    mbam-log-2010-12-01 (22-45-20).txt

    Scan type: Quick Scan
    Objects scanned: 103283
    Time elapsed: 4 minute(s), 27 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER Log:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-01 23:09:08
    Windows 6.0.6002 Service Pack 2
    Running: 2gicmlzf.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC8 0xE4 0x33 0x80 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC8 0xE4 0x33 0x80 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F8838C75-4C4C-F903-52B7-0146BC8D3D21}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F8838C75-4C4C-F903-52B7-0146BC8D3D21}@oapllocbfoffjckelobfoiobjjkgmi 0x6A 0x61 0x67 0x6A ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F8838C75-4C4C-F903-52B7-0146BC8D3D21}@najlncgkllmhmkoadaijlaphgnol 0x6A 0x61 0x64 0x6A ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F8838C75-4C4C-F903-52B7-0146BC8D3D21}@oadllmiahiemkpdbcjicdpnpbelgom 0x64 0x61 0x64 0x6A ...

    ---- EOF - GMER 1.0.15 ----


    MBRCheck Log:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: Acer
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: Acer
    System Product Name: Aspire X1700
    Logical Drives Mask: 0x000003ec

    Kernel Drivers (total 174):
    0x02260000 \SystemRoot\system32\ntoskrnl.exe
    0x0221A000 \SystemRoot\system32\hal.dll
    0x00601000 \SystemRoot\system32\kdcom.dll
    0x0060B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00646000 \SystemRoot\system32\PSHED.dll
    0x0065A000 \SystemRoot\system32\CLFS.SYS
    0x006B7000 \SystemRoot\system32\CI.dll
    0x00809000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E3000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00A04000 \SystemRoot\System32\Drivers\spuz.sys
    0x00B38000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x00B41000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x00B6F000 \SystemRoot\system32\drivers\acpi.sys
    0x00BC5000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00BCF000 \SystemRoot\system32\drivers\pci.sys
    0x008F1000 \SystemRoot\System32\drivers\partmgr.sys
    0x00906000 \SystemRoot\system32\drivers\volmgr.sys
    0x0091A000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00980000 \SystemRoot\system32\drivers\pciide.sys
    0x00987000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x00997000 \SystemRoot\System32\drivers\mountmgr.sys
    0x009AA000 \SystemRoot\System32\Drivers\UBHelper.sys
    0x009B2000 \SystemRoot\system32\drivers\atapi.sys
    0x009BA000 \SystemRoot\system32\drivers\ataport.SYS
    0x00769000 \SystemRoot\system32\DRIVERS\nvstor64.sys
    0x00795000 \SystemRoot\system32\DRIVERS\storport.sys
    0x00C0F000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00C56000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00C6A000 \SystemRoot\system32\DRIVERS\psdfilter.sys
    0x00C73000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x00C80000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00E0C000 \SystemRoot\system32\drivers\ndis.sys
    0x00D07000 \SystemRoot\system32\drivers\msrpc.sys
    0x00D57000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0100C000 \SystemRoot\System32\drivers\tcpip.sys
    0x01182000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01205000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01385000 \SystemRoot\system32\drivers\wd.sys
    0x0138D000 \SystemRoot\system32\drivers\volsnap.sys
    0x013D1000 \SystemRoot\System32\Drivers\spldr.sys
    0x013D9000 \SystemRoot\System32\Drivers\Saibad64.sys
    0x013E2000 \SystemRoot\System32\Drivers\Sahdad64.sys
    0x013ED000 \SystemRoot\System32\Drivers\mup.sys
    0x011AE000 \SystemRoot\System32\drivers\ecache.sys
    0x011DA000 \SystemRoot\system32\drivers\disk.sys
    0x00FCF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x011EE000 \SystemRoot\system32\drivers\crcdisk.sys
    0x00DB0000 \SystemRoot\System32\Drivers\avgrkx64.sys
    0x00C00000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x009DE000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x02A0D000 \SystemRoot\system32\DRIVERS\serial.sys
    0x02A2A000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x02A4C000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x02A58000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x02A63000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x02AA9000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x02ABA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x02C0D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x03934000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x03A0B000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03AEE000 \SystemRoot\System32\drivers\watchdog.sys
    0x03C06000 \SystemRoot\system32\DRIVERS\agrsm64.sys
    0x03D42000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x03D44000 \SystemRoot\system32\drivers\modem.sys
    0x03D53000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x03D65000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x03D75000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x03D91000 \SystemRoot\system32\Drivers\NTIDrvr.sys
    0x03D99000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x03E02000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
    0x03F6F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x03F78000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x03FB1000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03FBE000 \SystemRoot\System32\Drivers\RootMdm.sys
    0x03FC6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03FE9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x03DA6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x03DD7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x03AFE000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x03DE7000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x03B1C000 \SystemRoot\System32\Drivers\pcouffin.sys
    0x03FF5000 \SystemRoot\system32\DRIVERS\PdiPorts.sys
    0x03B31000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
    0x03B39000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03B4C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x03FFE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x03B5A000 \SystemRoot\system32\DRIVERS\ks.sys
    0x03B8E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03B99000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x03BA9000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x03936000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04403000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x0456D000 \SystemRoot\system32\drivers\portcls.sys
    0x045A8000 \SystemRoot\system32\drivers\drmk.sys
    0x045CB000 \SystemRoot\system32\drivers\ksthunk.sys
    0x045D1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x045DB000 \SystemRoot\System32\Drivers\Null.SYS
    0x045EF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x0394A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x03BF1000 \SystemRoot\System32\drivers\vga.sys
    0x03960000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x045F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x045E4000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x03A00000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x03985000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x03996000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x0399F000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02BA7000 \SystemRoot\System32\Drivers\avgtdia.sys
    0x039BC000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x04600000 \SystemRoot\system32\DRIVERS\smb.sys
    0x04808000 \SystemRoot\system32\DRIVERS\kl1.sys
    0x04D2F000 \SystemRoot\system32\drivers\afd.sys
    0x04D9A000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x04DB8000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x04DC7000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x04DE2000 \SystemRoot\System32\Drivers\SCDEmu.SYS
    0x04DF4000 \SystemRoot\System32\Drivers\SaibVdAd64.sys
    0x0461B000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x04668000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x04674000 \SystemRoot\System32\Drivers\dfsc.sys
    0x04800000 \SystemRoot\System32\Drivers\avgmfx64.sys
    0x04691000 \SystemRoot\System32\Drivers\avgldx64.sys
    0x046D8000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x046E1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x046F3000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
    0x046FC000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x04707000 \SystemRoot\system32\DRIVERS\netr7364.sys
    0x047A7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x047C3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x047CE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x00DBD000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x047E6000 \SystemRoot\system32\drivers\RTSTOR64.SYS
    0x02C00000 \SystemRoot\system32\drivers\LVUSBS64.sys
    0x02A36000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x02A00000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x00DD9000 \SystemRoot\system32\DRIVERS\dot4usb.sys
    0x04E0F000 \SystemRoot\system32\DRIVERS\Dot4.sys
    0x04E37000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
    0x04E41000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x04E4F000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x04E59000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
    0x000C0000 \SystemRoot\System32\win32k.sys
    0x04E85000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04E91000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00490000 \SystemRoot\System32\TSDDD.dll
    0x006E0000 \SystemRoot\System32\cdd.dll
    0x00840000 \SystemRoot\System32\ATMFD.DLL
    0x04EA4000 \SystemRoot\system32\drivers\luafv.sys
    0x04EC6000 \SystemRoot\system32\drivers\spsys.sys
    0x04F60000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x04F74000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x04FA8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x04FB3000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x09802000 \SystemRoot\system32\drivers\HTTP.sys
    0x098A5000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x098CE000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x098EC000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x09906000 \SystemRoot\system32\drivers\mrxdav.sys
    0x0992D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x09956000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0999F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x099BE000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x09A0E000 \SystemRoot\System32\DRIVERS\srv.sys
    0x09AA2000 \SystemRoot\System32\Drivers\adfs.SYS
    0x09ABA000 \??\C:\Windows\SysWOW64\drivers\int15_64.sys
    0x09AD2000 \SystemRoot\system32\drivers\peauth.sys
    0x09B88000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
    0x09B91000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
    0x09BA4000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x09BAF000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x09BBF000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
    0x09BC9000 \??\C:\Windows\system32\drivers\mbam.sys
    0x77A40000 \Windows\System32\ntdll.dll

    Processes (total 87):
    0 System Idle Process
    4 System
    572 C:\Windows\System32\smss.exe
    652 csrss.exe
    696 C:\Windows\System32\wininit.exe
    716 csrss.exe
    724 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    732 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    756 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    816 C:\Windows\System32\services.exe
    828 C:\Windows\System32\lsass.exe
    836 C:\Windows\System32\lsm.exe
    992 C:\Windows\System32\winlogon.exe
    860 C:\Windows\System32\svchost.exe
    644 C:\Windows\System32\nvvsvc.exe
    1036 C:\Windows\System32\svchost.exe
    1164 C:\Windows\System32\svchost.exe
    1196 C:\Windows\System32\svchost.exe
    1212 C:\Windows\System32\svchost.exe
    1316 C:\Windows\System32\audiodg.exe
    1356 C:\Windows\System32\SLsvc.exe
    1396 C:\Windows\System32\svchost.exe
    1552 C:\Windows\System32\nvvsvc.exe
    1580 C:\Windows\System32\svchost.exe
    1804 C:\Windows\System32\spoolsv.exe
    1828 C:\Windows\System32\svchost.exe
    1492 C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
    1600 C:\Windows\System32\agr64svc.exe
    656 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1232 C:\Windows\SysWOW64\ASTSRV.EXE
    1952 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    544 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2116 C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
    2140 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    2168 C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    2276 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    2308 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    2348 C:\Program Files (x86)\AVG\AVG9\avgam.exe
    2372 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    2568 C:\Windows\SysWOW64\svchost.exe
    2644 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    2668 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    2684 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    2712 LVPrS64H.exe
    2764 C:\Windows\System32\svchost.exe
    2788 C:\Windows\System32\nlsInterface.EXE
    2812 C:\Program Files (x86)\Novosoft\Handy Backup\BackupNetworkCoordinator.exe
    2876 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    2924 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2948 C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    2988 C:\Windows\System32\svchost.exe
    3016 C:\Windows\System32\svchost.exe
    3152 C:\Windows\System32\dwm.exe
    3172 C:\Windows\System32\taskeng.exe
    3216 C:\Windows\explorer.exe
    3248 C:\Windows\System32\taskeng.exe
    3324 C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    3332 C:\Windows\Igawaa.exe
    3344 C:\Windows\System32\taskeng.exe
    3528 C:\Windows\RAVCpl64.exe
    3544 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3616 C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
    3652 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    3696 C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe
    3712 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    3776 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3796 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    3744 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    3600 C:\Windows\System32\svchost.exe
    3924 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    2848 C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
    4048 C:\Windows\System32\svchost.exe
    4092 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    3308 C:\Windows\System32\SearchIndexer.exe
    2456 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    3088 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    3508 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    4184 C:\Program Files\iPod\bin\iPodService.exe
    4668 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    4692 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2580 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    4472 C:\Windows\System32\wuauclt.exe
    5724 C:\Windows\System32\SearchProtocolHost.exe
    5316 C:\Windows\System32\SearchFilterHost.exe
    4320 dllhost.exe
    5488 dllhost.exe
    1292 C:\Users\Bret\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c0100000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000004c`25101800 (NTFS)
    \\.\G: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)
    \\.\H: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
    \\.\I: --> \\.\PhysicalDrive3 at offset 0x0000005c`06a00000 (NTFS)
    \\.\J: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0
    PhysicalDrive3 Model Number: Maxtor2, Rev: 0344
    PhysicalDrive2 Model Number: WD10EAVS External, Rev: 1.65
    PhysicalDrive1 Model Number: WD10EADS External, Rev: 1.75

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 1F8DD7C201E227219CB332E16FEC0A079DE3B3C3
    465 GB \\.\PhysicalDrive3 RE: Unknown MBR code
    SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6
    931 GB \\.\PhysicalDrive2 MBR Code Faked!
    SHA1: 9101D37518859D93944B827A8E4673AB820D53F7
    931 GB \\.\PhysicalDrive1 RE: Windows 98 MBR code detected
    SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!

    DDS Logs:


    DDS (Ver_10-11-27.01) - NTFS_AMD64
    Run by Bret at 23:10:41.08 on Wed 12/01/2010
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_12
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2385 [GMT -5:00]

    AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

    ============== Running Processes ===============

    C:\Windows\SYSTEM32\wininit.exe
    C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
    C:\Windows\system32\agr64svc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\SysWOW64\ASTSRV.EXE
    C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    C:\Program Files (x86)\AVG\AVG9\avgam.exe
    C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\nlsInterface.exe
    C:\Program Files (x86)\Novosoft\Handy Backup\BackupNetworkCoordinator.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\Dwm.exe
    C:\Windows\SYSTEM32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SYSTEM32\taskeng.exe
    C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Windows\Igawaa.exe
    C:\Windows\SYSTEM32\taskeng.exe
    C:\Windows\RAVCpl64.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Bret\Desktop\dds.com
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.aol.com/
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=1006&m=aspire_x1700
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=1006&m=aspire_x1700
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=1006&m=aspire_x1700
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    uRun: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
    uRun: [Google Update] "C:\Users\Bret\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [JP595IR86O] C:\Users\Bret\AppData\Local\Temp\Idd.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe "
    mRun: [DT ACR] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -ACR
    mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    mRun: [<NO NAME>]
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe "
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe "
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1241289195610
    DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    TB-X64: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    TB-X64: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    mRun-x64: [RtHDVCpl] "RAVCpl64.exe "
    mRun-x64: [Skytel] "Skytel.exe "
    AppInit_DLLs-X64: avgrssta.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    Hosts: 216.55.133.9 handybackup.com www.handybackup.com www.softlogica.com softlogica.com

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\
    FF - prefs.js: browser.search.selectedEngine - eBay
    FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=wn
    FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
    FF - component: C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
    FF - plugin: C:\Users\Bret\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Users\Bret\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Users\Bret\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Bret\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Users\Bret\AppData\Roaming\Mozilla\plugins\npPxPlay.dll
    FF - plugin: C:\Users\Bret\Program Files (x86)\DNA\plugins\npbtdna.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Kodak EasyShare Gallery Companion: kodak-companion@mozilla.com - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\kodak-companion@mozilla.com
    FF - Extension: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
    FF - Extension: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Gradient iCool: {de5809e0-2b07-11dd-bd0b-0800200c9a66} - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
    FF - Extension: Gradient iBlu: {bf70ba50-e70d-11dd-ba2f-0800200c9a66} - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\{bf70ba50-e70d-11dd-ba2f-0800200c9a66}
    FF - Extension: Hide Google Options: googleoptions@bruceclay.com - C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\googleoptions@bruceclay.com
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Extension: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - C:\Program Files (x86)\Google\Google Gears\Firefox
    FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG9\Firefox

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    ============= SERVICES / DRIVERS ===============

    R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\drivers\avgrkx64.sys [2010-4-21 56008]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-2-28 55856]
    R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2010-9-12 27120]
    R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2010-9-12 19952]
    R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-4-21 269904]
    R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-4-21 35536]
    R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-4-21 317520]
    R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2010-9-12 27632]
    R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200]
    R2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-6-23 921952]
    R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-6-23 308136]
    R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-7-14 32240]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-3-3 16384]
    R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2009-3-13 24576]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-12-16 187416]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2009-3-11 236368]
    R2 nlscc;Nalpeiron X64 Service;C:\Windows\System32\nlsInterface.EXE [2010-5-6 72192]
    R2 NovosoftBackupNetworkCoordinator;Novosoft Backup Network Coordinator;C:\Program Files (x86)\Novosoft\Handy Backup\BackupNetworkCoordinator.exe [2008-10-31 32856]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-4-25 45056]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-4-25 131072]
    R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-3-30 90112]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-1-11 240232]
    R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-11-20 2011944]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-3-4 24652]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2008-12-16 30232]
    R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2009-3-5 50072]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-3-26 22104]
    R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-5-24 626176]
    S2 .1160484212SsTR;1160484212SsTR;C:\ProgramData\Webroot\Bret6780119.exe [2009-6-1 343435]
    S2 ASTSRV;Nalpeiron Licensing Service;C:\Windows\system32\ASTSRV.EXE --> C:\Windows\system32\ASTSRV.EXE [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 135664]
    S2 KMService;KMService;C:\Windows\system32\srvany.exe --> C:\Windows\system32\srvany.exe [?]
    S2 RoxLiveShare10;LiveShare P2P Server 10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288]
    S2 SessionLauncher;SessionLauncher;C:\Users\Bret\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\Bret\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
    S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2009-3-30 16776]
    S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2009-3-30 9096]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2009-11-12 1527900]
    S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    S3 ITEIO.SYS;ITEIO.SYS;C:\Windows\System32\drivers\ITEIO.sys [2006-10-10 13144]
    S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2009-3-5 1381528]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-3-5 1133848]
    S3 LVUVC64;QuickCam Communicate Deluxe(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-3-5 5965080]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
    S3 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2007-1-25 40208]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-3-13 56352]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11; "C:\Program Files (x86)\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" --> C:\Program Files (x86)\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [?]
    S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-1-21 89920]

    =============== Created Last 30 ================

    2010-12-01 22:31:59 -------- d-----w- C:\_OTM
    2010-12-01 12:36:40 388096 ----a-r- C:\Users\Bret\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-01 12:36:40 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2010-12-01 10:46:54 176640 ----a-w- C:\Windows\Igawaa.exe
    2010-12-01 10:32:27 -------- d-----w- C:\Program Files (x86)\Your Uninstaller 2010
    2010-12-01 10:01:15 -------- d-----w- C:\Users\Bret\AppData\Roaming\Athentech
    2010-12-01 09:57:00 -------- d-----w- C:\Program Files\Athentech
    2010-12-01 09:57:00 -------- d-----w- C:\Program Files (x86)\Athentech
    2010-12-01 09:46:15 -------- d-----w- C:\PROGRA~3\Mr Retro
    2010-12-01 09:44:53 -------- d-----w- C:\Program Files (x86)\MW Vol 4 Washes Folder
    2010-11-21 12:49:22 -------- d-----w- C:\Windows\XSxS
    2010-11-21 12:49:22 -------- d-----w- C:\Program Files (x86)\Xenocode
    2010-11-21 00:58:12 -------- d-----w- C:\Users\Bret\AppData\Roaming\TeamViewer
    2010-11-21 00:58:08 -------- d-----w- C:\Program Files (x86)\TeamViewer
    2010-11-11 01:08:06 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
    2010-11-11 01:04:57 52568 ----a-r- C:\Windows\System32\AdobePDF.dll
    2010-11-06 13:04:00 -------- d-sh--w- C:\found.001
    2010-11-04 20:40:30 179 ----a-w- C:\Users\Bret\AppData\Roaming\dkfjasdfshd.bat
    2010-11-04 18:11:52 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2010-11-04 18:11:52 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2010-11-04 18:11:52 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2010-11-04 18:11:26 -------- d-----w- C:\Program Files\iPod
    2010-11-04 18:11:25 -------- d-----w- C:\Program Files\iTunes
    2010-11-04 18:11:25 -------- d-----w- C:\Program Files (x86)\iTunes
    2010-11-04 18:11:25 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2010-11-04 18:07:44 -------- d-----w- C:\Program Files\Bonjour
    2010-11-04 18:07:44 -------- d-----w- C:\Program Files (x86)\Bonjour

    ==================== Find3M ====================

    2010-10-04 12:13:30 64512 ----a-w- C:\Windows\SysWow64\nlssrv32.exe
    2010-10-04 12:13:30 64512 ----a-w- C:\Windows\System32\nlssrv32.exe
    2010-09-25 18:43:14 1724416 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
    2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-08 19:23:12 1032192 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 17:50:13 485376 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 17:23:42 78336 ----a-w- C:\Windows\SysWow64\ieencode.dll
    2010-09-08 17:07:35 834048 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 16:43:11 86528 ----a-w- C:\Windows\System32\ieencode.dll
    2010-09-08 15:23:27 389632 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 15:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-09-08 15:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-09-06 18:28:38 179712 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-09-06 18:28:38 12288 ----a-w- C:\Windows\System32\sscore.dll
    2010-09-06 18:27:03 17920 ----a-w- C:\Windows\System32\netevent.dll
    2010-09-06 16:20:29 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-09-06 16:19:06 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
    2010-09-06 15:34:14 451584 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-09-06 15:33:51 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-09-06 15:33:49 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2007-07-11 21:15:54 2334720 ----a-w- C:\Program Files (x86)\MachineWashVol4.8bf

    ============= FINISH: 23:11:04.12 ===============
     
    latemodelsedan,
    #3
  5. 2010/12/01
    latemodelsedan

    latemodelsedan Well-Known Member Thread Starter

    Joined:
    2010/12/01
    Messages:
    40
    Likes Received:
    0
    DDS Attach Log:



    DDS (Ver_10-11-27.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/10/2006 8:43:32 AM
    System Uptime: 12/1/2010 8:35:17 PM (0 hours ago)

    Motherboard: Acer | | Aspire X1700
    Processor: Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz | CPU 1 | 2403/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 290 GiB total, 35.319 GiB free.
    D: is FIXED (NTFS) - 292 GiB total, 291.48 GiB free.
    F: is CDROM (CDFS)
    G: is FIXED (NTFS) - 368 GiB total, 135.904 GiB free.
    H: is FIXED (NTFS) - 932 GiB total, 200.011 GiB free.
    I: is FIXED (NTFS) - 98 GiB total, 26.883 GiB free.
    J: is FIXED (NTFS) - 932 GiB total, 860.023 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&3032039E&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&3032039E&0
    Service: i8042prt

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    "Nero SoundTrax Help
    1.0
    ACDSee Pro 3
    Acer Assist
    Acer eDataSecurity Management
    Acer eDisplay Management
    Acer Empowering Technology
    Acer eRecovery Management
    Acer eSettings Management
    Acer Registration
    Acer ScreenSaver
    Acrobat.com
    Adobe Acrobat 9 Pro - English, Russian
    Adobe AIR
    Adobe Color Video Profiles CS CS4
    Adobe Community Help
    Adobe Creative Suite 5 Master Collection
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Reader 9.3.3
    AdobeColorCommonSetRGB
    Advertising Center
    AIM 6
    AIO_Scan
    Alex Buturuga - Muti ID3 Tag Editor 1.3b1
    AMR to MP3 Converter 1.4
    AoA Audio Extractor
    Apple Application Support
    Apple Software Update
    AVG 9.0
    BlackBerry Desktop Software 6.0
    BlackBerry Device Software v5.0.0 for the BlackBerry 9700 smartphone
    BufferChm
    Canon Utilities PhotoStitch
    Capture One 5.0
    Choice Guard
    ConvertXtoDVD 3.4.7.121
    Copy
    CustomerResearchQFolder
    Definition update for Microsoft Office 2010 (KB982726)
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DirectXInstallService
    DJ_AIO_ProductContext
    DJ_AIO_Software
    DJ_AIO_Software_min
    DNA
    dng4ps2
    DolbyFiles
    DVD Shrink 3.2
    DVDFab 8.0.1.1 Beta (11/09/2010)
    DVDFab Decrypter 3.0.2.0
    DxO Optics Pro 5.3.2
    DxO Optics Pro for Photoshop CS
    EASEUS Partition Master 3.5 Unlimited Edition
    Easy CD-DA Extractor 12
    Easy Duplicate Finder v. 3.0
    eSobi v2
    eSupportQFolder
    F4100
    F4100_doccd
    F4100_Help
    Facebook Plug-In
    FeedDemon
    FileZilla Client 3.3.4.1
    Firebird SQL Server - MAGIX Edition
    Flickr Uploadr 3.2.1
    FLV Player 2.0 (build 25)
    foobar2000 v0.9.6.8
    Genuine Fractals 6.0.4 Professional Edition
    GoldWave v5.24
    Google Gears
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    GTK+ Runtime 2.14.7 rev a (remove only)
    Handy Backup
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Update
    HP USB Disk Storage Format Tool
    HPProductAssistant
    HPSSupply
    Hugin 2009.4.0
    ImagXpress
    IrfanView (remove only)
    Java(TM) 6 Update 12
    Junk Mail filter update
    K-Lite Codec Pack 4.0.0 (Full)
    KODAK EASYSHARE Gallery Upload ActiveX Control
    KODAK Gallery Upload Software
    LightScribe 1.4.142.1
    Logitech Updater
    LucisArt 3 ED/SE
    Malwarebytes' Anti-Malware
    MarketResearch
    Matroska Pack
    MediaMonkey 3.0
    Menu Templates - Starter Kit
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Hotmail Connector 32-bit
    Microsoft Outlook Personal Folders Backup
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Morpheus Photo Animation Suite v3.10
    Movie Templates - Starter Kit
    Mozilla Firefox (3.6.12)
    MP3 Cutter Joiner 3.00
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 9
    Nero BurningROM
    Nero BurnRights
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero Disc Copy Gadget
    Nero Disc Copy Gadget Help
    Nero DiscSpeed
    Nero DriveSpeed
    Nero Express
    Nero InfoTool
    Nero Installer
    Nero Live
    Nero Live Help
    Nero PhotoSnap
    Nero PhotoSnap Help
    Nero Recode
    Nero Recode Help
    Nero Rescue Agent
    Nero RescueAgent Help
    Nero ShowTime
    Nero StartSmart
    Nero StartSmart Help
    Nero Vision
    Nero WaveEditor
    Nero WaveEditor Help
    NeroBurningROM
    NeroExpress
    neroxml
    Nikon Message Center
    Noiseware Professional Edition
    Noiseware Professional Plug-in
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI JewelCase Maker Hot Fix
    NTI Media Maker 8
    NTI Photo Maker Hot Fix
    NVIDIA Stereoscopic 3D Driver
    Opanda IExif 2.3
    OpenAL
    PDF Settings CS5
    Perfectly Clear Plugin 1.5.0.2
    Photo Mechanic 4.5
    Photodex Presenter
    PhotoDVD 2.9.6.1
    Photomatix Pro version 3.1.3
    Picture Control Utility
    Pivot Software
    Portrait Professional Max 6.3
    Portrait Professional Studio 9.0
    PowerISO
    PTGui Pro 8.2.1
    QuickTime
    RealGrain Plug-in
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio BackOnTrackPE
    Roxio Burn - Secure
    Roxio Central Copy
    Roxio Central Data
    Roxio Central Tools
    Roxio CinePlayer
    Roxio CinePlayer Decoder Pack
    Roxio Creator 2009
    Roxio Creator 2011 Pro
    Roxio MediaShare
    Roxio PhotoShow
    Roxio Video Capture USB
    Scan
    SDK
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Shutterfly Express Uploader
    SmartSound Common Data
    SmartSound Quicktracks 5
    SmartSound Quicktracks Plugin
    SnagIt 9
    SolutionCenter
    SoundTrax
    Spybot - Search & Destroy
    Status
    TeamViewer 5
    Toolbox
    Topaz Adjust
    TrayApp
    Trillian
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    URL Helper
    Viewpoint Media Player
    Visual C++ 8.0 Runtime Setup Package (x64)
    VSO CopyToDVD 4
    VSO Image Resizer 2.1.8.2
    Watermark Image software version 1.8.3.3
    WebReg
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Upload Tool
    WinPcap 4.0
    WinRAR archiver
    Yahoo! Messenger
    Yahoo! Software Update

    ==== End Of File ===========================
     
    latemodelsedan,
    #4
  6. 2010/12/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    We'll start with fixing your MBR...

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
    Last edited: 2010/12/01
    broni,
    #5
  7. 2010/12/01
    latemodelsedan

    latemodelsedan Well-Known Member Thread Starter

    Joined:
    2010/12/01
    Messages:
    40
    Likes Received:
    0
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: Acer
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: Acer
    System Product Name: Aspire X1700
    Logical Drives Mask: 0x000003ec

    Kernel Drivers (total 173):
    0x02200000 \SystemRoot\system32\ntoskrnl.exe
    0x02717000 \SystemRoot\system32\hal.dll
    0x0060B000 \SystemRoot\system32\kdcom.dll
    0x00615000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00650000 \SystemRoot\system32\PSHED.dll
    0x00664000 \SystemRoot\system32\CLFS.SYS
    0x006C1000 \SystemRoot\system32\CI.dll
    0x00802000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008DC000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00A05000 \SystemRoot\System32\Drivers\spdq.sys
    0x00B39000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x00B42000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x00B70000 \SystemRoot\system32\drivers\acpi.sys
    0x00BC6000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00BD0000 \SystemRoot\system32\drivers\pci.sys
    0x008EA000 \SystemRoot\System32\drivers\partmgr.sys
    0x008FF000 \SystemRoot\system32\drivers\volmgr.sys
    0x00913000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00979000 \SystemRoot\system32\drivers\pciide.sys
    0x00980000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x00990000 \SystemRoot\System32\drivers\mountmgr.sys
    0x009A3000 \SystemRoot\System32\Drivers\UBHelper.sys
    0x009AB000 \SystemRoot\system32\drivers\atapi.sys
    0x009B3000 \SystemRoot\system32\drivers\ataport.SYS
    0x00773000 \SystemRoot\system32\DRIVERS\nvstor64.sys
    0x0079F000 \SystemRoot\system32\DRIVERS\storport.sys
    0x00C0A000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00C51000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00C65000 \SystemRoot\system32\DRIVERS\psdfilter.sys
    0x00C6E000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x00C7B000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00E09000 \SystemRoot\system32\drivers\ndis.sys
    0x00D02000 \SystemRoot\system32\drivers\msrpc.sys
    0x00D52000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01005000 \SystemRoot\System32\drivers\tcpip.sys
    0x0117B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01209000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01389000 \SystemRoot\system32\drivers\wd.sys
    0x01391000 \SystemRoot\system32\drivers\volsnap.sys
    0x013D5000 \SystemRoot\System32\Drivers\spldr.sys
    0x013DD000 \SystemRoot\System32\Drivers\Saibad64.sys
    0x013E6000 \SystemRoot\System32\Drivers\Sahdad64.sys
    0x011A7000 \SystemRoot\System32\Drivers\mup.sys
    0x011B9000 \SystemRoot\System32\drivers\ecache.sys
    0x011E5000 \SystemRoot\system32\drivers\disk.sys
    0x00FCC000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x013F1000 \SystemRoot\system32\drivers\crcdisk.sys
    0x00DAB000 \SystemRoot\System32\Drivers\avgrkx64.sys
    0x009D7000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x01200000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x009E4000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x02A07000 \SystemRoot\system32\DRIVERS\serial.sys
    0x02A24000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x02A46000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x02A52000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x02A5D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x02AA3000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x02AB4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x02C01000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x03928000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x03A08000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03AEB000 \SystemRoot\System32\drivers\watchdog.sys
    0x03C0F000 \SystemRoot\system32\DRIVERS\agrsm64.sys
    0x03D4B000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x03D4D000 \SystemRoot\system32\drivers\modem.sys
    0x03D5C000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x03D6E000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x03D7E000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x03D9A000 \SystemRoot\system32\Drivers\NTIDrvr.sys
    0x03DA2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x03E08000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
    0x03F75000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x03F7E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x03FB7000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03FC4000 \SystemRoot\System32\Drivers\RootMdm.sys
    0x03FCC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03FEF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x03DAF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x03DE0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x03AFB000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x03B19000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x03B31000 \SystemRoot\System32\Drivers\pcouffin.sys
    0x03DF0000 \SystemRoot\system32\DRIVERS\PdiPorts.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
    0x03B46000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03C00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x03FFB000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x03B59000 \SystemRoot\system32\DRIVERS\ks.sys
    0x03B8D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03B98000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x03BA8000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0392A000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x0440D000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x04577000 \SystemRoot\system32\drivers\portcls.sys
    0x045B2000 \SystemRoot\system32\drivers\drmk.sys
    0x045D5000 \SystemRoot\system32\drivers\ksthunk.sys
    0x045DB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x045E5000 \SystemRoot\System32\Drivers\Null.SYS
    0x04400000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x0393E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x045EE000 \SystemRoot\System32\drivers\vga.sys
    0x03954000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x03BF0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x03979000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x03982000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x0398D000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x0399E000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x039A7000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02BA1000 \SystemRoot\System32\Drivers\avgtdia.sys
    0x04608000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x0464C000 \SystemRoot\system32\DRIVERS\smb.sys
    0x04804000 \SystemRoot\system32\DRIVERS\kl1.sys
    0x04D2B000 \SystemRoot\system32\drivers\afd.sys
    0x04D96000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x04DB4000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x04DC3000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x04DDE000 \SystemRoot\System32\Drivers\SCDEmu.SYS
    0x04DF0000 \SystemRoot\System32\Drivers\SaibVdAd64.sys
    0x04667000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x046B4000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x046C0000 \SystemRoot\System32\Drivers\dfsc.sys
    0x046DD000 \SystemRoot\System32\Drivers\avgmfx64.sys
    0x046E5000 \SystemRoot\System32\Drivers\avgldx64.sys
    0x0472C000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x04735000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x04747000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
    0x04750000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x0475B000 \SystemRoot\system32\DRIVERS\netr7364.sys
    0x039C4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x039E0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x00DB8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x00DD0000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x02A30000 \SystemRoot\system32\drivers\RTSTOR64.SYS
    0x039EB000 \SystemRoot\system32\drivers\LVUSBS64.sys
    0x00DEC000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x02BF2000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x05203000 \SystemRoot\system32\DRIVERS\dot4usb.sys
    0x05213000 \SystemRoot\system32\DRIVERS\Dot4.sys
    0x0523B000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
    0x05245000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x05253000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x0525D000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
    0x000E0000 \SystemRoot\System32\win32k.sys
    0x05289000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05295000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00410000 \SystemRoot\System32\TSDDD.dll
    0x00620000 \SystemRoot\System32\cdd.dll
    0x008F0000 \SystemRoot\System32\ATMFD.DLL
    0x052A8000 \SystemRoot\system32\drivers\luafv.sys
    0x052CA000 \SystemRoot\system32\drivers\spsys.sys
    0x05364000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x05378000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x053AC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x053B7000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x09607000 \SystemRoot\system32\drivers\HTTP.sys
    0x096AA000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x096D3000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x096F1000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0970B000 \SystemRoot\system32\drivers\mrxdav.sys
    0x09732000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0975B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x097A4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x097C3000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x09A05000 \SystemRoot\System32\DRIVERS\srv.sys
    0x09A99000 \SystemRoot\System32\Drivers\adfs.SYS
    0x09AB1000 \??\C:\Windows\SysWOW64\drivers\int15_64.sys
    0x09AC9000 \SystemRoot\system32\drivers\peauth.sys
    0x09B7F000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
    0x09B88000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
    0x09B9B000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x09BA6000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x09BB6000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
    0x77040000 \Windows\System32\ntdll.dll

    Processes (total 89):
    0 System Idle Process
    4 System
    580 C:\Windows\System32\smss.exe
    652 csrss.exe
    696 C:\Windows\System32\wininit.exe
    716 csrss.exe
    724 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    732 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    760 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    816 C:\Windows\System32\services.exe
    832 C:\Windows\System32\lsass.exe
    840 C:\Windows\System32\lsm.exe
    924 C:\Windows\System32\winlogon.exe
    852 C:\Windows\System32\svchost.exe
    656 C:\Windows\System32\nvvsvc.exe
    1040 C:\Windows\System32\svchost.exe
    1176 C:\Windows\System32\svchost.exe
    1200 C:\Windows\System32\svchost.exe
    1216 C:\Windows\System32\svchost.exe
    1332 C:\Windows\System32\audiodg.exe
    1360 C:\Windows\System32\SLsvc.exe
    1404 C:\Windows\System32\svchost.exe
    1524 C:\Windows\System32\nvvsvc.exe
    1608 C:\Windows\System32\svchost.exe
    1804 C:\Windows\System32\spoolsv.exe
    1828 C:\Windows\System32\svchost.exe
    1560 C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
    1600 C:\Windows\System32\agr64svc.exe
    1836 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1232 C:\Windows\SysWOW64\ASTSRV.EXE
    1968 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    1096 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1320 C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
    2112 C:\Windows\System32\dwm.exe
    2120 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    2152 C:\Windows\System32\taskeng.exe
    2196 C:\Windows\explorer.exe
    2204 C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    2224 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    2332 C:\Program Files (x86)\AVG\AVG9\avgam.exe
    2404 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    2452 C:\Windows\System32\taskeng.exe
    2488 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    2616 C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    2644 C:\Windows\System32\taskeng.exe
    2720 C:\Windows\Igawaa.exe
    2788 C:\Windows\SysWOW64\svchost.exe
    2988 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    3020 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    3056 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    2352 LVPrS64H.exe
    2588 C:\Windows\System32\svchost.exe
    1632 C:\Windows\System32\nlsInterface.EXE
    2964 C:\Windows\RAVCpl64.exe
    1380 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2144 C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe
    3276 C:\Program Files (x86)\Novosoft\Handy Backup\BackupNetworkCoordinator.exe
    3368 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    3404 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    3416 C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
    3436 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    3448 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    3480 C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    3520 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    3528 C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe
    3544 C:\Windows\System32\svchost.exe
    3556 C:\Windows\System32\svchost.exe
    3588 C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe
    3616 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3636 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    3648 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    2576 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    3388 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    3700 C:\Windows\System32\svchost.exe
    3724 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    3756 C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
    3948 C:\Windows\System32\svchost.exe
    3472 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    1348 C:\Windows\System32\SearchIndexer.exe
    1492 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    3144 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    3000 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    4176 C:\Program Files\iPod\bin\iPodService.exe
    4448 WmiPrvSE.exe
    4544 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    4664 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    400 dllhost.exe
    1584 dllhost.exe
    1244 C:\Users\Bret\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c0100000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000004c`25101800 (NTFS)
    \\.\G: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)
    \\.\H: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
    \\.\I: --> \\.\PhysicalDrive3 at offset 0x0000005c`06a00000 (NTFS)
    \\.\J: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0
    PhysicalDrive3 Model Number: Maxtor2, Rev: 0344
    PhysicalDrive2 Model Number: WD10EAVS External, Rev: 1.65
    PhysicalDrive1 Model Number: WD10EADS External, Rev: 1.75

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 1F8DD7C201E227219CB332E16FEC0A079DE3B3C3
    465 GB \\.\PhysicalDrive3 Unknown MBR code
    SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6
    931 GB \\.\PhysicalDrive2 Windows 98 MBR code detected
    SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E
    931 GB \\.\PhysicalDrive1 MBR Code Faked!
    SHA1: 20C74F7BF7943939F100DBA7C8F7F3C3BB296CCA


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
     
    latemodelsedan,
    #6
  8. 2010/12/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It didn't work, which sometimes happen.

    We'll use different method...

    If you have Vista/7 DVD...

    start with step 2

    If you don't have Vista/7 DVD...

    1. Create Vista/7 Recovery Disc.

    Option 1 :
    Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
    Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

    Option 2:
    Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
    Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
    Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

    2. Boot from created disk.

    Vista users. At first screen click on Repair your computer:
    [​IMG]

    Windows 7 users. At first screen click on Install now:
    [​IMG]
    Select your language and click next:
    [​IMG]
    Click the button for "Use recovery tools ":
    [​IMG]

    The following applies to both, Vista and Windows 7 users.

    This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
    [​IMG]
    After this, it will present you with a list of options including startup repair, system restore and command prompt:
    [​IMG]
    Select Command Prompt

    Type in:
    bootrec /FixMbr (<--- there is a "space" after "bootrec ")
    and then press Enter

    Once completed then type Exit, press Enter and restart computer.

    Post fresh MBRCheck log.
     
    broni,
    #7
  9. 2010/12/01
    latemodelsedan

    latemodelsedan Well-Known Member Thread Starter

    Joined:
    2010/12/01
    Messages:
    40
    Likes Received:
    0
    the vista repair disc link in option 1 is a dead or incorrect link. please advise.
     
    latemodelsedan,
    #8
  10. 2010/12/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #9
  11. 2010/12/02
    latemodelsedan

    latemodelsedan Well-Known Member Thread Starter

    Joined:
    2010/12/01
    Messages:
    40
    Likes Received:
    0
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: Acer
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: Acer
    System Product Name: Aspire X1700
    Logical Drives Mask: 0x000003ec

    Kernel Drivers (total 173):
    0x0220B000 \SystemRoot\system32\ntoskrnl.exe
    0x02722000 \SystemRoot\system32\hal.dll
    0x0060F000 \SystemRoot\system32\kdcom.dll
    0x00619000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00654000 \SystemRoot\system32\PSHED.dll
    0x00668000 \SystemRoot\system32\CLFS.SYS
    0x006C5000 \SystemRoot\system32\CI.dll
    0x0080E000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E8000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00A03000 \SystemRoot\System32\Drivers\splk.sys
    0x00B37000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x00B40000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x00B6E000 \SystemRoot\system32\drivers\acpi.sys
    0x00BC4000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00BCE000 \SystemRoot\system32\drivers\pci.sys
    0x008F6000 \SystemRoot\System32\drivers\partmgr.sys
    0x0090B000 \SystemRoot\system32\drivers\volmgr.sys
    0x0091F000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00985000 \SystemRoot\system32\drivers\pciide.sys
    0x0098C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x0099C000 \SystemRoot\System32\drivers\mountmgr.sys
    0x009AF000 \SystemRoot\System32\Drivers\UBHelper.sys
    0x009B7000 \SystemRoot\system32\drivers\atapi.sys
    0x009BF000 \SystemRoot\system32\drivers\ataport.SYS
    0x00777000 \SystemRoot\system32\DRIVERS\nvstor64.sys
    0x007A3000 \SystemRoot\system32\DRIVERS\storport.sys
    0x00C09000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00C50000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00C64000 \SystemRoot\system32\DRIVERS\psdfilter.sys
    0x00C6D000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x00C7A000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00E05000 \SystemRoot\system32\drivers\ndis.sys
    0x00D01000 \SystemRoot\system32\drivers\msrpc.sys
    0x00D51000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0100C000 \SystemRoot\System32\drivers\tcpip.sys
    0x01182000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01200000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01380000 \SystemRoot\system32\drivers\wd.sys
    0x01388000 \SystemRoot\system32\drivers\volsnap.sys
    0x013CC000 \SystemRoot\System32\Drivers\spldr.sys
    0x013D4000 \SystemRoot\System32\Drivers\Saibad64.sys
    0x013DD000 \SystemRoot\System32\Drivers\Sahdad64.sys
    0x013E8000 \SystemRoot\System32\Drivers\mup.sys
    0x011AE000 \SystemRoot\System32\drivers\ecache.sys
    0x011DA000 \SystemRoot\system32\drivers\disk.sys
    0x00FC8000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x011EE000 \SystemRoot\system32\drivers\crcdisk.sys
    0x00DAA000 \SystemRoot\System32\Drivers\avgrkx64.sys
    0x00DF1000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x00FF4000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x009E3000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x02802000 \SystemRoot\system32\DRIVERS\serial.sys
    0x0281F000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x02841000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x0284D000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x02858000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x0289E000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x028AF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x02A0F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x03736000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x0380A000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x038ED000 \SystemRoot\System32\drivers\watchdog.sys
    0x03A09000 \SystemRoot\system32\DRIVERS\agrsm64.sys
    0x03B45000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x03B47000 \SystemRoot\system32\drivers\modem.sys
    0x03B56000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x03B68000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x03B78000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x03B94000 \SystemRoot\system32\Drivers\NTIDrvr.sys
    0x03B9C000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x03E0A000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys
    0x03F77000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x03F80000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x03FB9000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03FC6000 \SystemRoot\System32\Drivers\RootMdm.sys
    0x03FCE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03FF1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x03BA9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x03BDA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x038FD000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x0391B000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x03BEA000 \SystemRoot\System32\Drivers\pcouffin.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\PdiPorts.sys
    0x03A00000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
    0x03933000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03946000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x03FFD000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x03954000 \SystemRoot\system32\DRIVERS\ks.sys
    0x03988000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03993000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x039A3000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x039EB000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04405000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x0456F000 \SystemRoot\system32\drivers\portcls.sys
    0x045AA000 \SystemRoot\system32\drivers\drmk.sys
    0x045CD000 \SystemRoot\system32\drivers\ksthunk.sys
    0x045D3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x045DD000 \SystemRoot\System32\Drivers\Null.SYS
    0x045F1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x03743000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x03759000 \SystemRoot\System32\drivers\vga.sys
    0x03767000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x045E6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x03800000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x0378C000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x03797000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x037A8000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x037B1000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x0299C000 \SystemRoot\System32\Drivers\avgtdia.sys
    0x04608000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x0464C000 \SystemRoot\system32\DRIVERS\smb.sys
    0x0480F000 \SystemRoot\system32\DRIVERS\kl1.sys
    0x04D36000 \SystemRoot\system32\drivers\afd.sys
    0x04DA1000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x04DBF000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x04DCE000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x04DE9000 \SystemRoot\System32\Drivers\SCDEmu.SYS
    0x04800000 \SystemRoot\System32\Drivers\SaibVdAd64.sys
    0x04667000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x046B4000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x046C0000 \SystemRoot\System32\Drivers\dfsc.sys
    0x046DD000 \SystemRoot\System32\Drivers\avgmfx64.sys
    0x046E5000 \SystemRoot\System32\Drivers\avgldx64.sys
    0x0472C000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x04735000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x04747000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
    0x04750000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x0475B000 \SystemRoot\system32\DRIVERS\netr7364.sys
    0x037CE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x037EA000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x04E05000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x04E1D000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x04E6B000 \SystemRoot\system32\drivers\RTSTOR64.SYS
    0x04E81000 \SystemRoot\system32\drivers\LVUSBS64.sys
    0x04E8C000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x04E9C000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x04EA7000 \SystemRoot\system32\DRIVERS\dot4usb.sys
    0x04EB7000 \SystemRoot\system32\DRIVERS\Dot4.sys
    0x04EDF000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
    0x04EE9000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x04EF7000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x04F01000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
    0x00040000 \SystemRoot\System32\win32k.sys
    0x04F2D000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04F39000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00430000 \SystemRoot\System32\TSDDD.dll
    0x006B0000 \SystemRoot\System32\cdd.dll
    0x008A0000 \SystemRoot\System32\ATMFD.DLL
    0x04F4C000 \SystemRoot\system32\drivers\luafv.sys
    0x09405000 \SystemRoot\system32\drivers\spsys.sys
    0x0949F000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x094B3000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x094E7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x094F2000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x0950A000 \SystemRoot\system32\drivers\HTTP.sys
    0x095AD000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x095D6000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x04F6E000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x04F88000 \SystemRoot\system32\drivers\mrxdav.sys
    0x04FAF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x09807000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x09850000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x0986F000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x098A1000 \SystemRoot\System32\DRIVERS\srv.sys
    0x09935000 \SystemRoot\System32\Drivers\adfs.SYS
    0x0994D000 \??\C:\Windows\SysWOW64\drivers\int15_64.sys
    0x0A400000 \SystemRoot\system32\drivers\peauth.sys
    0x0A4B6000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
    0x0A4BF000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
    0x0A4D2000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0A4DD000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0A4ED000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
    0x77A00000 \Windows\System32\ntdll.dll

    Processes (total 88):
    0 System Idle Process
    4 System
    516 C:\Windows\System32\smss.exe
    652 csrss.exe
    696 C:\Windows\System32\wininit.exe
    716 csrss.exe
    724 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    732 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    768 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    792 C:\Windows\System32\services.exe
    808 C:\Windows\System32\lsass.exe
    816 C:\Windows\System32\lsm.exe
    920 C:\Windows\System32\winlogon.exe
    644 C:\Windows\System32\svchost.exe
    324 C:\Windows\System32\nvvsvc.exe
    812 C:\Windows\System32\svchost.exe
    1176 C:\Windows\System32\svchost.exe
    1208 C:\Windows\System32\svchost.exe
    1224 C:\Windows\System32\svchost.exe
    1332 C:\Windows\System32\audiodg.exe
    1368 C:\Windows\System32\SLsvc.exe
    1400 C:\Windows\System32\svchost.exe
    1528 C:\Windows\System32\nvvsvc.exe
    1564 C:\Windows\System32\svchost.exe
    1760 C:\Windows\System32\spoolsv.exe
    1804 C:\Windows\System32\svchost.exe
    2064 C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
    2108 C:\Windows\System32\agr64svc.exe
    2120 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2132 C:\Windows\SysWOW64\ASTSRV.EXE
    2156 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    2180 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2192 C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
    2208 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    2248 C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    2264 C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    2316 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    2428 C:\Program Files (x86)\AVG\AVG9\avgam.exe
    2452 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    2648 C:\Windows\SysWOW64\svchost.exe
    2716 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    2752 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    2788 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    2804 LVPrS64H.exe
    2852 C:\Windows\System32\svchost.exe
    2880 C:\Windows\System32\nlsInterface.EXE
    2896 C:\Program Files (x86)\Novosoft\Handy Backup\BackupNetworkCoordinator.exe
    2964 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    2996 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    3036 C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    1884 C:\Windows\System32\svchost.exe
    2236 C:\Windows\System32\svchost.exe
    3184 C:\Windows\System32\taskeng.exe
    3192 C:\Windows\System32\dwm.exe
    3252 C:\Windows\System32\taskeng.exe
    3320 C:\Windows\explorer.exe
    3368 C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    3388 C:\Windows\System32\taskeng.exe
    3400 C:\Windows\Igawaa.exe
    3560 C:\Windows\RAVCpl64.exe
    3608 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3616 C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe
    3724 C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
    3780 C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe
    3804 C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe
    3812 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    3836 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    3856 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3872 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    3896 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    3968 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    3824 C:\Windows\System32\svchost.exe
    4000 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    3352 C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
    3732 C:\Windows\System32\svchost.exe
    3736 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    1140 C:\Windows\System32\SearchIndexer.exe
    3700 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    3516 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    2816 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    4276 C:\Program Files\iPod\bin\iPodService.exe
    4296 WmiPrvSE.exe
    4724 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    4864 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    5072 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    3028 dllhost.exe
    3552 dllhost.exe
    3964 C:\Users\Bret\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c0100000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000004c`25101800 (NTFS)
    \\.\G: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)
    \\.\H: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
    \\.\I: --> \\.\PhysicalDrive3 at offset 0x0000005c`06a00000 (NTFS)
    \\.\J: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0
    PhysicalDrive3 Model Number: Maxtor2, Rev: 0344
    PhysicalDrive2 Model Number: WD10EAVS External, Rev: 1.65
    PhysicalDrive1 Model Number: WD10EADS External, Rev: 1.75

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 1F8DD7C201E227219CB332E16FEC0A079DE3B3C3
    465 GB \\.\PhysicalDrive3 Unknown MBR code
    SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6
    931 GB \\.\PhysicalDrive2 RE: Windows 98 MBR code detected
    SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E
    931 GB \\.\PhysicalDrive1 RE: Windows 98 MBR code detected
    SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
    latemodelsedan,
    #10
  12. 2010/12/02
    latemodelsedan

    latemodelsedan Well-Known Member Thread Starter

    Joined:
    2010/12/01
    Messages:
    40
    Likes Received:
    0
    hey, broni. still waiting for u to analyze the last log but i wanted to state that since i took the last step i have not experienced the problem again [yet]. even when i was was experiencing it it was super intermittent. the ie windows would pop up maybe once every several hours. ive had the pc on since yesterday and nothing has popped back up again. im ready for the next step when u are.
     
    latemodelsedan,
    #11
  13. 2010/12/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Hmmm...it doesn't look like our fix worked.
    Are you sure, you posted new MBRCheck log?

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ==============================================================================


    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #12
  14. 2010/12/02
    latemodelsedan

    latemodelsedan Well-Known Member Thread Starter

    Joined:
    2010/12/01
    Messages:
    40
    Likes Received:
    0
    yes, that was the last log. i will take the nest steps as u instructed. now i appear to have a new problem as well. i ran a malwarebytes scan today and avg popped up with a threat warning for theis file: igawaa.exe. i googled it and found absolutely nothing. so frustrated.
     
    latemodelsedan,
    #13
  15. 2010/12/02
    latemodelsedan

    latemodelsedan Well-Known Member Thread Starter

    Joined:
    2010/12/01
    Messages:
    40
    Likes Received:
    0
    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`c0100000
    ATA_Read(): DeviceIoControl() ERROR 1
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
    latemodelsedan,
    #14
  16. 2010/12/02
    latemodelsedan

    latemodelsedan Well-Known Member Thread Starter

    Joined:
    2010/12/01
    Messages:
    40
    Likes Received:
    0
    OTL Extras logfile created on: 12/2/2010 7:16:01 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Bret\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 44.00% Memory free
    8.00 Gb Paging File | 5.00 Gb Available in Paging File | 67.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 289.58 Gb Total Space | 39.06 Gb Free Space | 13.49% Space Free | Partition Type: NTFS
    Drive D: | 291.59 Gb Total Space | 291.48 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
    Drive G: | 368.10 Gb Total Space | 135.93 Gb Free Space | 36.93% Space Free | Partition Type: NTFS
    Drive H: | 931.51 Gb Total Space | 200.03 Gb Free Space | 21.47% Space Free | Partition Type: NTFS
    Drive I: | 97.66 Gb Total Space | 26.89 Gb Free Space | 27.53% Space Free | Partition Type: NTFS
    Drive J: | 931.51 Gb Total Space | 860.03 Gb Free Space | 92.33% Space Free | Partition Type: NTFS

    Computer Name: BRAIN | User Name: Bret | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" File not found
    Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" File not found
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- Reg Error: Key error.
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" File not found
    Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" File not found
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- Reg Error: Key error.
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = AD 9B 1C 66 A3 9A CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
    "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0EFBFDCD-045A-47D3-A104-05A99F0FD376}" = rport=137 | protocol=17 | dir=out | app=system |
    "{1B56E5AF-D321-48EB-99BB-CAF8022F39A0}" = rport=445 | protocol=6 | dir=out | app=system |
    "{273313DB-D2ED-43BB-AD63-64CE5EC0DAB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{442C9919-1ADC-4F6B-87B2-E913EEB67F47}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{6E4D4964-32E4-469A-BAAF-A29E293619E4}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{7155AACF-0435-452B-ACA3-F96BAD2A8F66}" = rport=138 | protocol=17 | dir=out | app=system |
    "{8559EBE0-43FA-4138-A926-CC481B5BC711}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{98DE4699-C600-46F6-89A5-7CA44E340ED7}" = lport=137 | protocol=17 | dir=in | app=system |
    "{9ADB3255-DDBB-4E7D-B251-8E47E24E6B65}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
    "{9D9C7991-8DE8-4D14-A8A1-785863F693FB}" = lport=139 | protocol=6 | dir=in | app=system |
    "{C16C7E14-0BCD-4DEA-A982-40C842882654}" = lport=138 | protocol=17 | dir=in | app=system |
    "{CC1A3BBA-2FE7-4654-A32E-76F639177A97}" = rport=139 | protocol=6 | dir=out | app=system |
    "{D64E321A-6BDB-46C6-94C1-946963D150D8}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
    "{D9031718-0ABD-4485-948C-65B1E0584153}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{E8DD8880-D1F7-4849-B8FF-2FAC573C7645}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
    "{FE0BF272-7F7A-4E6C-B190-3FC63F6C0A98}" = lport=445 | protocol=6 | dir=in | app=system |
    "{FF79DAD5-29DD-4718-9D75-0D367F0A9457}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00ECCDB1-947C-4B8C-89BB-D19F302BC1B2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
    "{048BA398-0803-404A-8315-473987EA8D0C}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
    "{14CD71F1-987F-4490-96FA-A5E3A180F612}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{17495612-C1E7-4D05-ADDE-BB2364520A32}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
    "{1B4CAE27-4A15-45B8-8A39-178DC178F07F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{1DD3DC2F-4AA1-45C4-95D3-A33070505714}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
    "{27F4A75A-AF20-45F7-B4B7-0E1E71213EE2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{2FDC4712-0070-4C45-B27B-7328262E6169}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{40775D6F-6AA1-4E80-94B6-0719744FAD24}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
    "{46982ABB-6F96-4519-8097-8371FA591E3B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{48D76A09-0133-4EA6-9804-36E56DDA4571}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{4B22FC26-5FF4-4307-980B-0641868A6BFF}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
    "{50882BA7-836F-4C4C-8C9A-5A1F9499C930}" = dir=in | app=c:\program files (x86)\avg\avg9\avgemc.exe |
    "{5320EB76-964D-48B5-A1F1-C0AAA7A28456}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
    "{54A1E874-B39C-4F5B-9351-2863591853EB}" = protocol=17 | dir=in | app=f:\setup.exe |
    "{5E6B4022-CC82-42EE-AA20-40C5D6EA47BF}" = protocol=6 | dir=in | app=f:\setup.exe |
    "{60272124-74D1-452F-91DA-72A6B76F624B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{646F787E-AAD3-4302-A2E0-87CFF20D784E}" = protocol=17 | dir=in | app=f:\setup.exe |
    "{663B96D2-8086-4F55-AFA3-311A62A82DDD}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{6769CB7D-F6AA-4D3D-B1EC-B865517452C7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |
    "{682C1C6F-F161-406A-B02E-06DCF66A802B}" = dir=in | app=c:\program files (x86)\avg\avg9\avgdiagex.exe |
    "{71C45C1A-3B1A-4725-AE49-EA3202751835}" = protocol=6 | dir=in | app=f:\setup.exe |
    "{78DC7097-664C-4FBC-9F94-7C62CBBA4F4B}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{85A753A4-AC62-4BD8-82A6-C2DF0AC29209}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{864C1708-5DC0-4CD8-8687-E219721F5491}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
    "{87E18DF2-1300-455D-8FBA-639C658B4DAF}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
    "{8CB91948-6C3F-40BA-8BC6-A3DAAA3394F1}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{92C2BC67-7785-467E-8C6C-CA17389EF9C9}" = dir=in | app=c:\program files (x86)\avg\avg9\avgam.exe |
    "{951E6639-C9F5-4DCC-AF59-7FB313285A95}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{9B673426-382A-4642-A38B-EB38AD0F3747}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
    "{9FA96F71-5911-47C6-93E8-93D6851DB084}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{A349B333-33BA-45B1-8FCC-56265450B6BC}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{AB7921E7-DBBE-43B5-98DF-ABDB9182839D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{AC24245A-9DC1-44A1-B67B-42067A58FD02}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{ADB4489C-DCFF-47CE-9F39-90954D6A188D}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{B08FA539-1E67-4763-859B-4E1CEE009C9B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{B3D81E6D-D3EE-4778-8CBD-81919C1B8179}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
    "{BB2F7712-D529-4E9F-96B1-988BA0EA6C3A}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{BEF0D762-3A2F-46CC-AAD3-B574B84D9139}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
    "{C88C970A-2F26-4674-99E6-776308C65A26}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
    "{D0926C03-AC63-4A0F-BB80-B353F2B6AD89}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
    "{D4288692-7C3D-4D23-BBF5-39FD6A28DE8E}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
    "{DA0631A2-E6B7-401E-AB9D-93FE1E1D2D73}" = protocol=6 | dir=in | app=f:\setup.exe |
    "{DBBFC4AC-440E-43BA-9327-99915888BB2D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe |
    "{E1D03880-6DD9-48D5-B46E-8F5C1D0CB36E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{E745B76B-C100-45CB-99BC-77F3B0ADFCA5}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{E7778565-8114-468B-BF83-F80E700EF8EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{EAE9D013-EC6C-4D68-A944-321CEE09B288}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
    "{F1587ADC-C4EF-4FED-96A8-ACA32464A40C}" = protocol=17 | dir=in | app=f:\setup.exe |
    "{FB0B0EFC-1F5F-491F-9D3E-6AE543427391}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
    "TCP Query User{10EC4C79-52EC-4AE8-B289-6BE35477D4A6}C:\fxbj.exe" = protocol=6 | dir=in | app=c:\fxbj.exe |
    "TCP Query User{AD405173-472E-41BF-8238-4110EF85E886}C:\users\bret\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\bret\program files (x86)\dna\btdna.exe |
    "UDP Query User{5990C2ED-DE5A-4BEC-8E47-BCC3A5ADC905}C:\fxbj.exe" = protocol=17 | dir=in | app=c:\fxbj.exe |
    "UDP Query User{A7B813FE-EAC9-4ADF-85BE-8FB0D55BA6A9}C:\users\bret\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\bret\program files (x86)\dna\btdna.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
    "{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
    "{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
    "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.4.3
    "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{B85B1A3C-E404-44E5-A0E1-C4D0438A49C1}" = Adobe Photoshop Lightroom 2.5 64-bit
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D8B2C435-8737-431E-8784-24CD13B0B821}" = PE585QAEncoder-64
    "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
    "{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
    "Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
    "HP Imaging Device Functions" = HP Imaging Device Functions 9.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
    "HPExtendedCapabilities" = HP Customer Participation Program 9.0
    "ImagenomicNoisewareProPlugin" = Imagenomic Noiseware 4.2 Professional Plug-in (build 4205)
    "ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.0 Plug-in (build 2006)
    "lvdrivers_11.90" = Logitech QuickCam Driver Package
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
    "{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{06DDDE92-AD4F-4278-8756-4837C39DC286}" = Topaz Adjust
    "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
    "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0D801AB5-0CA0-4471-B2B6-B9F4A363EE9F}" = DxO Optics Pro for Photoshop CS
    "{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
    "{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
    "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
    "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
    "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
    "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
    "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
    "{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
    "{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
    "{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
    "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
    "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
    "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
    "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{3080A282-1DD2-4B3D-80CA-B9E73D182F7B}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9700 smartphone
    "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
    "{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Creator 2009
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.8.2
    "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
    "{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}" = Roxio Creator 2011 Pro
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
    "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
    "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
    "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
    "{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
    "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
    "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
    "{554EB98C-D995-471F-8874-D2BA7BF5EB3E}" = Noiseware Professional Edition
    "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
    "{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}" = SnagIt 9
    "{5A0D71BC-3AB0-4BC1-B241-CABE11EEE731}" = DxO Optics Pro 5.3.2
    "{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
    "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
    "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
    "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
    "{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{679800C2-9209-464E-9E88-ECB306B0BE84}" = Handy Backup
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack
    "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
    "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
    "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.4.7.121
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77CDA026-3860-4C95-8233-34F3CEF121FB}" = Roxio Creator 2011 Pro
    "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
    "{7919D8D9-69FB-4E94-B330-04C4AF251867}" = Roxio Creator 2009
    "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
    "{7C515D87-2DCD-422B-B993-3FE8A71B3DDB}" = Noiseware Professional Plug-in
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
    "{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
    "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
    "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{92B3B2AF-ACF3-4A5A-9BBA-65473B310D9A}" = RealGrain Plug-in
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
    "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
    "{95140000-0048-0409-0000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 32-bit
    "{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn - Secure
    "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A5F1282-D6F8-4F04-B73E-D9286924E9AC}" = Roxio Creator 2011 Pro
    "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
    "{9A9A1828-31D1-4590-A99F-022B7237AFAE}" = Roxio MediaShare
    "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
    "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
    "{A586DC50-B18D-48FB-B7CC-A598200457C2}" = Acer eDisplay Management
    "{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
    "{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100
    "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A9024A22-FB0E-4DDC-AB93-44D686F7F491}" = Roxio CinePlayer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
    "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
    "{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-1048-8780-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Russian
    "{AC76BA86-1048-8780-7760-000000000004}{AC76BA86-1048-8780-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Russian
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
    "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
    "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
    "{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd
    "{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
    "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
    "{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
    "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
    "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
    "{BD3EAE4D-862D-4D41-8BB5-F5C2CFFE6022}" = Roxio BackOnTrackPE
    "{C0FE37FA-0886-4B66-B01B-76CF70FB77AB}" = Roxio CinePlayer Decoder Pack
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
    "{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
    "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
    "{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader
    "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
    "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
    "{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB30938E-2BCE-4837-9FEB-EB5DAB000235}" = LucisArt 3 ED/SE
    "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
    "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
    "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
    "{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
    "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
    "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
    "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
    "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
    "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
    "{eee57d78-45ca-46dd-a9d5-26ebdfe7f664}" = Nero 9
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FCADA4FF-142C-42A8-B73C-0A54A7F83345}" = Genuine Fractals 6.0.4 Professional Edition
    "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack
    "Acer Assist" = Acer Assist
    "Acer Registration" = Acer Registration
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AVG9Uninstall" = AVG 9.0
    "BitTorrent" = BitTorrent
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
    "CaptureOne5_is1" = Capture One 5.0
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DVDFab 8_is1" = DVDFab 8.0.1.1 Beta (11/09/2010)
    "DVDFab Decrypter_is1" = DVDFab Decrypter 3.0.2.0
    "EASEUS Partition Master Unlimited Edition_is1" = EASEUS Partition Master 3.5 Unlimited Edition
    "Easy CD-DA Extractor 12" = Easy CD-DA Extractor 12
    "Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 3.0
    "FileZilla Client" = FileZilla Client 3.3.4.1
    "Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition
    "Flickr Uploadr" = Flickr Uploadr 3.2.1
    "FLV Player" = FLV Player 2.0 (build 25)
    "foobar2000" = foobar2000 v0.9.6.8
    "GoldWave v5.24" = GoldWave v5.24
    "GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
    "Hugin_release_is1" = Hugin 2009.4.0
    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
    "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Matroska Pack" = Matroska Pack
    "MediaMonkey_is1" = MediaMonkey 3.0
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Morpheus Photo Animation Suite_is1" = Morpheus Photo Animation Suite v3.10
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "MP3 Cutter Joiner_is1" = MP3 Cutter Joiner 3.00
    "Muti ID3 Tag Editor" = Alex Buturuga - Muti ID3 Tag Editor 1.3b1
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
    "Opanda IExif_is1" = Opanda IExif 2.3
    "OpenAL" = OpenAL
    "Perfectly Clear Plugin" = Perfectly Clear Plugin 1.5.0.2
    "Photo Mechanic 4.5" = Photo Mechanic 4.5
    "Photodex Presenter" = Photodex Presenter
    "PhotomatixPro3_is1" = Photomatix Pro version 3.1.3
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Portrait Professional Max 6_is1" = Portrait Professional Max 6.3
    "Portrait Professional Studio 9_is1" = Portrait Professional Studio 9.0
    "PowerISO" = PowerISO
    "PTGui" = PTGui Pro 8.2.1
    "Roxio PhotoShow" = Roxio PhotoShow
    "TeamViewer 5" = TeamViewer 5
    "The Tetris Game_is1" = 1.0
    "Trillian" = Trillian
    "VSO PhotoDVD_is1" = PhotoDVD 2.9.6.1
    "Watermark Image_is1" = Watermark Image software version 1.8.3.3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.0
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BitTorrent DNA" = DNA
    "Facebook Plug-In" = Facebook Plug-In

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/21/2010 2:32:53 AM | Computer Name = BRAIN | Source = Google Update | ID = 20
    Description =

    Error - 4/21/2010 2:34:41 AM | Computer Name = BRAIN | Source = Google Update | ID = 20
    Description =

    Error - 4/21/2010 3:32:53 AM | Computer Name = BRAIN | Source = Google Update | ID = 20
    Description =

    Error - 4/21/2010 3:34:41 AM | Computer Name = BRAIN | Source = Google Update | ID = 20
    Description =

    Error - 4/21/2010 4:32:53 AM | Computer Name = BRAIN | Source = Google Update | ID = 20
    Description =

    Error - 4/21/2010 4:34:40 AM | Computer Name = BRAIN | Source = Google Update | ID = 20
    Description =

    Error - 4/21/2010 5:32:53 AM | Computer Name = BRAIN | Source = Google Update | ID = 20
    Description =

    Error - 4/21/2010 5:34:41 AM | Computer Name = BRAIN | Source = Google Update | ID = 20
    Description =

    Error - 4/21/2010 6:32:52 AM | Computer Name = BRAIN | Source = Google Update | ID = 20
    Description =

    Error - 4/21/2010 6:34:40 AM | Computer Name = BRAIN | Source = Google Update | ID = 20
    Description =

    [ Media Center Events ]
    Error - 8/27/2009 1:41:54 PM | Computer Name = HAL | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 9/1/2009 3:37:16 PM | Computer Name = HAL | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 9/21/2009 12:50:27 PM | Computer Name = HAL | Source = MCUpdate | ID = 0
    Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
    due to an abandoned mutex.'.

    Error - 10/1/2009 1:39:42 PM | Computer Name = HAL | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/8/2009 7:51:04 PM | Computer Name = HAL | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/23/2009 5:41:15 PM | Computer Name = HAL | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 11/23/2009 4:39:33 PM | Computer Name = HAL | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 11/26/2009 4:45:28 PM | Computer Name = HAL | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 1/10/2010 4:37:27 PM | Computer Name = HAL | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 3/16/2010 12:04:56 AM | Computer Name = BRAIN | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 12/2/2010 2:22:45 AM | Computer Name = BRAIN | Source = Service Control Manager | ID = 7009
    Description =

    Error - 12/2/2010 2:22:45 AM | Computer Name = BRAIN | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/2/2010 2:22:45 AM | Computer Name = BRAIN | Source = Service Control Manager | ID = 7023
    Description =

    Error - 12/2/2010 2:22:45 AM | Computer Name = BRAIN | Source = Service Control Manager | ID = 7009
    Description =

    Error - 12/2/2010 2:22:45 AM | Computer Name = BRAIN | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/2/2010 2:33:12 AM | Computer Name = BRAIN | Source = Service Control Manager | ID = 7009
    Description =

    Error - 12/2/2010 2:33:12 AM | Computer Name = BRAIN | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/2/2010 2:33:12 AM | Computer Name = BRAIN | Source = Service Control Manager | ID = 7023
    Description =

    Error - 12/2/2010 2:33:12 AM | Computer Name = BRAIN | Source = Service Control Manager | ID = 7009
    Description =

    Error - 12/2/2010 2:33:12 AM | Computer Name = BRAIN | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >
     
    latemodelsedan,
    #15
  17. 2010/12/02
    latemodelsedan

    latemodelsedan Well-Known Member Thread Starter

    Joined:
    2010/12/01
    Messages:
    40
    Likes Received:
    0
    OTL logfile created on: 12/2/2010 7:16:01 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Bret\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 44.00% Memory free
    8.00 Gb Paging File | 5.00 Gb Available in Paging File | 67.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 289.58 Gb Total Space | 39.06 Gb Free Space | 13.49% Space Free | Partition Type: NTFS
    Drive D: | 291.59 Gb Total Space | 291.48 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
    Drive G: | 368.10 Gb Total Space | 135.93 Gb Free Space | 36.93% Space Free | Partition Type: NTFS
    Drive H: | 931.51 Gb Total Space | 200.03 Gb Free Space | 21.47% Space Free | Partition Type: NTFS
    Drive I: | 97.66 Gb Total Space | 26.89 Gb Free Space | 27.53% Space Free | Partition Type: NTFS
    Drive J: | 931.51 Gb Total Space | 860.03 Gb Free Space | 92.33% Space Free | Partition Type: NTFS

    Computer Name: BRAIN | User Name: Bret | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/02 19:15:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bret\Desktop\OTL.exe
    PRC - [2010/12/01 05:46:50 | 000,176,640 | ---- | M] () -- C:\Windows\Igawaa.exe
    PRC - [2010/11/24 09:53:06 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    PRC - [2010/11/24 09:52:14 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    PRC - [2010/10/29 03:55:38 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2010/10/19 07:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    PRC - [2010/10/14 12:37:26 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010/09/12 13:55:58 | 000,707,354 | ---- | M] () -- C:\Program Files (x86)\TSR Soft\Watermark Image\unins000.exe
    PRC - [2010/09/12 13:55:58 | 000,707,354 | ---- | M] () -- C:\Users\Bret\AppData\Local\Temp\_iu14D2N.tmp
    PRC - [2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Users\Bret\Desktop\remover.exe
    PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/07/21 07:07:50 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    PRC - [2010/07/14 03:00:00 | 000,032,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
    PRC - [2010/06/23 09:41:41 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    PRC - [2010/06/23 09:41:08 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe
    PRC - [2010/06/19 12:36:46 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    PRC - [2010/05/28 02:06:42 | 011,996,616 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe
    PRC - [2010/03/06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    PRC - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    PRC - [2010/01/11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/01/07 15:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2009/11/20 14:23:40 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\ASTSRV.EXE
    PRC - [2009/06/02 18:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exe
    PRC - [2009/02/24 23:55:01 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2008/12/16 21:59:40 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/10/31 17:04:58 | 000,032,856 | ---- | M] () -- C:\Program Files (x86)\Novosoft\Handy Backup\BackupNetworkCoordinator.exe
    PRC - [2008/09/24 13:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2008/07/29 19:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    PRC - [2008/06/06 10:42:10 | 000,324,096 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe
    PRC - [2008/06/06 10:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    PRC - [2008/06/04 16:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    PRC - [2008/04/25 23:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    PRC - [2008/04/25 23:36:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    PRC - [2008/03/03 15:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    PRC - [2007/02/09 11:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe
    PRC - [2007/02/09 11:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/02 19:15:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bret\Desktop\OTL.exe
    MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd)
    SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\srvany.exe -- (KMService)
    SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\ASTSRV.EXE -- (ASTSRV)
    SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\ASTSRV.EXE -- (astcc)
    SRV:64bit: - [2009/11/20 14:23:40 | 000,072,192 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysNative\nlsInterface.exe -- (nlscc)
    SRV:64bit: - [2008/12/16 21:59:16 | 000,187,416 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2008/08/19 16:27:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2007/12/10 22:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
    SRV - [2010/10/19 07:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
    SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/08/08 16:47:00 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
    SRV - [2010/07/21 07:07:50 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
    SRV - [2010/07/16 05:48:26 | 000,354,288 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
    SRV - [2010/07/16 05:48:04 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
    SRV - [2010/07/14 03:00:00 | 000,032,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
    SRV - [2010/06/23 09:41:41 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/01/25 09:59:59 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/01/11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/01/07 15:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2009/11/20 14:23:40 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (ASTSRV)
    SRV - [2009/11/20 14:23:40 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (astcc)
    SRV - [2009/06/02 18:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
    SRV - [2009/06/01 06:06:52 | 000,343,435 | R--- | M] () [Auto | Stopped] -- C:\ProgramData\Webroot\Bret6780119.exe -- (.1160484212SsTR)
    SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/10/31 17:04:58 | 000,032,856 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Novosoft\Handy Backup\BackupNetworkCoordinator.exe -- (NovosoftBackupNetworkCoordinator)
    SRV - [2008/09/24 13:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2008/07/29 19:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
    SRV - [2008/06/06 10:40:00 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
    SRV - [2008/06/04 16:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
    SRV - [2008/04/25 23:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
    SRV - [2008/04/25 23:36:02 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
    SRV - [2008/03/03 15:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
    SRV - [2005/11/17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVcKap64.sys -- (LVcKap64)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
    DRV:64bit: - [2010/06/23 09:41:47 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
    DRV:64bit: - [2010/06/23 09:41:11 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
    DRV:64bit: - [2010/05/31 13:22:49 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
    DRV:64bit: - [2010/04/28 14:25:49 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (AvgRkx64)
    DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/01/07 15:07:06 | 000,022,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2009/12/30 11:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\revoflt.sys -- (Revoflt)
    DRV:64bit: - [2009/06/15 11:36:42 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2009/06/02 00:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SaibVdAd64.sys -- (SaibVdAd64)
    DRV:64bit: - [2009/06/02 00:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\Sahdad64.sys -- (Sahdad64)
    DRV:64bit: - [2009/06/02 00:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\Saibad64.sys -- (Saibad64)
    DRV:64bit: - [2009/05/24 06:36:52 | 000,626,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
    DRV:64bit: - [2009/03/30 09:03:08 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
    DRV:64bit: - [2009/03/26 07:00:16 | 000,071,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
    DRV:64bit: - [2009/02/25 19:22:10 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
    DRV:64bit: - [2009/02/25 19:22:10 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
    DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2008/12/17 01:01:32 | 005,965,080 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) QuickCam Communicate Deluxe(UVC)
    DRV:64bit: - [2008/12/17 01:01:20 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
    DRV:64bit: - [2008/12/17 01:00:00 | 001,133,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2008/12/16 21:57:58 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2008/12/16 21:57:58 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2008/10/29 19:55:52 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2008/08/04 23:29:26 | 000,056,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2008/07/29 19:53:50 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys -- (psdvdisk)
    DRV:64bit: - [2008/07/29 19:53:50 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys -- (PSDNServ)
    DRV:64bit: - [2008/07/29 19:53:48 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\psdfilter.sys -- (PSDFilter)
    DRV:64bit: - [2008/07/21 17:34:42 | 000,147,984 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
    DRV:64bit: - [2008/06/04 16:59:44 | 000,020,520 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\PdiPorts.sys -- (PdiPorts)
    DRV:64bit: - [2008/05/20 19:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2008/02/25 18:29:24 | 000,013,144 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ITEIO.sys -- (ITEIO.SYS)
    DRV:64bit: - [2008/01/30 19:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2008/01/20 21:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2007/10/11 20:58:26 | 001,381,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvpopf64.sys -- (lvpopf64)
    DRV:64bit: - [2007/01/25 12:31:38 | 000,040,208 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
    DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\WBEM\ntfs.mof -- (Ntfs)
    DRV - [2010/04/18 07:57:57 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
    DRV - [2009/03/11 01:15:47 | 000,000,000 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWow64\drivers\null.sys -- (Null)
    DRV - [2009/02/25 19:22:12 | 000,009,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
    DRV - [2009/02/25 19:22:12 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
    DRV - [2009/02/11 09:19:34 | 000,015,504 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2008/08/19 16:23:00 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=1006&m=aspire_x1700
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=1006&m=aspire_x1700
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=1006&m=aspire_x1700
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=1006&m=aspire_x1700

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=1006&m=aspire_x1700
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "eBay "
    FF - prefs.js..browser.startup.homepage: "http://news.google.com/nwshp?hl=en&tab=wn "
    FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
    FF - prefs.js..extensions.enabledItems: kodak-companion@mozilla.com:1.9.1
    FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
    FF - prefs.js..extensions.enabledItems: googleoptions@bruceclay.com:1.0b8
    FF - prefs.js..extensions.enabledItems: {bf70ba50-e70d-11dd-ba2f-0800200c9a66}:1.0.9
    FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
     
    latemodelsedan,
    #16
  18. 2010/12/02
    latemodelsedan

    latemodelsedan Well-Known Member Thread Starter

    Joined:
    2010/12/01
    Messages:
    40
    Likes Received:
    0
    FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/04 20:27:41 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/11/24 09:55:00 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/04 13:10:38 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/10 20:07:33 | 000,000,000 | ---D | M]

    [2010/04/21 19:02:00 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Mozilla\Extensions
    [2010/04/21 19:02:00 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
    [2010/12/01 20:50:12 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions
    [2010/08/06 12:37:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/09/03 20:18:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2010/11/06 13:28:45 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
    [2010/08/06 12:37:28 | 000,000,000 | ---D | M] (Gradient iBlu) -- C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\{bf70ba50-e70d-11dd-ba2f-0800200c9a66}
    [2010/10/22 12:34:04 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
    [2010/11/06 13:28:47 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\anycolor.pavlos256@gmail.com
    [2010/08/06 12:37:31 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\googleoptions@bruceclay.com
    [2010/11/06 13:28:45 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Mozilla\Firefox\Profiles\70cr60u7.default\extensions\kodak-companion@mozilla.com
    [2010/04/22 07:58:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2004/07/02 13:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\np32asw.dll
    [2004/07/02 13:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll

    O1 HOSTS File: ([2010/05/06 14:54:19 | 000,000,876 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 216.55.133.9 handybackup.com www.handybackup.com www.softlogica.com softlogica.com
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
    O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
    O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
    O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe ()
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [AdobeBridge] C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
    O4 - HKCU..\Run: [JP595IR86O] C:\Users\Bret\AppData\Local\Temp\Idd.exe File not found
    O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
    O8:64bit: - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm ()
    O8:64bit: - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm ()
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
    O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm ()
    O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm ()
    O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1241289195610 (MUCatalogWebControl Class)
    O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
    O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
    O30 - LSA: Authentication Packages - (ows\w) - File not found
    O30:64bit: - LSA: Security Packages - (y Packages settings...) - File not found
    O30 - LSA: Security Packages - (y Packages settings...) - File not found
    O30 - LSA: Security Packages - (144ccf1df_6.0) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/08/04 16:13:04 | 000,000,000 | ---D | M] - H:\autorun -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
    Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - lameACM.acm File not found
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
    Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
    Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/02 19:14:56 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bret\Desktop\OTL.exe
    [2010/12/02 19:12:34 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\Bret\Desktop\remover.exe
    [2010/12/02 06:51:39 | 000,000,000 | ---D | C] -- C:\Users\Bret\Desktop\Windows BBS Tools
    [2010/12/02 06:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2010/12/02 03:48:08 | 000,000,000 | ---D | C] -- C:\Users\Bret\AppData\Local\VS Revo Group
    [2010/12/02 03:48:03 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
    [2010/12/02 03:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2010/12/02 00:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
    [2010/12/02 00:27:04 | 000,000,000 | ---D | C] -- C:\Users\Bret\AppData\Roaming\BitTorrent
    [2010/12/01 20:29:45 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
    [2010/12/01 17:31:59 | 000,000,000 | ---D | C] -- C:\_OTM
    [2010/12/01 16:46:54 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Bret\Desktop\spybotsd162.exe
    [2010/12/01 07:36:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2010/12/01 05:32:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Your Uninstaller 2010
    [2010/12/01 05:01:15 | 000,000,000 | ---D | C] -- C:\Users\Bret\AppData\Roaming\Athentech
    [2010/12/01 04:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Athentech
    [2010/12/01 04:57:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Athentech
    [2010/12/01 04:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mr Retro
    [2010/12/01 04:44:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MW Vol 4 Washes Folder
    [2010/11/25 19:46:13 | 000,000,000 | ---D | C] -- C:\Users\Bret\Desktop\Toronto 2007 - Day by Day - Originals
    [2010/11/24 00:00:23 | 000,000,000 | ---D | C] -- C:\Users\Bret\Desktop\Paris - 2008 - Day by Day
    [2010/11/21 07:49:22 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
    [2010/11/21 07:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
    [2010/11/21 07:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outlook Express
    [2010/11/20 19:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bret\AppData\Roaming\TeamViewer
    [2010/11/20 19:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
    [2010/11/14 16:58:58 | 000,000,000 | ---D | C] -- C:\Users\Bret\Documents\CardRecovery
    [2010/11/14 16:35:45 | 000,000,000 | ---D | C] -- C:\Users\Bret\Desktop\11-14-2010
    [2010/11/14 16:05:36 | 000,000,000 | ---D | C] -- C:\Users\Bret\Desktop\Recovered Files
    [2010/11/14 16:03:41 | 000,000,000 | ---D | C] -- C:\Users\Bret\Desktop\Card Recovery Portable
    [2010/11/10 19:16:12 | 000,000,000 | ---D | C] -- C:\Users\Bret\Desktop\Acrobat Pro 9
    [2010/11/06 13:22:28 | 000,000,000 | ---D | C] -- C:\Users\Bret\Desktop\Trillian Astra 5
    [2010/11/06 08:04:00 | 000,000,000 | -HSD | C] -- C:\found.001
    [2010/11/04 13:12:46 | 000,000,000 | ---D | C] -- C:\Users\Bret\AppData\Roaming\Apple Computer
    [2010/11/04 13:11:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
    [2010/11/04 13:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/11/04 13:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/11/04 13:11:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2010/11/04 13:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    [2010/11/04 13:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2010/11/04 13:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2010/11/04 13:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2010/11/04 13:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2010/11/04 13:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/11/04 13:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2010/11/04 13:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
    [2009/03/30 09:03:08 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Bret\AppData\Roaming\pcouffin.sys
    [2009/03/07 15:50:40 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/12/02 19:17:02 | 000,000,196 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    [2010/12/02 19:15:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bret\Desktop\OTL.exe
    [2010/12/02 19:11:58 | 000,039,605 | ---- | M] () -- C:\Users\Bret\Desktop\bootkit_remover.rar
    [2010/12/02 18:42:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/02 18:40:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3159231241-3455512728-83373285-1000UA.job
    [2010/12/02 18:30:02 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2010/12/02 18:27:02 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
    [2010/12/02 17:32:01 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/02 17:32:01 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/02 16:04:07 | 068,414,509 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
    [2010/12/02 13:42:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/02 10:40:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3159231241-3455512728-83373285-1000Core.job
    [2010/12/02 03:48:03 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
    [2010/12/02 01:38:46 | 000,819,852 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/12/02 01:38:46 | 000,681,212 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/12/02 01:38:46 | 000,139,318 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/12/02 01:32:46 | 000,062,712 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2010/12/02 01:32:45 | 000,062,712 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2010/12/02 01:32:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
    [2010/12/02 01:31:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/01 21:25:56 | 000,000,830 | ---- | M] () -- C:\Users\Bret\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/01 20:37:16 | 000,002,517 | ---- | M] () -- C:\Users\Bret\Desktop\HiJackThis.lnk
    [2010/12/01 17:24:58 | 000,000,557 | ---- | M] () -- C:\Windows\wininit.ini
    [2010/12/01 16:47:37 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Bret\Desktop\spybotsd162.exe
    [2010/12/01 16:38:02 | 000,000,680 | ---- | M] () -- C:\Users\Bret\AppData\Local\d3d9caps.dat
    [2010/12/01 05:46:50 | 000,176,640 | ---- | M] () -- C:\Windows\Igawaa.exe
    [2010/12/01 05:00:07 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2010/11/28 22:10:00 | 004,216,000 | ---- | M] () -- C:\Users\Bret\AppData\Local\rx_audio.Cache
    [2010/11/27 16:39:00 | 081,531,056 | ---- | M] () -- C:\Users\Bret\AppData\Local\rx_image32.Cache
    [2010/11/22 20:44:23 | 000,194,048 | ---- | M] () -- C:\Users\Bret\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/21 14:35:06 | 000,814,822 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/11/20 19:58:12 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
    [2010/11/20 19:56:40 | 003,099,848 | ---- | M] () -- C:\Users\Bret\Desktop\TeamViewer_Setup.exe
    [2010/11/16 21:21:23 | 005,380,285 | ---- | M] () -- C:\Users\Bret\Desktop\toronto_2009_edits_0008.jpg
    [2010/11/10 20:14:28 | 005,037,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/11/10 20:10:24 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
    [2010/11/08 15:07:02 | 000,029,696 | ---- | M] () -- C:\Users\Bret\Desktop\barry_scott.doc
    [2010/11/06 17:31:16 | 000,000,894 | ---- | M] () -- C:\Users\Bret\Application Data\Microsoft\Internet Explorer\Quick Launch\Trillian.lnk
    [2010/11/04 15:42:06 | 000,000,010 | ---- | M] () -- C:\Users\Bret\AppData\Roaming\install
    [2010/11/04 15:40:30 | 000,000,179 | ---- | M] () -- C:\Users\Bret\AppData\Roaming\dkfjasdfshd.bat
    [2010/11/03 17:30:17 | 000,127,816 | ---- | M] () -- C:\Users\Bret\Desktop\pat_revised.dmsa

    ========== Files Created - No Company Name ==========

    [2010/12/02 19:11:53 | 000,039,605 | ---- | C] () -- C:\Users\Bret\Desktop\bootkit_remover.rar
    [2010/12/02 03:48:03 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
    [2010/12/01 21:25:56 | 000,000,830 | ---- | C] () -- C:\Users\Bret\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/01 07:36:40 | 000,002,517 | ---- | C] () -- C:\Users\Bret\Desktop\HiJackThis.lnk
    [2010/12/01 05:46:57 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
    [2010/12/01 05:46:54 | 000,176,640 | ---- | C] () -- C:\Windows\Igawaa.exe
    [2010/12/01 05:46:53 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2010/12/01 05:46:51 | 000,000,196 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    [2010/12/01 05:00:07 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/12/01 04:57:22 | 000,406,150 | ---- | C] () -- C:\Users\Bret\AppData\Local\dd_vcredistMSI4CBA.txt
    [2010/12/01 04:57:22 | 000,013,360 | ---- | C] () -- C:\Users\Bret\AppData\Local\dd_vcredistUI4CBA.txt
    [2010/12/01 04:57:09 | 000,373,178 | ---- | C] () -- C:\Users\Bret\AppData\Local\dd_vcredistMSI4C90.txt
    [2010/12/01 04:57:09 | 000,013,586 | ---- | C] () -- C:\Users\Bret\AppData\Local\dd_vcredistUI4C90.txt
    [2010/11/20 19:58:12 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
    [2010/11/20 19:56:30 | 003,099,848 | ---- | C] () -- C:\Users\Bret\Desktop\TeamViewer_Setup.exe
    [2010/11/16 21:06:38 | 005,380,285 | ---- | C] () -- C:\Users\Bret\Desktop\toronto_2009_edits_0008.jpg
    [2010/11/10 20:07:33 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
    [2010/11/06 17:31:16 | 000,000,894 | ---- | C] () -- C:\Users\Bret\Application Data\Microsoft\Internet Explorer\Quick Launch\Trillian.lnk
    [2010/11/04 15:42:06 | 000,000,010 | ---- | C] () -- C:\Users\Bret\AppData\Roaming\install
    [2010/11/04 15:40:30 | 000,000,179 | ---- | C] () -- C:\Users\Bret\AppData\Roaming\dkfjasdfshd.bat
    [2010/11/03 17:30:17 | 000,127,816 | ---- | C] () -- C:\Users\Bret\Desktop\pat_revised.dmsa
    [2010/10/16 19:52:27 | 000,000,132 | ---- | C] () -- C:\Users\Bret\AppData\Roaming\Adobe GIF Format CS5 Prefs
    [2010/10/16 08:46:37 | 000,001,456 | ---- | C] () -- C:\Users\Bret\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2010/09/29 16:43:19 | 000,000,852 | ---- | C] () -- C:\Windows\Mp3CutterJoiner.ini
    [2010/09/29 16:39:17 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
    [2010/09/28 19:57:23 | 000,004,448 | ---- | C] () -- C:\Windows\gsview32.ini
    [2010/09/11 19:35:11 | 000,008,712 | ---- | C] () -- C:\Users\Bret\AppData\Local\rx_image.Cache
    [2010/09/07 06:23:40 | 000,003,383 | ---- | C] () -- C:\Users\Bret\AppData\Roaming\Rim.Desktop.Exception.log
    [2010/09/07 06:10:12 | 000,001,614 | ---- | C] () -- C:\Users\Bret\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    [2010/06/15 13:14:28 | 000,000,132 | ---- | C] () -- C:\Users\Bret\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2010/05/13 03:53:31 | 000,622,940 | ---- | C] () -- C:\Users\Bret\AppData\Local\dd_vcredistMSI742B.txt
    [2010/05/13 03:52:26 | 000,018,242 | ---- | C] () -- C:\Users\Bret\AppData\Local\dd_vcredistUI742B.txt
    [2010/05/09 07:40:41 | 000,000,004 | ---- | C] () -- C:\Windows\info147.sys
    [2010/05/07 14:50:30 | 000,368,432 | ---- | C] () -- C:\Users\Bret\AppData\Local\dd_vcredistMSI16E4.txt
    [2010/05/07 14:50:19 | 000,015,962 | ---- | C] () -- C:\Users\Bret\AppData\Local\dd_vcredistUI16E4.txt
    [2010/04/18 20:16:00 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
    [2010/04/18 08:00:27 | 000,001,101 | ---- | C] () -- C:\ProgramData\afl.log
    [2010/03/18 11:52:05 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
    [2010/03/07 18:20:12 | 000,062,712 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2010/03/07 11:02:52 | 000,062,712 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2010/02/27 20:28:56 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2010/02/27 20:28:55 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2010/02/27 20:28:55 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2010/02/27 20:28:55 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2010/02/27 20:28:53 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2010/01/22 22:17:56 | 000,000,680 | ---- | C] () -- C:\Users\Bret\AppData\Local\d3d9caps.dat
    [2010/01/21 11:06:45 | 000,004,392 | ---- | C] () -- C:\Users\Bret\AppData\Roaming\install.log
    [2010/01/21 08:38:51 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2010/01/21 08:37:57 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/11/12 23:10:07 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
    [2009/11/12 23:09:38 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
    [2009/11/08 19:57:42 | 000,000,000 | ---- | C] () -- C:\ProgramData\Quartz Composer
    [2009/11/07 20:39:09 | 000,000,000 | ---- | C] () -- C:\Users\Bret\AppData\Roaming\manual
    [2009/10/01 11:58:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/09/01 15:03:38 | 000,222,724 | ---- | C] () -- C:\Users\Bret\AppData\Local\dd_ATL90SP1_KB973924MSI7017.txt
    [2009/09/01 15:03:37 | 000,013,882 | ---- | C] () -- C:\Users\Bret\AppData\Local\dd_ATL90SP1_KB973924UI7017.txt
    [2009/09/01 15:02:57 | 000,522,112 | ---- | C] () -- C:\Users\Bret\AppData\Local\dd_ATL80SP1_KB973923MSI6F8E.txt
    [2009/09/01 15:02:55 | 000,013,876 | ---- | C] () -- C:\Users\Bret\AppData\Local\dd_ATL80SP1_KB973923UI6F8E.txt
    [2009/08/22 06:39:52 | 000,037,844 | ---- | C] () -- C:\Users\Bret\AppData\Roaming\Comma Separated Values (DOS).ADR
    [2009/08/20 21:02:11 | 000,000,011 | ---- | C] () -- C:\Windows\EuBcd.ini
    [2009/07/23 18:40:47 | 000,350,956 | ---- | C] () -- C:\Users\Bret\AppData\Local\dd_vcredistMSI60FC.txt
    [2009/07/23 18:40:47 | 000,013,634 | ---- | C] () -- C:\Users\Bret\AppData\Local\dd_vcredistUI60FC.txt
    [2009/07/10 14:35:07 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
    [2009/06/18 15:16:03 | 000,000,120 | ---- | C] () -- C:\Users\Bret\AppData\Roaming\FixVTS.ini
    [2009/05/19 14:55:27 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2009/05/08 16:24:19 | 000,000,671 | ---- | C] () -- C:\Users\Bret\AppData\Roaming\vso_ts_preview.xml
    [2009/04/12 08:43:13 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
    [2009/04/01 12:50:32 | 000,014,958 | ---- | C] () -- C:\Users\Bret\AppData\Local\dd_vcredistUI57E3.txt
    [2009/03/31 06:21:46 | 000,000,069 | ---- | C] () -- C:\Users\Bret\AppData\Roaming\Printer.ini
    [2009/03/30 15:39:32 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
    [2009/03/30 15:39:32 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
    [2009/03/30 15:39:32 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
    [2009/03/30 09:15:18 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
    [2009/03/30 09:04:02 | 000,000,034 | ---- | C] () -- C:\Users\Bret\AppData\Roaming\pcouffin.log
    [2009/03/30 09:03:08 | 000,099,384 | ---- | C] () -- C:\Users\Bret\AppData\Roaming\inst.exe
    [2009/03/30 09:03:08 | 000,007,859 | ---- | C] () -- C:\Users\Bret\AppData\Roaming\pcouffin.cat
    [2009/03/30 09:03:08 | 000,001,167 | ---- | C] () -- C:\Users\Bret\AppData\Roaming\pcouffin.inf
    [2009/03/24 20:15:38 | 000,561,542 | ---- | C] () -- C:\Users\Bret\AppData\Local\dd_vcredistMSI3B76.txt
    [2009/03/24 20:15:36 | 000,016,524 | ---- | C] () -- C:\Users\Bret\AppData\Local\dd_vcredistUI3B76.txt
    [2009/03/21 20:46:03 | 000,000,769 | ---- | C] () -- C:\Windows\ARPR.INI
    [2009/03/21 14:36:18 | 000,000,732 | ---- | C] () -- C:\Users\Bret\AppData\Local\d3d9caps64.dat
    [2009/03/19 11:37:48 | 000,025,204 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2009/03/18 19:37:35 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
    [2009/03/13 21:05:40 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
    [2009/03/13 21:05:40 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
    [2009/03/11 17:07:25 | 004,244,744 | ---- | C] () -- C:\Windows\SysWow64\qtp-mt334.dll
    [2009/03/11 17:07:25 | 000,247,560 | ---- | C] () -- C:\Windows\SysWow64\prgiso.dll
    [2009/03/11 17:07:25 | 000,013,576 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll
    [2009/03/11 01:15:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\null.sys
    [2009/03/08 12:03:41 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
    [2009/03/08 09:19:25 | 000,814,822 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009/03/05 00:09:53 | 000,194,048 | ---- | C] () -- C:\Users\Bret\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/02/28 04:40:23 | 004,216,000 | ---- | C] () -- C:\Users\Bret\AppData\Local\rx_audio.Cache
    [2009/02/28 04:39:03 | 081,531,056 | ---- | C] () -- C:\Users\Bret\AppData\Local\rx_image32.Cache
    [2009/02/26 06:13:43 | 000,000,557 | ---- | C] () -- C:\Windows\wininit.ini
    [2008/09/12 11:57:16 | 002,121,728 | ---- | C] () -- C:\Windows\SysWow64\tliadjust24.dll
    [2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2007/10/03 15:12:53 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\SDL.dll
    [2007/07/10 01:13:06 | 002,334,720 | ---- | C] () -- C:\Program Files (x86)\MachineWashVol4.8bf
    [2007/01/25 12:31:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
    [2006/10/10 07:51:06 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
    [2006/10/10 07:51:06 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
    [2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\Windows\SysWow64\unicows.dll
    [2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
    [2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
    [2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
    [2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll

    ========== LOP Check ==========

    [2010/03/03 03:27:32 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\.purple
    [2009/02/26 20:02:58 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\1&1
    [2009/03/04 07:06:25 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\acccore
    [2009/03/01 16:16:52 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\ACD Systems
    [2009/02/24 23:57:02 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Acer
    [2009/03/13 21:10:32 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Acer GameZone Console
    [2010/07/19 09:48:05 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Actual Tools
    [2009/10/27 07:23:35 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Alien Skin
    [2009/03/21 16:35:30 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Anthropics
    [2010/12/01 05:01:15 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Athentech
    [2009/09/01 19:02:12 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\bibble
    [2009/03/08 09:20:31 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\BitDefender
    [2010/12/02 00:46:35 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\BitTorrent
    [2010/08/22 20:30:32 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Blackberry Desktop
    [2009/04/15 06:00:44 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Camera Bits, Inc
    [2010/08/04 18:34:52 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Canon
    [2009/06/29 06:31:00 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/08/12 17:12:15 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\com.Shutterfly.ExpressUploader
    [2010/01/26 11:50:14 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Cut It Out
    [2009/03/30 09:19:02 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\DisplayTune
    [2010/12/02 04:02:58 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\DNA
    [2009/09/27 10:48:05 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\DNG4PS-2
    [2009/12/05 19:03:33 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\DVDFab
    [2009/07/23 18:45:15 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\DxO Labs
    [2009/07/23 18:45:42 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\DxO_Labs
    [2010/03/17 08:00:22 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Easy Duplicate Finder
    [2009/03/08 12:35:23 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\eSobi
    [2010/06/14 14:59:35 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Facebook
    [2010/06/22 19:52:45 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Faces
    [2010/11/18 22:32:09 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\FileZilla
    [2010/04/21 19:01:58 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Flickr
    [2010/11/24 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\foobar2000
    [2009/03/24 17:36:18 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\gtk-2.0
    [2009/05/22 16:17:46 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\HDRsoft
    [2009/07/06 18:12:35 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Imagenomic
    [2009/08/21 20:59:07 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\ImTOO Software Studio
    [2009/03/09 06:44:18 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Kaspersky_Key_Finder_(KKF
    [2009/02/24 23:57:01 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Leadertech
    [2009/06/27 15:38:50 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Lucis
    [2009/11/12 23:13:06 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\MAGIX
    [2009/10/06 17:14:43 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Mask Pro 4.0
    [2009/04/11 23:18:35 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Morpheus Software
    [2009/11/15 17:23:05 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Netscape
    [2009/06/22 11:14:32 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Nik Software
    [2009/11/07 20:39:42 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Nikon
    [2009/03/21 14:11:15 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Novosoft
    [2010/05/15 13:25:12 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\onOne Software
    [2009/09/16 20:37:58 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\ooVoo Details
    [2009/07/23 18:42:56 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\PACE Anti-Piracy
    [2009/11/15 17:20:07 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Photodex
    [2010/06/06 08:10:40 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\PTGui
    [2010/09/07 06:23:49 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Research In Motion
    [2010/09/15 06:50:05 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\RipIt4Me
    [2010/09/12 07:32:59 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Simple Star
    [2009/10/09 08:13:22 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Spearit
    [2010/05/04 16:21:04 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2010/11/20 19:59:02 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\TeamViewer
    [2009/04/19 19:41:08 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\theimagingfactory
    [2010/08/11 14:15:34 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Thinstall
    [2009/10/01 10:59:34 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Trillian
    [2010/04/25 02:59:25 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\URSoft
    [2010/09/29 17:21:18 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\Vso
    [2009/04/15 18:35:12 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\WeatherWatcher
    [2009/04/15 19:13:25 | 000,000,000 | ---D | M] -- C:\Users\Bret\AppData\Roaming\WeatherWatcherLive
    [2010/12/02 01:24:59 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/12/02 18:30:02 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2010/12/02 19:17:02 | 000,000,196 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    [2010/12/02 18:27:02 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/03/11 01:15:15 | 000,000,002 | ---- | M] () -- C:\-391922098
    [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2009/03/07 14:52:53 | 000,065,394 | ---- | M] () -- C:\caisslog.txt
    [2010/03/25 15:01:38 | 000,000,090 | ---- | M] () -- C:\CLMS.log
    [2010/03/25 15:02:39 | 000,000,090 | ---- | M] () -- C:\Creator.log
    [2009/03/04 07:06:11 | 000,000,365 | -H-- | M] () -- C:\IPH.PH
    [2010/03/25 15:00:34 | 000,000,090 | ---- | M] () -- C:\MDisc.log
    [2010/03/25 15:00:57 | 000,000,090 | ---- | M] () -- C:\MDR.log
    [2010/12/02 01:31:39 | 312,811,519 | -HS- | M] () -- C:\pagefile.sys
    [2008/06/04 16:59:40 | 000,007,163 | ---- | M] () -- C:\pdiports.cat
    [2008/06/04 16:59:20 | 000,002,853 | ---- | M] () -- C:\pdiports64.inf
    [2009/03/30 09:14:47 | 000,000,173 | ---- | M] () -- C:\pdisdk.log
    [2009/11/15 17:23:15 | 000,001,575 | ---- | M] () -- C:\photodex-presenter-install.log
    [2009/03/30 09:15:19 | 000,000,184 | ---- | M] () -- C:\pivot.log
    [2010/03/25 15:02:00 | 000,000,090 | ---- | M] () -- C:\PnR.log
    [2010/01/08 19:29:45 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG1
    [2010/01/08 19:29:45 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG2
    [2010/03/25 15:02:23 | 000,000,090 | ---- | M] () -- C:\PSD.log
    [2009/03/07 15:50:41 | 000,000,787 | ---- | M] () -- C:\RHDSetup.log
    [2010/03/25 15:01:16 | 000,000,090 | ---- | M] () -- C:\SDMA.log
    [2010/04/07 15:17:27 | 000,001,007 | ---- | M] () -- C:\updatedatfix.log

    < %systemroot%\Fonts\*.com >
    [2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010/01/21 08:50:50 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2006/10/19 12:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Normal).scr
    [2006/10/19 12:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Wide).scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
    [2007/07/11 16:15:54 | 002,334,720 | ---- | M] () -- C:\Program Files (x86)\MachineWashVol4.8bf

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/01/21 09:16:48 | 000,000,574 | -HS- | M] () -- C:\Users\Bret\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/02 19:15:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bret\Desktop\OTL.exe
    [2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Users\Bret\Desktop\remover.exe
    [2010/12/01 16:47:37 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Bret\Desktop\spybotsd162.exe
    [2010/11/20 19:56:40 | 003,099,848 | ---- | M] () -- C:\Users\Bret\Desktop\TeamViewer_Setup.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/03/09 15:21:32 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2006/10/10 07:42:02 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2006/10/10 07:42:02 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2010/03/09 15:21:32 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/09/11 19:13:58 | 000,000,402 | -HS- | M] () -- C:\Users\Bret\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2009/06/26 12:43:36 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
    [2010/04/18 08:01:45 | 000,001,101 | ---- | M] () -- C:\ProgramData\afl.log
    [2010/10/04 17:47:23 | 000,025,204 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2010/12/01 05:00:07 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2010/12/02 01:32:45 | 000,062,712 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2009/11/08 19:57:42 | 000,000,000 | ---- | M] () -- C:\ProgramData\Quartz Composer

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:B3D74A13
    @Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:1CE11B51
    @Alternate Data Stream - 1311 bytes -> C:\ProgramData\Microsoft:XgxUb1WmAuASgliFP4aOUklO
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8CE646EE
    @Alternate Data Stream - 1223 bytes -> C:\ProgramData\Microsoft:msNgBMaJyuhdEaJeRM7EbH9W
    @Alternate Data Stream - 1115 bytes -> C:\ProgramData\Microsoft:kaJ89k6jlxmxi0VmcudWW
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:1493A0EF

    < End of report >
     
    latemodelsedan,
    #17
  19. 2010/12/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    MBR looks good :)

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =============================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
PRC - [2010/09/12 13:55:58 | 000,707,354 | ---- | M] () -- C:\Program Files (x86)\TSR Soft\Watermark Image\unins000.exe
PRC - [2010/09/12 13:55:58 | 000,707,354 | ---- | M] () -- C:\Users\Bret\AppData\Local\Temp\_iu14D2N.tmp
SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\srvany.exe -- (KMService)
SRV - [2010/08/08 16:47:00 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O1 - Hosts: 216.55.133.9 handybackup.com www.handybackup.com www.softlogica.com softlogica.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [JP595IR86O] C:\Users\Bret\AppData\Local\Temp\Idd.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2010/11/04 15:40:30 | 000,000,179 | ---- | M] () -- C:\Users\Bret\AppData\Roaming\dkfjasdfshd.bat
[2010/12/01 05:46:54 | 000,176,640 | ---- | C] () -- C:\Windows\Igawaa.exe
[2010/05/09 07:40:41 | 000,000,004 | ---- | C] () -- C:\Windows\info147.sys
[2010/03/18 11:52:05 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2009/11/12 23:09:38 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:B3D74A13
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 1311 bytes -> C:\ProgramData\Microsoft:XgxUb1WmAuASgliFP4aOUklO
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 1223 bytes -> C:\ProgramData\Microsoft:msNgBMaJyuhdEaJeRM7EbH9W
@Alternate Data Stream - 1115 bytes -> C:\ProgramData\Microsoft:kaJ89k6jlxmxi0VmcudWW
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:1493A0EF

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #18
  20. 2010/12/03
    latemodelsedan

    latemodelsedan Well-Known Member Thread Starter

    Joined:
    2010/12/01
    Messages:
    40
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    No active process named unins000.exe was found!
    No active process named _iu14D2N.tmp was found!
    Service KMService stopped successfully!
    Service KMService deleted successfully!
    File C:\Windows\SysNative\srvany.exe not found.
    Error: No service named KMService was found to stop!
    Service\Driver key KMService not found.
    C:\Windows\SysWOW64\srvany.exe moved successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    216.55.133.9 handybackup.com www.handybackup.com www.softlogica.com softlogica.com removed from HOSTS file successfully
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\JP595IR86O deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Users\Bret\AppData\Roaming\dkfjasdfshd.bat moved successfully.
    File C:\Windows\Igawaa.exe not found.
    C:\Windows\info147.sys moved successfully.
    C:\Windows\(null)toolkit.ini moved successfully.
    C:\Windows\mgxoschk.ini moved successfully.
    ADS C:\ProgramData\TEMP:B3D74A13 deleted successfully.
    ADS C:\ProgramData\TEMP:1CE11B51 deleted successfully.
    ADS C:\ProgramData\Microsoft:XgxUb1WmAuASgliFP4aOUklO deleted successfully.
    ADS C:\ProgramData\TEMP:8CE646EE deleted successfully.
    ADS C:\ProgramData\Microsoft:msNgBMaJyuhdEaJeRM7EbH9W deleted successfully.
    ADS C:\ProgramData\Microsoft:kaJ89k6jlxmxi0VmcudWW deleted successfully.
    ADS C:\ProgramData\TEMP:1493A0EF deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Bret
    ->Temp folder emptied: 11904000 bytes
    ->Temporary Internet Files folder emptied: 50129883 bytes
    ->Java cache emptied: 1957 bytes
    ->FireFox cache emptied: 48806883 bytes
    ->Flash cache emptied: 5090 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 311827 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 180002 bytes

    Total Files Cleaned = 106.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Bret
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 12032010_162727

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
    latemodelsedan,
    #19
  21. 2010/12/03
    latemodelsedan

    latemodelsedan Well-Known Member Thread Starter

    Joined:
    2010/12/01
    Messages:
    40
    Likes Received:
    0
    Results of screen317's Security Check version 0.99.5
    Windows Vista (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    AVG 9.0
    Antivirus out of date! (On Access scanning disabled!)
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader 9.3.3
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Malwarebytes' Anti-Malware mbamservice.exe
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgemc.exe
    ````````````````````````````````
    DNS Vulnerability Check:
    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
    latemodelsedan,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...