Solved Annoying google redirect virus

credendum · Nov 30, 2010

Hey guys. I seem to have the same problem as a lot of people these days. Got a hold of a google redirect virus that is driving me nuts. I managed to get my old laptop running but that was after I took some steps on my own (probably hurting things.

)

As of right now here is what is going on.

My new laptop redirects whenever I use google with firefox. I did not try IE or Chrome or any other search engines for that matter. As soon as I noted the redirect I disconnected the wireless and restored the laptop to factory settings (I've only had it for a couple of weeks). I didn't know if that would help but I went for it. It restored from the hidden image as the laptop did not come with any restore discs.

Along with the redirect came a great slow down and when the restore completed it was still acting a little laggy. The searches worked fine for a little bit but then the same problem jumped up. I've been reading up on steps to clean my system but I didn't think relying on threads for other people would be good for me to do. I've run the latest malware bytes, but it doesnt notice anything. I've also reset my router to factory settings without any effect.

Edit- I looked back over and saw the 8-steps sticky. Went ahead and followed those steps.

Avira Scan----------------
Avira AntiVir Personal
Report file date: Tuesday, November 30, 2010 00:47

Scanning for 3104283 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MIKE-PC

Version information:
BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/2/2010 22:09:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 19:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 8/2/2010 22:10:00
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 02:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 00:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 23:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 18:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 22:10:03
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 22:10:04
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 22:10:06
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 06:42:51
VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 06:42:56
VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 06:42:57
VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 06:42:57
VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 06:42:57
VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 06:42:58
VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 06:42:59
VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 06:43:00
VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 06:43:02
VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 06:43:02
VBASE018.VDF : 7.10.14.15 142848 Bytes 11/17/2010 06:43:03
VBASE019.VDF : 7.10.14.41 134144 Bytes 11/19/2010 06:43:04
VBASE020.VDF : 7.10.14.63 128000 Bytes 11/22/2010 06:43:05
VBASE021.VDF : 7.10.14.87 143872 Bytes 11/24/2010 06:43:06
VBASE022.VDF : 7.10.14.116 140800 Bytes 11/26/2010 06:43:07
VBASE023.VDF : 7.10.14.117 2048 Bytes 11/26/2010 06:43:07
VBASE024.VDF : 7.10.14.118 2048 Bytes 11/26/2010 06:43:07
VBASE025.VDF : 7.10.14.119 2048 Bytes 11/26/2010 06:43:08
VBASE026.VDF : 7.10.14.120 2048 Bytes 11/26/2010 06:43:08
VBASE027.VDF : 7.10.14.121 2048 Bytes 11/26/2010 06:43:08
VBASE028.VDF : 7.10.14.122 2048 Bytes 11/26/2010 06:43:08
VBASE029.VDF : 7.10.14.123 2048 Bytes 11/26/2010 06:43:08
VBASE030.VDF : 7.10.14.124 2048 Bytes 11/26/2010 06:43:08
VBASE031.VDF : 7.10.14.136 103936 Bytes 11/29/2010 06:43:09
Engineversion : 8.2.4.114
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/2/2010 22:09:54
AESCRIPT.DLL : 8.1.3.47 1294716 Bytes 11/30/2010 06:43:28
AESCN.DLL : 8.1.7.2 127349 Bytes 11/30/2010 06:43:26
AESBX.DLL : 8.1.3.2 254324 Bytes 11/30/2010 06:43:29
AERDL.DLL : 8.1.9.2 635252 Bytes 11/30/2010 06:43:25
AEPACK.DLL : 8.2.3.11 471416 Bytes 11/30/2010 06:43:24
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 11/30/2010 06:43:22
AEHEUR.DLL : 8.1.2.46 3088759 Bytes 11/30/2010 06:43:22
AEHELP.DLL : 8.1.15.0 246135 Bytes 11/30/2010 06:43:17
AEGEN.DLL : 8.1.4.2 401781 Bytes 11/30/2010 06:43:16
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/30/2010 06:43:14
AECORE.DLL : 8.1.18.1 196984 Bytes 11/30/2010 06:43:13
AEBB.DLL : 8.1.1.0 53618 Bytes 8/2/2010 22:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 22:09:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 22:09:55
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 21:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 22:09:55
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/2/2010 22:09:56
AVARKT.DLL : 10.0.0.14 227176 Bytes 8/2/2010 22:09:54
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 22:09:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 21:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 22:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 21:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 22:10:08

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, November 30, 2010 00:47

Starting search for hidden objects.
c:\program files\acer\acer updater\sd.exe
c:\Program Files\Acer\Acer Updater\SD.exe
[NOTE] The process is not visible.
c:\program files\acer\acer updater\sd.exe
c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe
c:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
[NOTE] The process is not visible.
c:\program files\acer\acer epower management\setapm.exe
c:\Program Files\Acer\Acer ePower Management\SetAPM.exe
[NOTE] The process is not visible.

The scan of running processes will be started
Scan process 'avscan.exe' - '94' Module(s) have been scanned
Scan process 'avscan.exe' - '38' Module(s) have been scanned
Scan process 'avcenter.exe' - '78' Module(s) have been scanned
Scan process 'avgnt.exe' - '64' Module(s) have been scanned
Scan process 'sched.exe' - '54' Module(s) have been scanned
Scan process 'avguard.exe' - '73' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '34' Module(s) have been scanned
Scan process 'firefox.exe' - '120' Module(s) have been scanned
Scan process 'firefox.exe' - '59' Module(s) have been scanned
Scan process 'UNS.exe' - '58' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '52' Module(s) have been scanned
Scan process 'LMworker.exe' - '32' Module(s) have been scanned
Scan process 'ArcadeMovieService.exe' - '50' Module(s) have been scanned
Scan process 'LManager.exe' - '77' Module(s) have been scanned
Scan process 'BackupManagerTray.exe' - '41' Module(s) have been scanned
Scan process 'UpdaterService.exe' - '32' Module(s) have been scanned
Scan process 'RichVideo.exe' - '31' Module(s) have been scanned
Scan process 'SchedulerSvc.exe' - '44' Module(s) have been scanned
Scan process 'IScheduleSvc.exe' - '62' Module(s) have been scanned
Scan process 'rundll32.exe' - '38' Module(s) have been scanned
Scan process 'LMS.exe' - '35' Module(s) have been scanned
Scan process 'GREGsvc.exe' - '27' Module(s) have been scanned
Scan process 'dsiwmis.exe' - '47' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[DETECTION] Contains code of the BOO/Alureon.A boot sector virus
[NOTE] The boot sector was not written!

Start scanning boot sectors:
Boot sector 'C:\'
[DETECTION] Contains code of the BOO/Alureon.A boot sector virus
[NOTE] The boot sector was not written!

Starting to scan executable files (registry).

The registry was scanned ( '89' files ).

Starting the file scan:

Begin scan in 'C:\' <Acer>

End of the scan: Tuesday, November 30, 2010 01:15
Used time: 28:13 Minute(s)

The scan has been done completely.

20531 Scanned directories
426040 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
426040 Files not concerned
2564 Archives were scanned
0 Warnings
2 Notes
439140 Objects were scanned with rootkit scan
4 Hidden objects were found

MBAM-------------------------------------------------------
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/30/2010 1:23:09 AM
mbam-log-2010-11-30 (01-23-09).txt

Scan type: Quick scan
Objects scanned: 146390
Time elapsed: 1 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Gmer----------------------------------------
Let it quick scan and saved but there was nothing in the file. I can do a full scan later if requested maybe?

DDS-----------------------------------------

DDS (Ver_10-11-27.01) - NTFS_AMD64
Run by Mike at 1:27:08.42 on Tue 11/30/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.2590 [GMT -6:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mike\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
mRun-x64: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
mRun-x64: [ODDPwr] "C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe"
mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\tl1vn61l.default\
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-30 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-11-30 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-11-30 81584]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-8-3 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-11-29 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-3 13336]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-4-16 144640]
R2 ODDPwrSvc;Acer ODD Power Service;C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-8-3 171040]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-29 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-3 243232]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-3 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-3 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-3 271872]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-8-3 76400]
S2 0297431291090157mcinstcleanup;McAfee Application Installer Cleanup (0297431291090157);C:\Users\Mike\AppData\Local\Temp\029743~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Users\Mike\AppData\Local\Temp\029743~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-6-9 40448]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-4-16 50432]

=============== Created Last 30 ================

2010-11-30 07:05:15 709456 ----a-w- C:\Windows\isRS-000.tmp
2010-11-30 06:46:51 -------- d-----w- C:\Users\Mike\AppData\Roaming\Avira
2010-11-30 06:41:51 81584 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-11-30 06:41:51 -------- d-----w- C:\Program Files (x86)\Avira
2010-11-30 06:41:51 -------- d-----w- C:\PROGRA~3\Avira
2010-11-30 04:49:43 -------- d-----w- C:\Users\Mike\AppData\Local\AOL
2010-11-30 04:49:43 -------- d-----w- C:\Users\Mike\AppData\Local\AIM
2010-11-30 04:45:37 -------- d-----w- C:\PROGRA~3\AIM
2010-11-30 04:45:32 -------- d-----w- C:\Program Files (x86)\AIM
2010-11-30 04:45:27 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
2010-11-30 04:45:23 -------- d-----w- C:\Program Files (x86)\Common Files\AOL
2010-11-30 04:26:20 -------- d-----w- C:\Users\Mike\AppData\Local\Microsoft Games
2010-11-30 04:24:37 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{6DC46CEA-6696-4E71-A717-A2F7BB764522}\mpengine.dll
2010-11-30 04:24:36 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-11-30 04:20:57 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes
2010-11-30 04:20:42 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-30 04:20:41 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-30 04:20:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-30 04:20:41 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-30 04:10:11 -------- d-----w- C:\Program Files (x86)\Launch Manager
2010-11-30 04:08:34 -------- d---a-w- C:\book
2010-11-30 04:04:46 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2010-11-30 04:01:34 -------- d-----w- C:\Program Files\Common Files\Intel
2010-11-30 04:01:33 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2010-11-30 03:56:08 -------- d-----w- C:\Windows\NAPP_Dism_Log
2010-11-30 02:55:37 -------- d-----w- C:\PROGRA~3\boost_interprocess
2010-11-30 02:45:22 82432 ----a-w- C:\Windows\SysWow64\msxml4r.dll
2010-11-30 02:45:22 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
2010-11-30 02:45:22 1233920 ----a-w- C:\Windows\SysWow64\msxml4.dll
2010-11-30 02:44:59 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-11-30 02:44:59 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-11-30 02:44:59 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-11-30 02:44:59 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2010-11-30 02:44:59 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-11-30 02:43:31 -------- d-----w- C:\Users\Mike\AppData\Local\Cyberlink
2010-11-30 02:42:29 -------- d-----w- C:\Program Files (x86)\Acer Arcade Deluxe
2010-11-30 02:40:53 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2010-11-30 02:40:53 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2010-11-30 02:40:41 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-11-30 02:40:02 -------- d-----w- C:\Program Files (x86)\Microsoft
2010-11-30 02:39:36 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2010-11-30 02:39:10 -------- d-----w- C:\Windows\PCHEALTH
2010-11-30 02:38:58 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bd851d6a1cb9037\DSETUP.dll
2010-11-30 02:38:58 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bd851d6a1cb9037\DXSETUP.exe
2010-11-30 02:38:58 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bd851d6a1cb9037\dsetup32.dll
2010-11-30 02:38:22 141402440 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc7215.tmp
2010-11-30 02:38:17 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2010-11-30 02:31:39 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2010-11-30 02:30:47 -------- d-----w- C:\Users\Mike\AppData\Roaming\Liteon
2010-11-30 02:30:47 -------- d-----w- C:\Program Files (x86)\Acer Crystal Eye webcam
2010-11-30 02:29:47 -------- d-----w- C:\Users\Mike\AppData\Roaming\Intel Corporation
2010-11-30 02:29:47 -------- d-----w- C:\Program Files\Synaptics
2010-11-30 02:25:01 -------- d-----w- C:\Users\Mike\AppData\Local\EgisTec IPS
2010-11-30 02:23:18 -------- d-----w- C:\Users\Mike\AppData\Local\VirtualStore
2010-11-30 02:21:49 -------- d-sh--w- C:\Recovery

==================== Find3M ====================

============= FINISH: 1:28:00.98 ===============

DDS Attach-----------------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/29/2010 8:22:02 PM
System Uptime: 11/30/2010 1:17:39 AM (0 hours ago)

Motherboard: Acer | | ZR7
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU | 2399/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 583 GiB total, 554.524 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 11/29/2010 8:34:54 PM - Installed Acer ePower Management
RP2: 11/29/2010 8:36:53 PM - Installed Microsoft Office 2010
RP3: 11/29/2010 8:40:44 PM - Installed DirectX
RP4: 11/29/2010 8:42:15 PM - Installed Suite
RP5: 11/29/2010 10:24:15 PM - Windows Update
RP6: 11/29/2010 10:29:23 PM - Removed MyWinLocker Suite
RP7: 11/29/2010 10:44:27 PM - Removed Norton Online Backup

==== Installed Programs ======================

18 Wheels of Steel - American Long Haul
Acer Arcade Deluxe
Acer Arcade Movie
Acer Backup Manager
Acer Crystal Eye webcam
Acer ePower Management
Acer eRecovery Management
Acer Game Console
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 MUI
Agatha Christie - Death on the Nile
AIM 7
Alcor Micro USB Card Reader
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Avira AntiVir Personal - Free Antivirus
Backup Manager Basic
Bejeweled 2 Deluxe
Blackhawk Striker 2
Build-a-lot 2
Chuzzle Deluxe
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Download Updater (AOL LLC)
eSobi v2
FATE
Identity Card
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Jewel Quest - Heritage
Jewel Quest Solitaire 2
John Deere Drive Green
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
MediaShow Espresso
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.12)
MSVCRT
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Optical Drive Power Management
Penguins!
Plants vs. Zombies
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Virtual Villagers 4 - The Tree of Life
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zuma's Revenge

==== Event Viewer Messages From Past Week ========

11/30/2010 12:42:18 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
11/30/2010 1:20:29 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
11/30/2010 1:18:52 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{873743D8-7D7C-4D29-9A11-B0EB87BE8DD5} because another computer on the network has the same name. The server could not start.
11/30/2010 1:18:52 AM, Error: NetBT [4321] - The name "MIKE-PC :20" could not be registered on the interface with IP address 192.168.2.3. The computer with the IP address 192.168.2.2 did not allow the name to be claimed by this computer.
11/30/2010 1:18:23 AM, Error: NetBT [4321] - The name "MIKE-PC :0" could not be registered on the interface with IP address 192.168.2.3. The computer with the IP address 192.168.2.2 did not allow the name to be claimed by this computer.
11/30/2010 1:16:37 AM, Error: Service Control Manager [7034] - The Dritek WMI Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2010 10:49:35 PM, Error: NetBT [4321] - The name "MIKE-PC :0" could not be registered on the interface with IP address 192.168.2.3. The computer with the IP address 192.168.2.4 did not allow the name to be claimed by this computer.
11/29/2010 10:05:38 PM, Error: NetBT [4321] - The name "MIKE-PC :20" could not be registered on the interface with IP address 192.168.2.3. The computer with the IP address 192.168.2.4 did not allow the name to be claimed by this computer.
11/29/2010 10:01:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Acer ODD Power Service service to connect.
11/29/2010 10:01:18 PM, Error: Service Control Manager [7000] - The Acer ODD Power Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

Broni · Dec 1, 2010

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

Open SUPERAntiSpyware.
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Post SUPERAntiSpyware log.

credendum · Dec 1, 2010

I noticed that there is a connection being made to sensic.net every couple of seconds as I'm typing this along with something starting with a "ping." It flashes by so I cant read it. Anywho.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: INSYDE
System Manufacturer: Acer
System Product Name: Aspire 5745
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 185):
0x02C4D000 \SystemRoot\system32\ntoskrnl.exe
0x02C04000 \SystemRoot\system32\hal.dll
0x00B97000 \SystemRoot\system32\kdcom.dll
0x00CF1000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D35000 \SystemRoot\system32\PSHED.dll
0x00D49000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E52000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EF6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F05000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F5C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F65000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F6F000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FA2000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FAF000 \SystemRoot\System32\drivers\partmgr.sys
0x00FC4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FCD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FD9000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x01014000 \SystemRoot\System32\drivers\volmgrx.sys
0x01070000 \SystemRoot\System32\drivers\mountmgr.sys
0x01222000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0142C000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01435000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0145F000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0146A000 \SystemRoot\system32\drivers\fltmgr.sys
0x014B6000 \SystemRoot\system32\drivers\fileinfo.sys
0x01603000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014CA000 \SystemRoot\System32\Drivers\msrpc.sys
0x017A6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01528000 \SystemRoot\System32\Drivers\cng.sys
0x017C0000 \SystemRoot\System32\drivers\pcw.sys
0x017D1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0108A000 \SystemRoot\system32\drivers\ndis.sys
0x0159B000 \SystemRoot\system32\drivers\NETIO.SYS
0x0117C000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x011A7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x017DB000 \SystemRoot\system32\DRIVERS\wd.sys
0x00E00000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017E3000 \SystemRoot\System32\Drivers\spldr.sys
0x00DA7000 \SystemRoot\System32\drivers\rdyboost.sys
0x017EB000 \SystemRoot\System32\Drivers\mup.sys
0x01200000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01AB8000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01AF2000 \SystemRoot\system32\DRIVERS\disk.sys
0x01B08000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x04236000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x04260000 \SystemRoot\System32\Drivers\Null.SYS
0x04269000 \SystemRoot\System32\Drivers\Beep.SYS
0x04270000 \SystemRoot\System32\drivers\vga.sys
0x0427E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x042A3000 \SystemRoot\System32\drivers\watchdog.sys
0x042B3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x042BC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x042C5000 \SystemRoot\system32\drivers\rdprefmp.sys
0x042CE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x042D9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x042EA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04308000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04315000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0435A000 \SystemRoot\system32\drivers\afd.sys
0x043E4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01B46000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04000000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x043ED000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01B6C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01B87000 \SystemRoot\system32\DRIVERS\termdd.sys
0x01B9B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01BEC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x01A00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x01A0B000 \SystemRoot\System32\drivers\discache.sys
0x01A1A000 \SystemRoot\System32\Drivers\dfsc.sys
0x01A38000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x01A49000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x01A6B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04A02000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02E43000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02F37000 \SystemRoot\System32\drivers\dxgmms1.sys
0x02F7D000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x02F8E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02F9F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02E00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02E24000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x0447D000 \SystemRoot\system32\DRIVERS\athrx.sys
0x046A3000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x046B0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x046CE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x046DD000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04730000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04732000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04741000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x04749000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x04751000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x04778000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04781000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04786000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0479C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x047AC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x047C2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x047E6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04400000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0442F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0444A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x053DC000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0446B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0549C000 \SystemRoot\system32\DRIVERS\ks.sys
0x054DF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x054F1000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0554B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05EE8000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x06131000 \SystemRoot\system32\drivers\portcls.sys
0x0616E000 \SystemRoot\system32\drivers\drmk.sys
0x06190000 \SystemRoot\system32\drivers\ksthunk.sys
0x06196000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x061DD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04016000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x061EB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x05E00000 \SystemRoot\System32\drivers\Dxapi.sys
0x05E0C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05E29000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05E57000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05E65000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05E7E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05E87000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05E94000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004F0000 \SystemRoot\System32\TSDDD.dll
0x007A0000 \SystemRoot\System32\cdd.dll
0x05EA2000 \SystemRoot\system32\drivers\luafv.sys
0x05560000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05575000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x055C8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x055DB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02AC6000 \SystemRoot\system32\drivers\HTTP.sys
0x02B8E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02BAC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02BC4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02A4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07418000 \SystemRoot\system32\drivers\peauth.sys
0x074BE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x074C9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x074F6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07508000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05400000 \SystemRoot\System32\DRIVERS\srv.sys
0x07571000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x77260000 \Windows\System32\ntdll.dll
0x47D00000 \Windows\System32\smss.exe
0xFF580000 \Windows\System32\apisetschema.dll
0xFF7A0000 \Windows\System32\autochk.exe
0xFF500000 \Windows\System32\gdi32.dll
0xFF4F0000 \Windows\System32\lpk.dll
0xFF450000 \Windows\System32\clbcatq.dll
0xFF430000 \Windows\System32\sechost.dll
0xFF350000 \Windows\System32\advapi32.dll
0xFE5C0000 \Windows\System32\shell32.dll
0xFE3B0000 \Windows\System32\ole32.dll
0xFE280000 \Windows\System32\rpcrt4.dll
0xFE020000 \Windows\System32\iertutil.dll
0xFDFD0000 \Windows\System32\Wldap32.dll
0xFDEA0000 \Windows\System32\wininet.dll
0x77430000 \Windows\System32\psapi.dll
0xFDDC0000 \Windows\System32\oleaut32.dll
0xFDDA0000 \Windows\System32\imagehlp.dll
0x77160000 \Windows\System32\user32.dll
0xFDD70000 \Windows\System32\imm32.dll
0xFDCD0000 \Windows\System32\comdlg32.dll
0xFDC80000 \Windows\System32\ws2_32.dll
0xFDBE0000 \Windows\System32\msvcrt.dll
0x77420000 \Windows\System32\normaliz.dll
0xFDA60000 \Windows\System32\urlmon.dll
0xFDA50000 \Windows\System32\nsi.dll
0xFD9D0000 \Windows\System32\difxapi.dll
0xFD950000 \Windows\System32\shlwapi.dll
0xFD880000 \Windows\System32\usp10.dll
0x77040000 \Windows\System32\kernel32.dll
0xFD6A0000 \Windows\System32\setupapi.dll
0xFD590000 \Windows\System32\msctf.dll
0xFD570000 \Windows\System32\devobj.dll
0xFD530000 \Windows\System32\cfgmgr32.dll
0xFD4C0000 \Windows\System32\KernelBase.dll
0xFD480000 \Windows\System32\wintrust.dll
0xFD310000 \Windows\System32\crypt32.dll
0xFD270000 \Windows\System32\comctl32.dll
0xFD260000 \Windows\System32\msasn1.dll

Processes (total 74):
0 System Idle Process
4 System
312 C:\Windows\System32\smss.exe
444 csrss.exe
508 C:\Windows\System32\wininit.exe
528 csrss.exe
576 C:\Windows\System32\services.exe
600 C:\Windows\System32\lsass.exe
608 C:\Windows\System32\lsm.exe
632 C:\Windows\System32\winlogon.exe
780 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
120 C:\Windows\System32\svchost.exe
448 C:\Windows\System32\svchost.exe
788 C:\Windows\System32\audiodg.exe
740 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\spoolsv.exe
1372 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1412 C:\Windows\System32\svchost.exe
1724 C:\Windows\System32\taskhost.exe
1836 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
1908 C:\Windows\System32\dwm.exe
1936 C:\Windows\explorer.exe
2000 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
1184 C:\Windows\System32\svchost.exe
1028 C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
1584 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1792 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1776 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1040 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
1344 C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
1060 C:\Windows\System32\igfxtray.exe
1876 C:\Windows\System32\hkcmd.exe
1944 C:\Windows\System32\igfxpers.exe
1736 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1476 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
2120 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
2592 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
2600 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
2608 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
2624 C:\Program Files (x86)\Launch Manager\LManager.exe
2680 C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
2708 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2752 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2896 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2964 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
3020 C:\Program Files (x86)\Launch Manager\LMworker.exe
3044 C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
2172 C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2100 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
1404 C:\Windows\System32\wbem\unsecapp.exe
2152 WmiPrvSE.exe
2736 C:\Windows\System32\igfxext.exe
2812 C:\Windows\System32\igfxsrvc.exe
3144 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
3368 C:\Windows\System32\SearchIndexer.exe
3788 C:\Windows\System32\SearchProtocolHost.exe
3888 C:\Windows\System32\SearchFilterHost.exe
4056 C:\Windows\System32\svchost.exe
2576 C:\Program Files\Windows Media Player\wmpnetwk.exe
1864 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1176 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
3876 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
2560 C:\Windows\System32\conhost.exe
4008 taskhost.exe
4572 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
4704 <unknown>
4752 C:\Windows\System32\sppsvc.exe
4800 dllhost.exe
4856 C:\Users\Mike\Downloads\MBRCheck.exe
4868 C:\Windows\System32\conhost.exe
4936 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`46500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400BEVT-22A0RT0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/01/2010 at 04:38 AM

Application Version : 4.46.1000

Core Rules Database Version : 5934
Trace Rules Database Version: 3746

Scan type : Complete Scan
Total Scan Time : 00:27:15

Memory items scanned : 315
Memory threats detected : 0
Registry items scanned : 11115
Registry threats detected : 0
File items scanned : 94605
File threats detected : 0

Btw thanks for the help. I'd say its driving me insane but honestly I dont use the computer anymore....just use it as a paperweight for the moment.

credendum · Dec 1, 2010

I quick replied but I don't see it here...odd.

Edit-- Sorry, I didn't notice the message that popped up stating the post has to be approved first. :/ In that case there should be two posts on the way.

Broni · Dec 1, 2010

We'll start with fixing your MBR...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.
Double click on NTBR_CD.exe file and a folder of the same name will appear.
Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.
Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
Read the warning and then continue as prompted.
You first need to select your keyboard layout - press Enter for English.
Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
On the following screen enter 5 to select Install Standard MBR code.
Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
When asked to confirm please do so.
Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

credendum · Dec 1, 2010

Tried following directions but after selecting language it states:
Cant open cd driver CDRCACH SHSUCDX cant install.
Error: Failure loading: Unable to find CD-ROM drive

Then it says to reboot

Edit- Tried the whole process over again, thinkin I might have messed up somewhere and I even made a new Cd-r but same error popped up.

Broni · Dec 1, 2010

That's fine. It happens sometimes.
We'll use different method...

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk.

Vista users. At first screen click on Repair your computer:

Windows 7 users. At first screen click on Install now:

25672d1251414873-mbr-restore-windows-7-master-boot-record-mbr_02.png

Select your language and click next:

25673d1251414836-mbr-restore-windows-7-master-boot-record-mbr_03.png

Click the button for "Use recovery tools":

25674d1251414836-mbr-restore-windows-7-master-boot-record-mbr_04.png

The following applies to both, Vista and Windows 7 users.

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:

After this, it will present you with a list of options including startup repair, system restore and command prompt:

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.

credendum · Dec 1, 2010

Ooook it took me a bit to get things going but the Windows 7 repair disc worked fine. Mbr check no longer says infected (woo!). Redirect seems to have stopped, as well as the slow down.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: INSYDE
System Manufacturer: Acer
System Product Name: Aspire 5745
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 185):
0x02C1F000 \SystemRoot\system32\ntoskrnl.exe
0x031FB000 \SystemRoot\system32\hal.dll
0x00BD2000 \SystemRoot\system32\kdcom.dll
0x00CC9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D0D000 \SystemRoot\system32\PSHED.dll
0x00D21000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EEB000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F8F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F9E000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FF5000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E0A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E3D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E4A000 \SystemRoot\System32\drivers\partmgr.sys
0x00E5F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E68000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E74000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E89000 \SystemRoot\System32\drivers\volmgrx.sys
0x00D7F000 \SystemRoot\System32\drivers\mountmgr.sys
0x010B3000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x012BD000 \SystemRoot\system32\DRIVERS\atapi.sys
0x012C6000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x012F0000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x012FB000 \SystemRoot\system32\drivers\fltmgr.sys
0x01347000 \SystemRoot\system32\drivers\fileinfo.sys
0x0144B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0135B000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x0141A000 \SystemRoot\System32\drivers\pcw.sys
0x0142B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016AD000 \SystemRoot\system32\drivers\ndis.sys
0x0179F000 \SystemRoot\system32\drivers\NETIO.SYS
0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x0162B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01675000 \SystemRoot\system32\DRIVERS\wd.sys
0x00D99000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0167D000 \SystemRoot\System32\Drivers\spldr.sys
0x01073000 \SystemRoot\System32\drivers\rdyboost.sys
0x01685000 \SystemRoot\System32\Drivers\mup.sys
0x01697000 \SystemRoot\System32\drivers\hwpolicy.sys
0x013B9000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01435000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A7D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x04452000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0447C000 \SystemRoot\System32\Drivers\Null.SYS
0x04485000 \SystemRoot\System32\Drivers\Beep.SYS
0x0448C000 \SystemRoot\System32\drivers\vga.sys
0x0449A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x044BF000 \SystemRoot\System32\drivers\watchdog.sys
0x044CF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x044D8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x044E1000 \SystemRoot\system32\drivers\rdprefmp.sys
0x044EA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x044F5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04506000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04524000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04531000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04576000 \SystemRoot\system32\drivers\afd.sys
0x04200000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04209000 \SystemRoot\system32\DRIVERS\pacer.sys
0x01ABB000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x01AD1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01AE0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01AFB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x01B0F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x01B19000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x01B23000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01B74000 \SystemRoot\system32\drivers\nsiproxy.sys
0x01B80000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x01B8B000 \SystemRoot\System32\drivers\discache.sys
0x01B9A000 \SystemRoot\System32\Drivers\dfsc.sys
0x01BB8000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x01BC9000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x01A00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04A05000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02E9C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02F90000 \SystemRoot\System32\drivers\dxgmms1.sys
0x02FD6000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x02FE7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02E56000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02E7A000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x0582F000 \SystemRoot\system32\DRIVERS\athrx.sys
0x05A55000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05A62000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05A80000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05A8F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05AE2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05AE4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05AF3000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x05AFB000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x05B03000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x05B2A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x05B33000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x05B38000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05B4E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05B5E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05B74000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05B98000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05BA4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05BD3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05800000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x053DF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05821000 \SystemRoot\system32\DRIVERS\swenum.sys
0x01A26000 \SystemRoot\system32\DRIVERS\ks.sys
0x05BEE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04635000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0468F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05E6B000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x060B4000 \SystemRoot\system32\drivers\portcls.sys
0x060F1000 \SystemRoot\system32\drivers\drmk.sys
0x06113000 \SystemRoot\system32\drivers\ksthunk.sys
0x06119000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x06160000 \SystemRoot\System32\drivers\Dxapi.sys
0x0616C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06189000 \SystemRoot\System32\Drivers\usbvideo.sys
0x061B7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005B0000 \SystemRoot\System32\TSDDD.dll
0x00690000 \SystemRoot\System32\cdd.dll
0x05E00000 \SystemRoot\system32\DRIVERS\udfs.sys
0x05E54000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0422F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x061C5000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x061D8000 \SystemRoot\system32\drivers\luafv.sys
0x046A4000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x046C1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x046D6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x04729000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0473C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02A6D000 \SystemRoot\system32\drivers\HTTP.sys
0x02B35000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02B53000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02B6B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02B98000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02A00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x04754000 \SystemRoot\system32\drivers\peauth.sys
0x02A23000 \SystemRoot\System32\Drivers\secdrv.SYS
0x02A2E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02A5B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0567D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x056E6000 \SystemRoot\System32\DRIVERS\srv.sys
0x77700000 \Windows\System32\ntdll.dll
0x483C0000 \Windows\System32\smss.exe
0xFFA20000 \Windows\System32\apisetschema.dll
0xFFA70000 \Windows\System32\autochk.exe
0x778D0000 \Windows\System32\normaliz.dll
0xFF970000 \Windows\System32\comdlg32.dll
0xFF840000 \Windows\System32\rpcrt4.dll
0xFF770000 \Windows\System32\usp10.dll
0xFF560000 \Windows\System32\ole32.dll
0x778C0000 \Windows\System32\psapi.dll
0xFF430000 \Windows\System32\wininet.dll
0xFF350000 \Windows\System32\oleaut32.dll
0xFF2D0000 \Windows\System32\shlwapi.dll
0xFF260000 \Windows\System32\gdi32.dll
0xFF080000 \Windows\System32\setupapi.dll
0xFF060000 \Windows\System32\imagehlp.dll
0xFF010000 \Windows\System32\Wldap32.dll
0x77600000 \Windows\System32\user32.dll
0x774E0000 \Windows\System32\kernel32.dll
0xFEFC0000 \Windows\System32\ws2_32.dll
0xFEFB0000 \Windows\System32\nsi.dll
0xFEEA0000 \Windows\System32\msctf.dll
0xFEE00000 \Windows\System32\clbcatq.dll
0xFEDE0000 \Windows\System32\sechost.dll
0xFEB80000 \Windows\System32\iertutil.dll
0xFEA00000 \Windows\System32\urlmon.dll
0xFE9D0000 \Windows\System32\imm32.dll
0xFE9C0000 \Windows\System32\lpk.dll
0xFE8E0000 \Windows\System32\advapi32.dll
0xFE860000 \Windows\System32\difxapi.dll
0xFE7C0000 \Windows\System32\msvcrt.dll
0xFDA30000 \Windows\System32\shell32.dll
0xFDA10000 \Windows\System32\devobj.dll
0xFD9D0000 \Windows\System32\cfgmgr32.dll
0xFD860000 \Windows\System32\crypt32.dll
0xFD7C0000 \Windows\System32\comctl32.dll
0xFD780000 \Windows\System32\wintrust.dll
0xFD710000 \Windows\System32\KernelBase.dll
0xFD700000 \Windows\System32\msasn1.dll
0x75FC0000 \Windows\SysWOW64\normaliz.dll

Processes (total 74):
0 System Idle Process
4 System
296 C:\Windows\System32\smss.exe
432 csrss.exe
504 csrss.exe
512 C:\Windows\System32\wininit.exe
568 C:\Windows\System32\services.exe
576 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
612 C:\Windows\System32\winlogon.exe
716 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
340 C:\Windows\System32\audiodg.exe
428 C:\Windows\System32\svchost.exe
336 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\spoolsv.exe
1280 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1324 C:\Windows\System32\svchost.exe
1492 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1528 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1592 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
1652 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
1680 C:\Windows\SysWOW64\svchost.exe
1704 C:\Windows\System32\svchost.exe
1728 C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
1764 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1800 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
1852 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
1904 C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
1956 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1964 C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
1984 C:\Windows\System32\conhost.exe
820 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
2056 WmiPrvSE.exe
2152 C:\Windows\System32\taskhost.exe
2212 C:\Windows\System32\dwm.exe
2232 C:\Windows\explorer.exe
2412 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2424 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
2432 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
2440 C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
2464 C:\Windows\System32\igfxtray.exe
2472 C:\Windows\System32\wbem\unsecapp.exe
2496 C:\Windows\System32\hkcmd.exe
2516 C:\Windows\System32\igfxpers.exe
2676 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2696 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
2708 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3036 WmiPrvSE.exe
916 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
2180 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
1604 C:\Windows\System32\igfxsrvc.exe
2120 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
3124 C:\Program Files (x86)\Launch Manager\LManager.exe
3236 C:\Windows\System32\igfxext.exe
3276 C:\Windows\System32\SearchIndexer.exe
3328 C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
3372 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
3408 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3640 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
3648 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3732 C:\Program Files\Windows Media Player\wmpnetwk.exe
3800 C:\Program Files (x86)\Launch Manager\LMworker.exe
3808 C:\Windows\System32\SearchProtocolHost.exe
3852 C:\Windows\System32\SearchFilterHost.exe
3476 C:\Windows\System32\svchost.exe
3196 dllhost.exe
2816 dllhost.exe
2736 dllhost.exe
4052 C:\Users\Mike\Downloads\MBRCheck.exe
2568 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`46500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400BEVT-22A0RT0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Broni · Dec 1, 2010

Good news

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

credendum · Dec 1, 2010

Decided to attach the logs in the hopes that I do not have to keep begging Matthew to approve my posts. I hope that is ok.

Broni · Dec 1, 2010

No, it's not.
I'm receiving email notifications about your replies and, if your reply needs to be approved, I'll certainly do so, as soon, as I get there.

credendum · Dec 1, 2010

Alllllright.

OTL logfile created on: 12/1/2010 9:33:04 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Mike\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.07 Gb Total Space | 553.05 Gb Free Space | 94.85% Space Free | Partition Type: NTFS
Drive D: | 164.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/01 21:32:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Downloads\OTL.exe
PRC - [2010/10/27 00:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/06/28 16:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/06/28 16:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/06/25 15:38:02 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010/06/22 00:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/06/22 00:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/06/22 00:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/04/16 18:51:32 | 000,144,640 | ---- | M] (NTI, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/03 00:19:52 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/02/03 00:19:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

========== Modules (SafeList) ==========

MOD - [2010/12/01 21:32:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Downloads\OTL.exe
MOD - [2009/07/13 19:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV:64bit: - [2010/06/29 11:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/06/11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/04/22 11:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV:64bit: - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/12/01 04:50:13 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/06/28 16:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/06/22 00:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/04/16 18:51:32 | 000,144,640 | ---- | M] (NTI, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2010/04/16 18:51:22 | 000,050,432 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2010/04/03 17:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/02/03 00:19:52 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/02/03 00:19:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/01 04:01:19 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/08/02 16:10:08 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/06/09 22:57:20 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010/05/20 00:10:44 | 000,076,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/05/11 04:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/28 00:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010/04/28 00:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/04/22 03:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/20 21:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/17 12:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 12:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/02/02 16:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/09/16 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 97 BD D7 44 90 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/29 22:18:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/29 22:45:30 | 000,000,000 | ---D | M]

[2010/11/29 22:19:30 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2010/11/29 22:19:30 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\tl1vn61l.default\extensions
[2010/11/29 22:18:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/11/29 23:43:24 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe File not found
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 24.217.0.5 24.217.201.67 68.113.206.10
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: FastUserSwitchingCompatibility - C:\Windows\SysNative\FastUv32.dll File not found
NetSvcs: FastUserSwitchingCompatibility - C:\Windows\SysWOW64\FastUv32.dll ()

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/01 04:03:45 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/01 04:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/01 04:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/12/01 04:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/30 00:46:51 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Avira
[2010/11/30 00:41:51 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/11/30 00:41:51 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/11/30 00:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/11/30 00:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/11/29 22:49:44 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\acccore
[2010/11/29 22:49:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\AOL
[2010/11/29 22:49:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\AIM
[2010/11/29 22:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
[2010/11/29 22:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
[2010/11/29 22:45:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2010/11/29 22:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2010/11/29 22:26:20 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Microsoft Games
[2010/11/29 22:20:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
[2010/11/29 22:20:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 22:20:41 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/29 22:20:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/29 22:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/29 22:18:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Mozilla
[2010/11/29 22:18:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Mozilla
[2010/11/29 22:18:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/11/29 22:13:02 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Adobe
[2010/11/29 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager
[2010/11/29 22:08:34 | 000,000,000 | ---D | C] -- C:\book
[2010/11/29 22:08:31 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Google
[2010/11/29 22:02:29 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/11/29 22:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/11/29 22:01:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2010/11/29 21:58:55 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/11/29 21:56:08 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2010/11/29 20:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2010/11/29 20:47:10 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Macromedia
[2010/11/29 20:43:31 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Cyberlink
[2010/11/29 20:43:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2010/11/29 20:42:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Arcade Deluxe
[2010/11/29 20:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/11/29 20:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2010/11/29 20:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/11/29 20:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/11/29 20:39:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/11/29 20:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/11/29 20:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/11/29 20:39:10 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/11/29 20:38:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/11/29 20:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/11/29 20:31:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2010/11/29 20:30:47 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Liteon
[2010/11/29 20:30:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Crystal Eye webcam
[2010/11/29 20:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/11/29 20:29:47 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Intel Corporation
[2010/11/29 20:25:01 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\EgisTec IPS
[2010/11/29 20:24:02 | 000,000,000 | R--D | C] -- C:\Users\Mike\Searches
[2010/11/29 20:24:02 | 000,000,000 | -H-D | C] -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/11/29 20:23:27 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Identities
[2010/11/29 20:23:18 | 000,000,000 | R--D | C] -- C:\Users\Mike\Contacts
[2010/11/29 20:23:18 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\VirtualStore
[2010/11/29 20:22:13 | 000,000,000 | --SD | C] -- C:\Users\Mike\AppData\Roaming\Microsoft
[2010/11/29 20:22:13 | 000,000,000 | R--D | C] -- C:\Users\Mike\Videos
[2010/11/29 20:22:13 | 000,000,000 | R--D | C] -- C:\Users\Mike\Saved Games
[2010/11/29 20:22:13 | 000,000,000 | R--D | C] -- C:\Users\Mike\Pictures
[2010/11/29 20:22:13 | 000,000,000 | R--D | C] -- C:\Users\Mike\Music
[2010/11/29 20:22:13 | 000,000,000 | R--D | C] -- C:\Users\Mike\Links
[2010/11/29 20:22:13 | 000,000,000 | R--D | C] -- C:\Users\Mike\Favorites
[2010/11/29 20:22:13 | 000,000,000 | R--D | C] -- C:\Users\Mike\Downloads
[2010/11/29 20:22:13 | 000,000,000 | R--D | C] -- C:\Users\Mike\My Documents
[2010/11/29 20:22:13 | 000,000,000 | R--D | C] -- C:\Users\Mike\Desktop
[2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\Temporary Internet Files
[2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Templates
[2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Start Menu
[2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\SendTo
[2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Recent
[2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\PrintHood
[2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\NetHood
[2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Videos
[2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Pictures
[2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Music
[2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\My Documents
[2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Local Settings
[2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\History
[2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Cookies
[2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Application Data
[2010/11/29 20:22:13 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\Application Data
[2010/11/29 20:22:13 | 000,000,000 | -H-D | C] -- C:\Users\Mike\AppData
[2010/11/29 20:22:13 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Temp
[2010/11/29 20:22:13 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Microsoft
[2010/11/29 20:22:13 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Media Center Programs
[2010/11/29 20:21:49 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2010/12/01 21:04:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/01 21:04:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/01 21:01:40 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/01 21:01:40 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/01 21:01:40 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/01 20:56:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/01 20:55:38 | 2962,300,928 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/01 04:50:13 | 000,053,248 | ---- | M] () -- C:\Windows\SysWow64\FastUv32.dll
[2010/12/01 04:03:34 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/01 04:01:19 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/11/30 00:42:05 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/11/29 23:49:51 | 000,000,355 | ---- | M] () -- C:\Users\Mike\Desktop\Computer - Shortcut.lnk
[2010/11/29 23:43:24 | 000,000,797 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/11/29 22:49:43 | 000,000,362 | -H-- | M] () -- C:\IPH.PH
[2010/11/29 22:45:36 | 000,001,941 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/11/29 22:45:36 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/11/29 22:20:48 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/29 22:20:18 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/11/29 22:20:18 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/11/29 22:19:27 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/11/29 22:18:54 | 000,001,967 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/29 22:18:54 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/29 22:12:35 | 000,001,441 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/29 22:10:16 | 000,000,184 | ---- | M] () -- C:\Windows\LMv4.UNI
[2010/11/29 22:07:27 | 000,015,744 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2010/11/29 22:04:46 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2010/11/29 21:56:08 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2010/11/29 20:29:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/12/01 04:50:13 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\FastUv32.dll
[2010/12/01 04:03:34 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/30 00:42:05 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/11/29 23:49:51 | 000,000,355 | ---- | C] () -- C:\Users\Mike\Desktop\Computer - Shortcut.lnk
[2010/11/29 22:45:36 | 000,001,941 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/11/29 22:45:36 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/11/29 22:45:15 | 000,000,362 | -H-- | C] () -- C:\IPH.PH
[2010/11/29 22:20:48 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/29 22:19:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/29 22:18:54 | 000,001,967 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/29 22:18:54 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/29 22:12:35 | 000,001,441 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/29 22:10:16 | 000,000,184 | ---- | C] () -- C:\Windows\LMv4.UNI
[2010/11/29 22:07:27 | 000,015,744 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2010/11/29 22:04:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2010/11/29 21:58:55 | 2962,300,928 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/29 21:57:27 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2010/11/29 20:42:22 | 000,015,865 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe4.log
[2010/11/29 20:29:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/11/29 20:22:13 | 000,000,290 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/11/29 20:22:13 | 000,000,272 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/03 04:08:03 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/03 04:08:03 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/11/29 22:50:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\acccore
[2010/11/29 20:30:47 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Liteon
[2009/07/13 23:08:49 | 000,005,124 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.* >
[2010/08/03 04:10:46 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/12/01 20:55:38 | 2962,300,928 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/29 22:49:43 | 000,000,362 | -H-- | M] () -- C:\IPH.PH
[2010/12/01 20:55:57 | 3949,735,936 | -HS- | M] () -- C:\pagefile.sys
[2010/08/03 03:20:17 | 000,002,282 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\Fonts\*.com >
[2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/11/29 22:12:35 | 000,000,221 | -HS- | M] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/29 20:24:29 | 000,000,402 | -HS- | M] () -- C:\Users\Mike\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/11/29 20:46:46 | 000,015,865 | ---- | M] () -- C:\ProgramData\ArcadeDeluxe4.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

credendum · Dec 1, 2010

OTL Extras logfile created on: 12/1/2010 9:33:04 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Mike\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.07 Gb Total Space | 553.05 Gb Free Space | 94.85% Space Free | Partition Type: NTFS
Drive D: | 164.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Acer Game Console" = Acer Game Console
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_7" = AIM 7
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT088295" = Agatha Christie - Death on the Nile
"WT088300" = Bejeweled 2 Deluxe
"WT088310" = Build-a-lot 2
"WT088312" = Chuzzle Deluxe
"WT088318" = Diner Dash 2 Restaurant Rescue
"WT088350" = Jewel Quest Solitaire 2
"WT088364" = Plants vs. Zombies
"WT088373" = Blackhawk Striker 2
"WT088393" = Dora's Carnival Adventure
"WT088413" = FATE
"WT088445" = John Deere Drive Green
"WT088449" = Penguins!
"WT088453" = Polar Bowler
"WT088457" = Polar Golfer
"WT088517" = Zuma's Revenge
"WT088553" = Virtual Villagers 4 - The Tree of Life
"WT088649" = 18 Wheels of Steel - American Long Haul
"WT088653" = Jewel Quest - Heritage

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 11/29/2010 11:59:43 PM | Computer Name = Mike-PC | Source = NetBT | ID = 4321
Description = The name "MIKE-PC :0" could not be registered on the interface
with IP address 192.168.2.3. The computer with the IP address 192.168.2.4 did not
allow the name to be claimed by this computer.

Error - 11/30/2010 12:01:18 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Acer
ODD Power Service service to connect.

Error - 11/30/2010 12:01:18 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000
Description = The Acer ODD Power Service service failed to start due to the following
error: %%1053

Error - 11/30/2010 12:04:35 AM | Computer Name = Mike-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:01:48 PM on ?11/?29/?2010 was unexpected.

Error - 11/30/2010 12:04:48 AM | Computer Name = Mike-PC | Source = NetBT | ID = 4321
Description = The name "MIKE-PC :0" could not be registered on the interface
with IP address 192.168.2.3. The computer with the IP address 192.168.2.4 did not
allow the name to be claimed by this computer.

Error - 11/30/2010 12:05:38 AM | Computer Name = Mike-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{873743D8-7D7C-4D29-9A11-B0EB87BE8DD5}
because another computer on the network has the same name. The server could not
start.

Error - 11/30/2010 12:05:38 AM | Computer Name = Mike-PC | Source = NetBT | ID = 4321
Description = The name "MIKE-PC :20" could not be registered on the interface
with IP address 192.168.2.3. The computer with the IP address 192.168.2.4 did not
allow the name to be claimed by this computer.

Error - 11/30/2010 12:45:37 AM | Computer Name = Mike-PC | Source = NetBT | ID = 4321
Description = The name "MIKE-PC :0" could not be registered on the interface
with IP address 192.168.2.3. The computer with the IP address 192.168.2.4 did not
allow the name to be claimed by this computer.

Error - 11/30/2010 12:45:37 AM | Computer Name = Mike-PC | Source = NetBT | ID = 4321
Description = The name "MIKE-PC :0" could not be registered on the interface
with IP address 192.168.2.3. The computer with the IP address 192.168.2.4 did not
allow the name to be claimed by this computer.

Error - 11/30/2010 12:49:35 AM | Computer Name = Mike-PC | Source = NetBT | ID = 4321
Description = The name "MIKE-PC :0" could not be registered on the interface
with IP address 192.168.2.3. The computer with the IP address 192.168.2.4 did not
allow the name to be claimed by this computer.

< End of report >

Broni · Dec 1, 2010

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

=====================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

credendum · Dec 2, 2010

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mike
->Temp folder emptied: 593627 bytes
->Temporary Internet Files folder emptied: 6655212 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67893648 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 149373 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 892 bytes

Total Files Cleaned = 72.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Mike
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12012010_224156

Files\Folders moved on Reboot...
C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.1 MUI
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

Eset doesnt look too good. :/

C:\OEM\Preload\Autorun\DRV\Realtek Audio Codec ALC271X\Vista\RtlUpd.exe probably a variant of Win32/Agent.KJZBIGF trojan
C:\Windows\System32\FastUv32.dll a variant of Win32/Wimpixo.AA trojan
C:\Windows\SysWOW64\FastUv32.dll a variant of Win32/Wimpixo.AA trojan

Broni · Dec 2, 2010

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

make sure, you have both boxes UN-checked AND (important!) click on Decline button

======================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL

:Services

:Reg

:Files
C:\OEM\Preload\Autorun\DRV\Realtek Audio Codec ALC271X\Vista\RtlUpd.exe 
C:\Windows\System32\FastUv32.dll 
C:\Windows\SysWOW64\FastUv32.dll

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

credendum · Dec 2, 2010

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\OEM\Preload\Autorun\DRV\Realtek Audio Codec ALC271X\Vista\RtlUpd.exe moved successfully.
C:\Windows\System32\FastUv32.dll moved successfully.
File\Folder C:\Windows\SysWOW64\FastUv32.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mike
->Temp folder emptied: 516171 bytes
->Temporary Internet Files folder emptied: 432798 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43643404 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 43.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Mike
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12012010_235241

Files\Folders moved on Reboot...
C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mike
->Temp folder emptied: 412212 bytes
->Temporary Internet Files folder emptied: 187051 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16287644 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524288 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 17.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Mike
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.17.3 log created on 12012010_235749

Files\Folders moved on Reboot...
C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP0000000106B1A7CDF069EED2 not found!

Registry entries deleted on Reboot...

Thanks so much for your time and your quick responses.

Broni · Dec 2, 2010

12. Please, let me know, how your computer is doing.

Whenever ready....

credendum · Dec 2, 2010

Sorry! I was so excited to have it working again I must have skipped that one. In the process of following the other steps at the moment to be better protected.

As far as I can tell it is working fine. I'm going to run some scans and see if anything pops up again, but the redirects have stopped and so has the lag.

I was wondering, about changing the passwords for sites...if I didn't visit the site while this problem was occurring do I have to worry about changing it? Should I go ahead and change them all just to be safe?

Broni · Dec 2, 2010

Yes, I'd do so.

Well done

Good luck and stay safe

Solved Annoying google redirect virus

Posts: 11 +0

Posts: 56,041 +517

Posts: 11 +0

Posts: 11 +0

Posts: 56,041 +517

Posts: 11 +0

Posts: 56,041 +517

Posts: 11 +0

Posts: 56,041 +517

Posts: 11 +0

Attachments

Posts: 56,041 +517

Posts: 11 +0

Posts: 11 +0

Posts: 56,041 +517

Posts: 11 +0

Posts: 56,041 +517

Posts: 11 +0

Posts: 56,041 +517

Posts: 11 +0

Posts: 56,041 +517

Similar threads