"Invisible Ads" playing in the background with no windows open

Ads have started playing constantly in the background and continue even when I close all browsers. I recently bought a program called webroot to remove cloud 2012 and privacy protection fmalware removal scams which I believe I contracted from youtube.

Hello.
Please see this topic here: http://www.GeekPolice.net/t3821-read-this-before-posting

Run through the instructions given and post the required logs.
You may need to use more than 1 post to fit them all.

Belahzur wrote:

Hello.
Please see this topic here: http://www.GeekPolice.net/t3821-read-this-before-posting

Run through the instructions given and post the required logs.
You may need to use more than 1 post to fit them all.

Thank you for helping me slam this tornado.

Belahzur wrote:

Hello.
Please see this topic here: http://www.GeekPolice.net/t3821-read-this-before-posting

Run through the instructions given and post the required logs.
You may need to use more than 1 post to fit them all.

While trying to run OTL, my computer tells me that this is not a valid Win32 application.

Also now I'm starting to be redirected to a different website than I have typed in??? I just downloaded internet explorer 8 (cannot download firefox due to win32 error) and itunes 10.5. Also I cann't open an e-mail from my inbox, as it just highlites whatever I am clicking on.

Any ideas?

Hello.
Try this instead.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste BOTH LOGS back here, use more than one post if needed.
  

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19088
Run by milfkrieg at 21:12:52 on 2011-12-17
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.7934.5527 [GMT -5:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Webroot\WRSA.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\RUNDLL32.EXE
c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\Ati2evxx.exe
C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Webroot\WRSA.exe
C:\Windows\system32\Dwm.exe
C:\Windows\MHotKey.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Users\milfkrieg\AppData\Roaming\628D9\39044.exe
C:\Windows\ChiFuncExt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\milfkrieg\AppData\Roaming\Microsoft\44A6\268.exe
C:\Windows\system32\wuauclt.exe
C:\Users\milfkrieg\AppData\Roaming\D9471\lvvm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1108&m=lx6200-01
uInternet Settings,ProxyServer = http=127.0.0.1:64909
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=explorer.exe,C:\Users\milfkrieg\AppData\Roaming\628D9\39044.exe
uWindows: Load=C:\Users\milfkrieg\AppData\Roaming\D9471\lvvm.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Bluetoothapint5] rundll32.exe "C:\Users\milfkrieg\AppData\Local\BluetoothWebplugin\Bluetoothapint5.dll",dbPadnet Asyncnetdsc
uRun: [268.exe] C:\Users\milfkrieg\AppData\Roaming\Microsoft\44A6\268.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [LedKey] CNYHKey.exe
mRun: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [osCheck] "c:\Program Files (x86)\Norton 360\osCheck.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe
mRun: [eRecoveryService]
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul
mRun: [268.exe] "C:\Program Files (x86)\LP\44A6\268.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\MILFKR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GOZONE~1.LNK - C:\Program Files (x86)\GoZone\GoZone_iSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BigFix.lnk - C:\Program Files\BigFix\bigfix.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTC~1.LNK - C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTL~1.LNK - C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9D27588D-4BFD-4C88-BF4A-8C4C3424FA5C} : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
BHO-X64: NCO 2.0 IE BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LchDrvKey] LchDrvKey.exe
mRun-x64: [LedKey] CNYHKey.exe
mRun-x64: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [osCheck] "c:\Program Files (x86)\Norton 360\osCheck.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe
mRun-x64: [eRecoveryService]
mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul
mRun-x64: [268.exe] "C:\Program Files (x86)\LP\44A6\268.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\system32\DRIVERS\tdrpm258.sys --> C:\Windows\system32\DRIVERS\tdrpm258.sys [?]
R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
R1 IDSvia64;Symantec Intrusion Prevention Driver;C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20090219.003\IDSvia64.sys [2009-2-20 368688]
R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-2-18 2480048]
R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-11-13 24576]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE [2008-2-17 149352]
R2 WRSVC;WRSVC;C:\Program Files (x86)\Webroot\WRSA.exe [2011-11-25 637208]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;C:\Windows\system32\drivers\AVer88xHD64.sys --> C:\Windows\system32\drivers\AVer88xHD64.sys [?]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RTS5121.sys --> C:\Windows\system32\Drivers\RTS5121.sys [?]
R3 Symantec Core LC;Symantec Core LC;C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-8-21 1245064]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS --> C:\Windows\system32\Drivers\SYMNDISV.SYS [?]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca4ea31bfc3630;Google Update Service (gupdate1ca4ea31bfc3630);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-16 133104]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers\COH_Mon.sys --> C:\Windows\system32\Drivers\COH_Mon.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-16 133104]
S3 MRV6X64U;Linksys Wireless-N USB Network Adapter WUSB300N for Vista x64 (USB8x);C:\Windows\system32\DRIVERS\WUBS300N.sys --> C:\Windows\system32\DRIVERS\WUBS300N.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-8 93184]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.exe=R64
.
=============== Created Last 30 ================
.
2011-12-14 21:56:07 613376 ----a-w- C:\Windows\System32\vbscript.dll
2011-12-14 21:56:07 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-12-14 21:56:04 758784 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2011-12-14 21:56:03 1027584 ----a-w- C:\Program Files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-12-14 13:39:15 677136 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-14 05:21:15 -------- d-----w- C:\Program Files\iPod
2011-12-14 05:21:12 -------- d-----w- C:\Program Files\iTunes
2011-12-14 05:13:43 -------- d-----w- C:\Program Files\Bonjour
2011-12-14 05:13:43 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-12-14 04:22:44 314368 ----a-w- C:\Users\milfkrieg\AppData\Roaming\Microsoft\44A6\268.exe
2011-11-26 04:50:33 91832 ----a-w- C:\Windows\System32\WRusr.dll
2011-11-26 04:50:33 141272 ----a-w- C:\Windows\SysWow64\WRusr.dll
2011-11-26 04:50:33 108896 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2011-11-26 04:50:32 -------- d-----w- C:\Program Files (x86)\Webroot
2011-11-26 04:50:27 -------- d-----w- C:\ProgramData\WRData
2011-11-26 04:36:47 -------- d-----w- C:\Users\milfkrieg\AppData\Roaming\GetRightToGo
2011-11-26 04:31:34 -------- d-----w- C:\ProgramData\PC Tools
2011-11-26 04:31:33 -------- d-----w- C:\Users\milfkrieg\AppData\Roaming\TestApp
2011-11-26 03:46:28 -------- d-----w- C:\Users\milfkrieg\AppData\Roaming\lS1ibDonGaHsfTq
2011-11-26 03:46:28 -------- d-----w- C:\Users\milfkrieg\AppData\Roaming\lBtx0ySDna5JEgY
2011-11-25 23:53:41 -------- d-----we C:\Windows\system64
2011-11-25 23:32:28 -------- d-----w- C:\Program Files (x86)\LP
2011-11-24 14:41:27 -------- d-----w- C:\Users\milfkrieg\AppData\Roaming\D9471
2011-11-24 14:40:55 -------- d-----w- C:\Users\milfkrieg\AppData\Roaming\IzzPP0ycc1iv
2011-11-24 14:40:55 -------- d-----w- C:\Users\milfkrieg\AppData\Roaming\b8ggRRZqhYXwUVl
2011-11-24 14:40:54 -------- d-----w- C:\Users\milfkrieg\AppData\Roaming\628D9
2011-11-24 14:40:49 -------- d-----w- C:\Users\milfkrieg\AppData\Roaming\HDD33onnG4aH6WJ
2011-11-24 14:40:48 -------- d-----w- C:\Users\milfkrieg\AppData\Roaming\gS22iibF3pnGaQ
2011-11-24 14:40:47 -------- d-----w- C:\Users\milfkrieg\AppData\Roaming\k888fRRL9hTqjC
.
==================== Find3M ====================
.
2011-11-17 21:02:06 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 00:39:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-28 22:45:42 15453832 ----a-w- C:\Windows\SysWow64\xlive.dll
2011-09-28 22:45:42 13642888 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
.
============= FINISH: 21:13:44.68 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/13/2008 12:28:56 PM
System Uptime: 12/17/2011 7:32:36 PM (2 hours ago)
.
Motherboard: Gateway | | RS780
Processor: AMD Phenom(tm) 9500 Quad-Core Processor | AM2 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 689 GiB total, 476.581 GiB free.
D: is CDROM (UDF)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP663: 11/3/2011 12:00:01 AM - Scheduled Checkpoint
RP664: 11/4/2011 11:20:59 AM - Scheduled Checkpoint
RP665: 11/4/2011 8:33:58 PM - Installed Java(TM) 6 Update 24
RP666: 11/4/2011 8:37:34 PM - Removed Java(TM) 6 Update 24
RP667: 11/4/2011 8:38:48 PM - Installed Java(TM) 6 Update 24
RP668: 11/5/2011 2:22:08 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP669: 11/7/2011 1:48:59 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP670: 11/7/2011 1:50:03 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP671: 11/8/2011 2:14:27 AM - Scheduled Checkpoint
RP672: 11/9/2011 - Scheduled Checkpoint
RP673: 11/10/2011 - Scheduled Checkpoint
RP674: 11/10/2011 3:00:11 AM - Windows Update
RP675: 11/14/2011 11:42:35 PM - Scheduled Checkpoint
RP676: 11/15/2011 11:17:47 PM - Scheduled Checkpoint
RP677: 11/21/2011 12:19:30 AM - Scheduled Checkpoint
RP678: 11/22/2011 - Scheduled Checkpoint
RP679: 11/23/2011 9:54:40 PM - Scheduled Checkpoint
RP680: 11/24/2011 1:08:22 PM - Scheduled Checkpoint
RP681: 11/26/2011 6:56:44 AM - Scheduled Checkpoint
RP682: 11/28/2011 5:44:33 PM - Scheduled Checkpoint
RP683: 11/30/2011 3:15:24 PM - Scheduled Checkpoint
RP684: 12/4/2011 1:32:23 AM - Scheduled Checkpoint
RP685: 12/5/2011 12:00:01 AM - Scheduled Checkpoint
RP686: 12/6/2011 1:33:47 AM - Scheduled Checkpoint
RP687: 12/7/2011 9:12:13 PM - Scheduled Checkpoint
RP688: 12/8/2011 3:35:41 PM - Scheduled Checkpoint
RP689: 12/10/2011 1:58:32 AM - Scheduled Checkpoint
RP690: 12/10/2011 3:07:26 PM - Scheduled Checkpoint
RP691: 12/11/2011 8:07:16 PM - Scheduled Checkpoint
RP692: 12/12/2011 9:23:14 PM - Scheduled Checkpoint
RP693: 12/13/2011 11:54:40 PM - Windows Update
RP694: 12/14/2011 12:14:24 AM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP695: 12/14/2011 12:15:38 AM - Device Driver Package Install: Apple Network adapters
RP696: 12/14/2011 12:18:16 AM - Installed iTunes
RP697: 12/14/2011 12:20:36 PM - Scheduled Checkpoint
RP698: 12/15/2011 1:35:44 PM - Windows Update
RP699: 12/17/2011 9:14:33 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Acronis True Image Home
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Age of Empires Online
Aleks 3.15
Amazon MP3 Downloader 1.0.10
AppCore
Apple Application Support
Apple Software Update
AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.64.5
Backup
BigFix
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Norwegian
CCC Help Spanish
CCC Help Swedish
ccCommon
Comcast Desktop Software (v1.2.0.9)
Command & Conquer Red Alert 3 Demo
Compatibility Pack for the 2007 Office system
CyberLink LabelPrint
CyberLink Power2Go
Dawn of War: Soulstorm Demo
DivX Setup
eMusic Download Manager 4.1.4
Gateway Games
Gateway Recovery Management
GearDrvs
Google Chrome
Google Earth
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoZone iSync
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 5
KB0817 Keyboard Driver
Left 4 Dead
LimeWire 5.1.3
Linksys Wireless-N USB Network Adapter Driver - WUSB300N
LiveUpdate (Symantec Corporation)
Marvell Miniport Driver
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
Napster
Napster Burn Engine
Netflix Movie Viewer
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
QuickTime
Realtek Card Reader
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sid Meier's Civilization 4 Gold
Sid Meier's Civilization IV: Beyond the Sword - Final Frontier Demo
Skins
Skype™ 5.3
SmartCopy
SmartLauncher
SopCast 3.0.3
Steam
Symantec Technical Support Controls
Trojan Killer 2.1
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
VLC media player 0.9.8a
VoiceOver Kit
WavePad Sound Editor
Webroot SecureAnywhere
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Upload Tool
WinRAR archiver
WinZip 14.5
.
==== Event Viewer Messages From Past Week ========
.
12/15/2011 6:49:32 PM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
12/15/2011 5:01:45 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/15/2011 5:01:45 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/15/2011 5:01:45 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/15/2011 1:54:37 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
12/15/2011 1:38:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/15/2011 1:38:07 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/15/2011 1:38:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/14/2011 8:28:28 AM, Error: EventLog [6008] - The previous system shutdown at 1:00:36 AM on 12/14/2011 was unexpected.
12/14/2011 3:27:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
12/14/2011 3:27:30 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/14/2011 3:13:54 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 00226839044A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/14/2011 12:17:10 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/12/2011 8:42:12 PM, Error: EventLog [6008] - The previous system shutdown at 8:38:59 PM on 12/12/2011 was unexpected.
12/10/2011 1:17:30 PM, Error: Service Control Manager [7000] - The Linksys Wireless-N USB Network Adapter WUSB300N for Vista x64 (USB8x) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/10/2011 1:17:30 PM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/10/2011 1:17:30 PM, Error: Service Control Manager [7000] - The int15 service failed to start due to the following error: A device attached to the system is not functioning.
12/10/2011 1:14:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WRSVC service.
12/10/2011 1:09:58 PM, Error: Service Control Manager [7031] - The Empowering Technology Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

Belahzur wrote:

Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

It won't let me use this program. I believe because I am running Vista 64 bit version. I can no longer check btw and it wont let me open winver under start and search.

Thanks for what you've done so far.

Download MBRCheck to your desktop.

• Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  
• It will show a black screen with some data on it.
  
• A report called MBRcheckxxxx.txt will be on your desktop
  
• Open this report and post its content in your next reply.
  

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Gateway
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Gateway
System Product Name: LX6200-01
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 165):
0x02C16000 \SystemRoot\system32\ntoskrnl.exe
0x0312E000 \SystemRoot\system32\hal.dll
0x0060F000 \SystemRoot\system32\kdcom.dll
0x00619000 \SystemRoot\system32\PSHED.dll
0x0062D000 \SystemRoot\system32\CLFS.SYS
0x0068A000 \SystemRoot\system32\CI.dll
0x00805000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008ED000 \SystemRoot\system32\drivers\acpi.sys
0x00943000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094C000 \SystemRoot\system32\drivers\msisadrv.sys
0x00956000 \SystemRoot\system32\drivers\pci.sys
0x00986000 \SystemRoot\System32\drivers\partmgr.sys
0x0099B000 \SystemRoot\system32\drivers\volmgr.sys
0x0073C000 \SystemRoot\System32\drivers\volmgrx.sys
0x009AF000 \SystemRoot\system32\drivers\pciide.sys
0x009B6000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009C6000 \SystemRoot\System32\drivers\mountmgr.sys
0x009D9000 \SystemRoot\system32\drivers\atapi.sys
0x007A2000 \SystemRoot\system32\drivers\ataport.SYS
0x00A03000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A49000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A5D000 \SystemRoot\System32\drivers\WRkrn.sys
0x00A7B000 \SystemRoot\System32\drivers\msrpc.sys
0x00ACB000 \SystemRoot\System32\drivers\NETIO.SYS
0x00C0D000 \SystemRoot\System32\drivers\NDIS.SYS
0x00DD0000 \SystemRoot\System32\drivers\TDI.SYS
0x00DDD000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00B23000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E0F000 \SystemRoot\System32\drivers\tcpip.sys
0x00F83000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0100A000 \SystemRoot\system32\DRIVERS\timntr.sys
0x01202000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01386000 \SystemRoot\system32\drivers\volsnap.sys
0x01407000 \SystemRoot\system32\DRIVERS\tdrpm258.sys
0x01573000 \SystemRoot\System32\Drivers\spldr.sys
0x0157B000 \SystemRoot\system32\DRIVERS\snapman.sys
0x015BB000 \SystemRoot\System32\Drivers\mup.sys
0x015CD000 \SystemRoot\System32\drivers\ecache.sys
0x013CA000 \SystemRoot\system32\drivers\disk.sys
0x010F3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x013DE000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x013E6000 \SystemRoot\system32\drivers\crcdisk.sys
0x01133000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01140000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x01149000 \SystemRoot\system32\DRIVERS\processr.sys
0x04C0D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0526B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0534A000 \SystemRoot\System32\drivers\watchdog.sys
0x05359000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0536C000 \SystemRoot\system32\drivers\AVer88xHD64.sys
0x0115C000 \SystemRoot\system32\drivers\ks.sys
0x053D6000 \SystemRoot\system32\drivers\BdaSup.SYS
0x053DA000 \SystemRoot\system32\drivers\ksthunk.sys
0x01190000 \SystemRoot\system32\DRIVERS\yk60x64.sys
0x053E0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x00FAF000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x00FBF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x053F2000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x04C00000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x00BAA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x00FDB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x009E1000 \SystemRoot\system32\DRIVERS\parport.sys
0x00DE9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x00FEC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x007C6000 \SystemRoot\system32\DRIVERS\serial.sys
0x00E00000 \SystemRoot\system32\DRIVERS\serenum.sys
0x05409000 \SystemRoot\system32\DRIVERS\CAXHWBS2.sys
0x05476000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x05607000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x056CF000 \SystemRoot\system32\drivers\modem.sys
0x056DE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x05716000 \SystemRoot\system32\DRIVERS\storport.sys
0x05773000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05796000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x057A2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x057D3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05802000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05820000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05838000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0584A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05856000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05858000 \SystemRoot\system32\DRIVERS\circlass.sys
0x05869000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x05874000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05884000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x058CB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x058DF000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x0590A000 \SystemRoot\system32\drivers\portcls.sys
0x05945000 \SystemRoot\system32\drivers\drmk.sys
0x0680C000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x06976000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x06980000 \SystemRoot\System32\Drivers\Null.SYS
0x06993000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0699B000 \SystemRoot\System32\drivers\vga.sys
0x069A9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x069CE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x069D7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x069E0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x069EB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x06800000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x05968000 \SystemRoot\system32\DRIVERS\tdx.sys
0x05985000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x06A04000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x06A3A000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x06A45000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0x06A4E000 \SystemRoot\System32\Drivers\SYMNDISV.SYS
0x06A5C000 \SystemRoot\System32\Drivers\SYMFW.SYS
0x06A84000 \SystemRoot\system32\DRIVERS\smb.sys
0x06A9F000 \SystemRoot\system32\drivers\afd.sys
0x06B0B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x06B4F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x06B6D000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x06B77000 \SystemRoot\system32\DRIVERS\netbios.sys
0x06B86000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x06BA1000 \SystemRoot\System32\Drivers\SRTSPX64.SYS
0x06C02000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x06C50000 \SystemRoot\system32\drivers\nsiproxy.sys
0x06C5C000 \??\C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20090219.003\IDSvia64.sys
0x06CBA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06CD6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x06CD8000 \SystemRoot\System32\Drivers\RTS5121.sys
0x06D0E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06D17000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06D29000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x06D9F000 \SystemRoot\System32\Drivers\dfsc.sys
0x06DBC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x06DF6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x06E03000 \SystemRoot\system32\DRIVERS\udfs.sys
0x06E51000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06E5F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06E6B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x06E73000 \SystemRoot\System32\drivers\Dxapi.sys
0x00460000 \SystemRoot\System32\TSDDD.dll
0x06E92000 \SystemRoot\system32\drivers\luafv.sys
0x06EB4000 \SystemRoot\system32\drivers\spsys.sys
0x06F72000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06F86000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06FBA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x06FC5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x08403000 \SystemRoot\system32\drivers\HTTP.sys
0x084A2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x084CB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x084E9000 \SystemRoot\system32\drivers\mrxdav.sys
0x08510000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08539000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x08582000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x085A1000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08E0A000 \SystemRoot\System32\DRIVERS\srv.sys
0x08EA1000 \SystemRoot\system32\DRIVERS\afcdp.sys
0x08EF9000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x08EFE000 \SystemRoot\system32\drivers\peauth.sys
0x08FB4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08FBF000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08FCE000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x08EE1000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x08FEE000 \SystemRoot\system32\DRIVERS\xaudio64.sys
0x085D3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06FDD000 \SystemRoot\System32\Drivers\usbaapl64.sys
0x06F4E000 \SystemRoot\system32\DRIVERS\usbcir.sys
0x06FEE000 \SystemRoot\system32\DRIVERS\wpdusb.sys
0x085F1000 \SystemRoot\system32\DRIVERS\hidir.sys
0x00670000 \SystemRoot\System32\cdd.dll
0x770C0000 \Windows\System32\ntdll.dll

Processes (total 71):
0 System Idle Process
4 System
944 C:\Windows\System32\smss.exe
528 csrss.exe
892 C:\Windows\System32\wininit.exe
912 csrss.exe
968 C:\Windows\System32\services.exe
988 C:\Windows\System32\lsass.exe
996 C:\Windows\System32\lsm.exe
992 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\winlogon.exe
1100 C:\Program Files (x86)\Webroot\WRSA.exe
1132 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\Ati2evxx.exe
1208 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\audiodg.exe
1352 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\SLsvc.exe
1452 C:\Windows\System32\svchost.exe
1604 C:\Windows\System32\svchost.exe
1888 C:\Windows\System32\spoolsv.exe
1928 C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
2088 C:\Windows\System32\Ati2evxx.exe
2776 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2796 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2848 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2892 C:\Program Files\Bonjour\mDNSResponder.exe
2916 C:\Windows\System32\svchost.exe
2944 C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
1980 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\svchost.exe
2340 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2416 C:\Windows\System32\SearchIndexer.exe
2532 C:\Windows\System32\drivers\XAudio64.exe
2632 C:\Windows\System32\rundll32.exe
3232 C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
3240 WUDFHost.exe
3412 C:\Windows\System32\taskeng.exe
3700 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3872 C:\Windows\System32\taskeng.exe
3904 C:\Program Files (x86)\Webroot\WRSA.exe
3912 C:\Windows\System32\dwm.exe
3988 C:\Windows\explorer.exe
4000 C:\Windows\mHotkey.exe
4032 C:\Windows\System32\taskeng.exe
4044 C:\Program Files\Windows Media Player\wmpnscfg.exe
5012 C:\Windows\ChiFuncExt.exe
2556 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4228 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3356 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
4800 C:\Program Files (x86)\Internet Explorer\iexplore.exe
380 C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
6708 C:\Program Files\iPod\bin\iPodService.exe
7228 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3444 C:\Users\milfkrieg\AppData\Roaming\Microsoft\44A6\268.exe
8452 C:\Users\milfkrieg\AppData\Roaming\D9471\lvvm.exe
7720 C:\Program Files (x86)\Internet Explorer\iexplore.exe
6396 C:\Users\milfkrieg\AppData\Roaming\628D9\39044.exe
6024 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3308 C:\Program Files (x86)\Internet Explorer\iexplore.exe
8300 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
9732 WUDFHost.exe
6036 C:\Windows\System32\mobsync.exe
4832 C:\Windows\System32\wuauclt.exe
10036 C:\Program Files (x86)\Internet Explorer\iexplore.exe
6624 C:\Program Files (x86)\Internet Explorer\iexplore.exe
9788 C:\Windows\System32\SearchProtocolHost.exe
9324 C:\Windows\System32\SearchFilterHost.exe
3544 C:\Users\milfkrieg\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71200000 (NTFS)
\\.\I: --> \\.\PhysicalDrive5 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST3750630AS, Rev: SD46
PhysicalDrive5 Model Number: WD15EARS External, Rev: 1.75

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 53902D02D6A9EDB1C16B4443A248CC81F6527D29
1397 GB \\.\PhysicalDrive5 Windows XP MBR code detected
SHA1: DA38B874B7713D1B

Hello.
Do you have your Vista OS disc?