Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Vista Anti-Virus on system. :-(


  • This topic is locked This topic is locked
2 replies to this topic

#1 mrdogcat

mrdogcat

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 27 April 2011 - 06:53 AM

Hi guys, first off thanks for all you help on boards like these.

A mate of mine has given me his laptop running Vista Home which has managed to get vista antivirus on it (as you probably know this 'aint no anti-virus software)

Any way I ran Malwarebytes which seems to have stopped it from running. The rest is over to you.

Here are my logs:

MalwareBytes Log

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 6449

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19048

26/04/2011 19:43:37
mbam-log-2011-04-26 (19-43-37).txt

Scan type: Quick scan
Objects scanned: 149438
Time elapsed: 2 minute(s), 39 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
c:\Users\anthony\AppData\Local\vqr.exe (Spyware.Agent) -> 276 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default ) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInter net\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\anthony\AppData\Local\vqr.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (File Type Info - File Extension Search) Good: (http://shell.windows.com/fileassoc/%...dir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(defa ult) (Broken.OpenCommand) -> Bad: ("C:\Users\anthony\AppData\Local\vqr.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\anthony\AppData\Local\vqr.exe (Spyware.Agent) -> Quarantined and deleted successfully.
c:\Users\anthony\local settings\vqr.exe (Spyware.Agent) -> Quarantined and deleted successfully.
c:\Users\anthony\local settings\xyv.exe (Spyware.Agent) -> Quarantined and deleted successfully.
c:\Users\anthony\local settings\application data\vqr.exe (Spyware.Agent) -> Quarantined and deleted successfully.
c:\Users\anthony\local settings\application data\xyv.exe (Spyware.Agent) -> Quarantined and deleted successfully.


GMER Log

GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-27 08:32:41
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000071 WDC_WD25 rev.11.0
Running: 5cr1dvhe.exe; Driver: C:\Users\anthony\AppData\Local\Temp\fgtiqfow.sys


---- System - GMER 1.0.15 ----

SSDT 87181BD8 ZwAlertResumeThread
SSDT 871A0880 ZwAlertThread
SSDT 879894D8 ZwAllocateVirtualMemory
SSDT 870B4888 ZwAlpcConnectPort
SSDT 877B9110 ZwAssignProcessToJobObject
SSDT 87990130 ZwCreateMutant
SSDT 87995398 ZwCreateSymbolicLinkObject
SSDT 8794B388 ZwCreateThread
SSDT 877B5118 ZwDebugActiveProcess
SSDT 879896F0 ZwDuplicateObject
SSDT 8798ADF8 ZwFreeVirtualMemory
SSDT 871D3110 ZwImpersonateAnonymousToken
SSDT 871C7EC8 ZwImpersonateThread
SSDT 870B5A08 ZwLoadDriver
SSDT 8798AC98 ZwMapViewOfSection
SSDT 871CB408 ZwOpenEvent
SSDT 87989910 ZwOpenProcess
SSDT 871EFBD0 ZwOpenProcessToken
SSDT 8726D110 ZwOpenSection
SSDT 87989800 ZwOpenThread
SSDT 879940B0 ZwProtectVirtualMemory
SSDT 87483878 ZwResumeThread
SSDT 8716B960 ZwSetContextThread
SSDT 8798AA40 ZwSetInformationProcess
SSDT 872B2968 ZwSetSystemInformation
SSDT 871DA068 ZwSuspendProcess
SSDT 8719A9D8 ZwSuspendThread
SSDT 871CC340 ZwTerminateProcess
SSDT 871AD7C0 ZwTerminateThread
SSDT 871CB6F8 ZwUnmapViewOfSection
SSDT 87989188 ZwWriteVirtualMemory
SSDT 87995868 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 81EF08A0 8 Bytes [D8, 1B, 18, 87, 80, 08, 1A, ...] {FCOMP DWORD [EBX]; SBB [EDI-0x78e5f780], AL}
.text ntkrnlpa.exe!KeSetEvent + 131 81EF08B4 4 Bytes [D8, 94, 98, 87]
.text ntkrnlpa.exe!KeSetEvent + 13D 81EF08C0 4 Bytes [88, 48, 0B, 87]
.text ntkrnlpa.exe!KeSetEvent + 191 81EF0914 4 Bytes [10, 91, 7B, 87]
.text ntkrnlpa.exe!KeSetEvent + 1F5 81EF0978 4 Bytes [30, 01, 99, 87]
.text ...
? System32\drivers\hlrlj.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8DC06000, 0x20B6D6, 0xE8000020]
C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0x9EF3D41C]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0x9EF3E000, 0x1000, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[1584] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 766BB37C 4 Bytes [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL}
.text C:\Windows\Explorer.EXE[1584] SHELL32.dll!ShellExecuteExW + 18B7 766EDA0C 4 Bytes [10, 1B, 00, 10] {ADC [EBX], BL; ADD [EAX], DL}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74627817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7467A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7462BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7461F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7461E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74658395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7462DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7461FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7461FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [746ACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7464C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7461D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74616853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7461687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74622AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


MBRCheck

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 5535
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 175):
0x81E44000 \SystemRoot\system32\ntkrnlpa.exe
0x81E11000 \SystemRoot\system32\hal.dll
0x80407000 \SystemRoot\system32\kdcom.dll
0x8040E000 \SystemRoot\system32\PSHED.dll
0x8041F000 \SystemRoot\system32\BOOTVID.dll
0x80427000 \SystemRoot\system32\CLFS.SYS
0x80468000 \SystemRoot\system32\CI.dll
0x80548000 \SystemRoot\System32\drivers\hlrlj.sys
0x80556000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805D2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80600000 \SystemRoot\system32\drivers\acpi.sys
0x80646000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8064F000 \SystemRoot\system32\drivers\msisadrv.sys
0x80657000 \SystemRoot\system32\drivers\pci.sys
0x8067E000 \SystemRoot\System32\drivers\partmgr.sys
0x8068D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80690000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8069A000 \SystemRoot\system32\drivers\volmgr.sys
0x806A9000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F3000 \SystemRoot\System32\drivers\mountmgr.sys
0x80703000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8070B000 \SystemRoot\system32\drivers\atapi.sys
0x80713000 \SystemRoot\system32\drivers\ataport.SYS
0x80731000 \SystemRoot\system32\drivers\msahci.sys
0x8073B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80749000 \SystemRoot\system32\drivers\fltmgr.sys
0x8077B000 \SystemRoot\system32\drivers\fileinfo.sys
0x8078B000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x80794000 \SystemRoot\system32\drivers\N360\0308000.029\SYME FA.SYS
0x807E3000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x89801000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89872000 \SystemRoot\system32\drivers\ndis.sys
0x8997D000 \SystemRoot\system32\drivers\msrpc.sys
0x899A8000 \SystemRoot\system32\drivers\NETIO.SYS
0x89A0C000 \SystemRoot\System32\drivers\tcpip.sys
0x89AF6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89C05000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89D15000 \SystemRoot\system32\drivers\volsnap.sys
0x89D4E000 \SystemRoot\System32\Drivers\spldr.sys
0x89D56000 \SystemRoot\System32\Drivers\mup.sys
0x89D65000 \SystemRoot\System32\drivers\ecache.sys
0x89D8C000 \SystemRoot\system32\drivers\disk.sys
0x89D9D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x89DBE000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x89DC6000 \SystemRoot\system32\drivers\crcdisk.sys
0x89B11000 \SystemRoot\system32\DRIVERS\ahcix86s.sys
0x89B51000 \SystemRoot\system32\DRIVERS\storport.sys
0x89DE6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x89DF1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x89BD2000 \SystemRoot\system32\DRIVERS\processr.sys
0x89BE1000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8DC05000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8D60F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D6AF000 \SystemRoot\System32\drivers\watchdog.sys
0x8D6BB000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8D6F2000 \SystemRoot\system32\DRIVERS\athr.sys
0x8D7D9000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D7F1000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8D7F9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8D600000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8E19C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E1DA000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x8D60A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E1E3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E203000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E290000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E294000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E2A7000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8E2B1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E2BC000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8E2EC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E2F7000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E326000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E331000 \SystemRoot\System32\Drivers\RootMdm.sys
0x8E339000 \SystemRoot\system32\drivers\modem.sys
0x8E346000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E35D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E368000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E38B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E39A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E3AE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E3C3000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x8E3CA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E3DA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E604000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E62E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E638000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E645000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E67A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E801000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8EA0B000 \SystemRoot\system32\drivers\portcls.sys
0x8EA38000 \SystemRoot\system32\drivers\drmk.sys
0x8EA5D000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8EA9A000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8E68B000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8EB9D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EBA6000 \SystemRoot\System32\Drivers\Null.SYS
0x8EBAD000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EBB4000 \SystemRoot\System32\drivers\vga.sys
0x8EBC0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EBE1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EBE9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EBF1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E73F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E74D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E756000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E76C000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMT DI.SYS
0x8E7A0000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8E7C5000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMN DISV.SYS
0x8E7D3000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMF W.SYS
0x8E7E8000 \SystemRoot\system32\DRIVERS\smb.sys
0x8EC0C000 \SystemRoot\system32\drivers\afd.sys
0x8EC54000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EC86000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8EC99000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8ECAF000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x8ECB8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8ECC6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8ECD9000 \SystemRoot\system32\drivers\N360\0308000.029\SRTS PX.SYS
0x8ECE3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8ED1F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8ED29000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110425. 001\IDSvix86.sys
0x8ED84000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8EDE2000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x8E3DC000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F409000 \SystemRoot\System32\Drivers\N360\0308000.029\ccHP x86.sys
0x8F484000 \SystemRoot\System32\Drivers\N360\0308000.029\BHDr vx86.sys
0x8F4C6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F4DD000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F4FE000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8F526000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8F53C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F549000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8F553000 \SystemRoot\System32\Drivers\dump_ahcix86s.sys
0x984B0000 \SystemRoot\System32\win32k.sys
0x8F593000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F59D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x986D0000 \SystemRoot\System32\TSDDD.dll
0x986F0000 \SystemRoot\System32\cdd.dll
0x8F5AC000 \SystemRoot\system32\drivers\luafv.sys
0x9B80F000 \SystemRoot\system32\drivers\spsys.sys
0x9B8BF000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x9B8D1000 \SystemRoot\system32\DRIVERS\irda.sys
0x9B8EF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9B8FF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9B929000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9B933000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9B946000 \SystemRoot\system32\drivers\HTTP.sys
0x9B9B3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B9D0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9B9E9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8F5C7000 \SystemRoot\system32\drivers\mrxdav.sys
0x89B92000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9C60D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C646000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9C65E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9C686000 \SystemRoot\System32\DRIVERS\srv.sys
0x9C6ED000 \??\C:\Windows\system32\drivers\int15.sys
0x9C6F4000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9C70D000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
0x9EE07000 \SystemRoot\system32\drivers\peauth.sys
0x9EEE5000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0x9EEEE000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0x9EF00000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9EF0A000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9EF16000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9EF1E000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
0x9EF66000 \SystemRoot\System32\Drivers\N360\0308000.029\SRTS P.SYS
0xA0C08000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2011042 5.037\NAVEX15.SYS
0xA0D5B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2011042 5.037\NAVENG.SYS
0xA0D6F000 \??\C:\Users\anthony\AppData\Local\Temp\fgtiqfow.s ys
0xA0D8C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA0DA1000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA0DB6000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x77770000 \Windows\System32\ntdll.dll

Processes (total 78):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
564 csrss.exe
624 C:\Windows\System32\wininit.exe
632 csrss.exe
672 C:\Windows\System32\services.exe
688 C:\Windows\System32\lsass.exe
696 C:\Windows\System32\lsm.exe
732 C:\Windows\System32\winlogon.exe
892 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\Ati2evxx.exe
1088 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\audiodg.exe
1304 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\SLsvc.exe
1384 C:\Windows\System32\Ati2evxx.exe
1412 C:\Windows\System32\svchost.exe
1600 C:\Windows\System32\svchost.exe
1800 C:\Windows\System32\spoolsv.exe
1832 C:\Windows\System32\svchost.exe
484 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
616 C:\Program Files\Bonjour\mDNSResponder.exe
692 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
1396 C:\Windows\System32\dwm.exe
1584 C:\Windows\explorer.exe
1852 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
1900 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
2020 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
968 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1508 C:\Acer\Mobility Center\MobilityService.exe
2176 C:\Windows\System32\taskeng.exe
2232 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
2324 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2372 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2420 C:\Windows\System32\svchost.exe
2464 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2500 C:\Windows\System32\svchost.exe
2580 C:\Windows\System32\svchost.exe
2656 C:\Windows\System32\SearchIndexer.exe
2708 C:\Windows\System32\drivers\XAudio.exe
2724 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3280 unsecapp.exe
3288 WmiPrvSE.exe
3320 dllhost.exe
3608 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
3844 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3868 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
4012 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
4068 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
2268 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
1072 C:\Windows\RtHDVCpl.exe
4088 C:\Program Files\Launch Manager\LManager.exe
2212 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
3068 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
1288 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3152 C:\Program Files\Epson Software\Event Manager\EEventManager.exe
292 C:\Program Files\iTunes\iTunesHelper.exe
3188 C:\Program Files\Common Files\Java\Java Update\jusched.exe
900 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
3192 C:\Program Files\Windows Media Player\wmpnscfg.exe
3648 C:\Program Files\Windows Media Player\wmpnetwk.exe
4136 C:\Program Files\OpenOffice.org 3\program\soffice.exe
4348 C:\Program Files\OpenOffice.org 3\program\soffice.bin
4444 C:\Windows\System32\wbem\unsecapp.exe
4732 C:\Program Files\iPod\bin\iPodService.exe
4912 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5124 C:\Windows\System32\svchost.exe
4804 C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.Notificati onCenter.exe
6040 C:\Windows\System32\taskmgr.exe
5320 C:\Users\anthony\Desktop\5cr1dvhe.exe
5300 WUDFHost.exe
2848 C:\Windows\System32\SearchProtocolHost.exe
2796 C:\Windows\System32\SearchFilterHost.exe
6004 C:\Users\anthony\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`55400000 (NTFS)

PhysicalDrive0 Model Number: WDC WD2500BEVT-22ZCT0, Rev: 11.0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 RE: Unknown MBR code
SHA1: DA67949D8E80AE4B877B861155C27C0550D2F7A3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!


DDS
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by anthony at 8:38:16.54 on 27/04/2011
Internet Explorer: 8.0.6001.19048
MicrosoftĂ Windows Vista˘ Home Basic 6.0.6002.2.1252.44.1033.18.2814.1456 [GMT 1:00]
.
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.Notificati onCenter.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\anthony\Desktop\5cr1dvhe.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\anthony\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sn111w.snt111.mail.live.com/default.aspx?wa=wsignin1.0
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1108&m=aspire_ 5535
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1108&m=aspire_ 5535
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1108&m=aspire_ 5535
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\s wg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInsta nce.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [EPSON SX600FW Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatie ke.exe /fu "c:\windows\temp\E_S4E3F.tmp" /EF "HKCU"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eRecoveryService]
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ProductReg] "c:\program files\acer\wr_popup\ProductReg.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\anthony\appdata\roaming\micros~1\windows\ startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.02 9\BHDrvx86.sys [2011-4-26 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000. 029\cchpx86.sys [2011-4-26 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110425. 001\IDSvix86.sys [2011-4-26 353912]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-8-20 122368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-4-25 102448]
.
=============== Created Last 30 ================
.
2011-04-26 18:39:24 -------- d-----w- c:\users\anthony\appdata\roaming\Malwarebytes
2011-04-26 18:39:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-26 18:39:17 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-26 18:39:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-26 18:39:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-26 17:32:59 48688 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symnd isv.sys
2011-04-26 17:32:59 36400 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symnd is.sys
2011-04-26 17:32:59 217136 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symtd i.sys
2011-04-26 17:32:58 89904 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symfw .sys
2011-04-26 17:32:58 482432 ----a-w- c:\windows\system32\drivers\n360\0308000.029\cchpx 86.sys
2011-04-26 17:32:58 43696 ----a-w- c:\windows\system32\drivers\n360\0308000.029\srtsp x.sys
2011-04-26 17:32:58 33072 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symid s.sys
2011-04-26 17:32:58 310320 ----a-w- c:\windows\system32\drivers\n360\0308000.029\SymEF A.sys
2011-04-26 17:32:58 308272 ----a-w- c:\windows\system32\drivers\n360\0308000.029\srtsp .sys
2011-04-26 17:32:58 259632 ----a-w- c:\windows\system32\drivers\n360\0308000.029\BHDrv x86.sys
2011-04-26 17:32:00 -------- d-----w- c:\windows\system32\drivers\n360\0308000.029
2011-04-25 17:29:48 -------- d-----w- c:\windows\system32\N360_BACKUP
2011-04-25 17:19:54 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-25 17:19:54 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-04-25 17:19:49 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2011-04-25 17:19:42 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-25 17:19:03 -------- d-----w- c:\program files\Symantec
2011-04-25 17:19:03 -------- d-----w- c:\program files\common files\Symantec Shared
2011-04-25 17:17:39 -------- d-----w- c:\windows\system32\drivers\N360
2011-04-25 17:17:33 -------- d-----w- c:\program files\Norton 360
2011-04-25 17:15:41 -------- d-----w- c:\program files\NortonInstaller
2011-04-13 16:05:56 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-13 16:05:56 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-13 16:05:51 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-13 16:05:46 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-13 16:05:43 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 16:05:35 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 0628 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-02-02 21:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 8:40:12.98 ===============

And my HijackThis Log if you need it...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:33:18, on 27/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.Notificati onCenter.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\anthony\Desktop\plane.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5535
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sn111w.snt111.mail.live.com/d...?wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5535
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5535
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [EPSON SX600FW Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIE KE.EXE /FU "C:\Windows\TEMP\E_S4E3F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12582 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:34 AM

Posted 28 April 2011 - 11:35 AM

http://forums.malwarebytes.org/index.php?showtopic=83116

Since you are being helped by Screen317 at Malwarebytes forum I am closing this thread.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:34 AM

Posted 28 April 2011 - 11:36 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users