Vista AntiVirus on system... probably other stuff too.

**mrdogcat** · 27-04-2011

Hi guys, first off thanks for all you help on boards like these.

A mate of mine has given me his laptop running Vista Home which has managed to get vista antivirus on it (as you probably know this 'aint no anti-virus software)

Any way I ran Malwarebytes which seems to have stopped it from running. The rest is over to you.

Here are my logs:

MalwareBytes Log

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 6449

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19048

26/04/2011 19:43:37
mbam-log-2011-04-26 (19-43-37).txt

Scan type: Quick scan
Objects scanned: 149438
Time elapsed: 2 minute(s), 39 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
c:\Users\anthony\AppData\Local\vqr.exe (Spyware.Agent) -> 276 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default ) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInter net\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\anthony\AppData\Local\vqr.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (File Type Info - File Extension Search) Good: (http://shell.windows.com/fileassoc/%...dir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(defa ult) (Broken.OpenCommand) -> Bad: ("C:\Users\anthony\AppData\Local\vqr.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\anthony\AppData\Local\vqr.exe (Spyware.Agent) -> Quarantined and deleted successfully.
c:\Users\anthony\local settings\vqr.exe (Spyware.Agent) -> Quarantined and deleted successfully.
c:\Users\anthony\local settings\xyv.exe (Spyware.Agent) -> Quarantined and deleted successfully.
c:\Users\anthony\local settings\application data\vqr.exe (Spyware.Agent) -> Quarantined and deleted successfully.
c:\Users\anthony\local settings\application data\xyv.exe (Spyware.Agent) -> Quarantined and deleted successfully.

GMER Log

GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-27 08:32:41
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000071 WDC_WD25 rev.11.0
Running: 5cr1dvhe.exe; Driver: C:\Users\anthony\AppData\Local\Temp\fgtiqfow.sys

---- System - GMER 1.0.15 ----

SSDT 87181BD8 ZwAlertResumeThread
SSDT 871A0880 ZwAlertThread
SSDT 879894D8 ZwAllocateVirtualMemory
SSDT 870B4888 ZwAlpcConnectPort
SSDT 877B9110 ZwAssignProcessToJobObject
SSDT 87990130 ZwCreateMutant
SSDT 87995398 ZwCreateSymbolicLinkObject
SSDT 8794B388 ZwCreateThread
SSDT 877B5118 ZwDebugActiveProcess
SSDT 879896F0 ZwDuplicateObject
SSDT 8798ADF8 ZwFreeVirtualMemory
SSDT 871D3110 ZwImpersonateAnonymousToken
SSDT 871C7EC8 ZwImpersonateThread
SSDT 870B5A08 ZwLoadDriver
SSDT 8798AC98 ZwMapViewOfSection
SSDT 871CB408 ZwOpenEvent
SSDT 87989910 ZwOpenProcess
SSDT 871EFBD0 ZwOpenProcessToken
SSDT 8726D110 ZwOpenSection
SSDT 87989800 ZwOpenThread
SSDT 879940B0 ZwProtectVirtualMemory
SSDT 87483878 ZwResumeThread
SSDT 8716B960 ZwSetContextThread
SSDT 8798AA40 ZwSetInformationProcess
SSDT 872B2968 ZwSetSystemInformation
SSDT 871DA068 ZwSuspendProcess
SSDT 8719A9D8 ZwSuspendThread
SSDT 871CC340 ZwTerminateProcess
SSDT 871AD7C0 ZwTerminateThread
SSDT 871CB6F8 ZwUnmapViewOfSection
SSDT 87989188 ZwWriteVirtualMemory
SSDT 87995868 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 81EF08A0 8 Bytes [D8, 1B, 18, 87, 80, 08, 1A, ...] {FCOMP DWORD [EBX]; SBB [EDI-0x78e5f780], AL}
.text ntkrnlpa.exe!KeSetEvent + 131 81EF08B4 4 Bytes [D8, 94, 98, 87]
.text ntkrnlpa.exe!KeSetEvent + 13D 81EF08C0 4 Bytes [88, 48, 0B, 87]
.text ntkrnlpa.exe!KeSetEvent + 191 81EF0914 4 Bytes [10, 91, 7B, 87]
.text ntkrnlpa.exe!KeSetEvent + 1F5 81EF0978 4 Bytes [30, 01, 99, 87]
.text ...
? System32\drivers\hlrlj.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8DC06000, 0x20B6D6, 0xE8000020]
C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0x9EF3D41C]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0x9EF3E000, 0x1000, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[1584] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 766BB37C 4 Bytes [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL}
.text C:\Windows\Explorer.EXE[1584] SHELL32.dll!ShellExecuteExW + 18B7 766EDA0C 4 Bytes [10, 1B, 00, 10] {ADC [EBX], BL; ADD [EAX], DL}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74627817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7467A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7462BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7461F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7461E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74658395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7462DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7461FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7461FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [746ACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7464C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7461D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74616853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7461687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74622AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c77 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 5535
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 175):
0x81E44000 \SystemRoot\system32\ntkrnlpa.exe
0x81E11000 \SystemRoot\system32\hal.dll
0x80407000 \SystemRoot\system32\kdcom.dll
0x8040E000 \SystemRoot\system32\PSHED.dll
0x8041F000 \SystemRoot\system32\BOOTVID.dll
0x80427000 \SystemRoot\system32\CLFS.SYS
0x80468000 \SystemRoot\system32\CI.dll
0x80548000 \SystemRoot\System32\drivers\hlrlj.sys
0x80556000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805D2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80600000 \SystemRoot\system32\drivers\acpi.sys
0x80646000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8064F000 \SystemRoot\system32\drivers\msisadrv.sys
0x80657000 \SystemRoot\system32\drivers\pci.sys
0x8067E000 \SystemRoot\System32\drivers\partmgr.sys
0x8068D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80690000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8069A000 \SystemRoot\system32\drivers\volmgr.sys
0x806A9000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F3000 \SystemRoot\System32\drivers\mountmgr.sys
0x80703000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8070B000 \SystemRoot\system32\drivers\atapi.sys
0x80713000 \SystemRoot\system32\drivers\ataport.SYS
0x80731000 \SystemRoot\system32\drivers\msahci.sys
0x8073B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80749000 \SystemRoot\system32\drivers\fltmgr.sys
0x8077B000 \SystemRoot\system32\drivers\fileinfo.sys
0x8078B000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x80794000 \SystemRoot\system32\drivers\N360\0308000.029\SYME FA.SYS
0x807E3000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x89801000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89872000 \SystemRoot\system32\drivers\ndis.sys
0x8997D000 \SystemRoot\system32\drivers\msrpc.sys
0x899A8000 \SystemRoot\system32\drivers\NETIO.SYS
0x89A0C000 \SystemRoot\System32\drivers\tcpip.sys
0x89AF6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89C05000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89D15000 \SystemRoot\system32\drivers\volsnap.sys
0x89D4E000 \SystemRoot\System32\Drivers\spldr.sys
0x89D56000 \SystemRoot\System32\Drivers\mup.sys
0x89D65000 \SystemRoot\System32\drivers\ecache.sys
0x89D8C000 \SystemRoot\system32\drivers\disk.sys
0x89D9D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x89DBE000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x89DC6000 \SystemRoot\system32\drivers\crcdisk.sys
0x89B11000 \SystemRoot\system32\DRIVERS\ahcix86s.sys
0x89B51000 \SystemRoot\system32\DRIVERS\storport.sys
0x89DE6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x89DF1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x89BD2000 \SystemRoot\system32\DRIVERS\processr.sys
0x89BE1000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8DC05000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8D60F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D6AF000 \SystemRoot\System32\drivers\watchdog.sys
0x8D6BB000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8D6F2000 \SystemRoot\system32\DRIVERS\athr.sys
0x8D7D9000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D7F1000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8D7F9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8D600000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8E19C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E1DA000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x8D60A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E1E3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E203000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E290000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E294000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E2A7000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8E2B1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E2BC000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8E2EC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E2F7000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E326000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E331000 \SystemRoot\System32\Drivers\RootMdm.sys
0x8E339000 \SystemRoot\system32\drivers\modem.sys
0x8E346000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E35D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E368000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E38B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E39A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E3AE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E3C3000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x8E3CA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E3DA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E604000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E62E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E638000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E645000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E67A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E801000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8EA0B000 \SystemRoot\system32\drivers\portcls.sys
0x8EA38000 \SystemRoot\system32\drivers\drmk.sys
0x8EA5D000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8EA9A000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8E68B000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8EB9D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EBA6000 \SystemRoot\System32\Drivers\Null.SYS
0x8EBAD000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EBB4000 \SystemRoot\System32\drivers\vga.sys
0x8EBC0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EBE1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EBE9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EBF1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E73F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E74D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E756000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E76C000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMT DI.SYS
0x8E7A0000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8E7C5000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMN DISV.SYS
0x8E7D3000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMF W.SYS
0x8E7E8000 \SystemRoot\system32\DRIVERS\smb.sys
0x8EC0C000 \SystemRoot\system32\drivers\afd.sys
0x8EC54000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EC86000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8EC99000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8ECAF000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x8ECB8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8ECC6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8ECD9000 \SystemRoot\system32\drivers\N360\0308000.029\SRTS PX.SYS
0x8ECE3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8ED1F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8ED29000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110425. 001\IDSvix86.sys
0x8ED84000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8EDE2000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x8E3DC000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F409000 \SystemRoot\System32\Drivers\N360\0308000.029\ccHP x86.sys
0x8F484000 \SystemRoot\System32\Drivers\N360\0308000.029\BHDr vx86.sys
0x8F4C6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F4DD000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F4FE000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8F526000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8F53C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F549000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8F553000 \SystemRoot\System32\Drivers\dump_ahcix86s.sys
0x984B0000 \SystemRoot\System32\win32k.sys
0x8F593000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F59D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x986D0000 \SystemRoot\System32\TSDDD.dll
0x986F0000 \SystemRoot\System32\cdd.dll
0x8F5AC000 \SystemRoot\system32\drivers\luafv.sys
0x9B80F000 \SystemRoot\system32\drivers\spsys.sys
0x9B8BF000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x9B8D1000 \SystemRoot\system32\DRIVERS\irda.sys
0x9B8EF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9B8FF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9B929000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9B933000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9B946000 \SystemRoot\system32\drivers\HTTP.sys
0x9B9B3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B9D0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9B9E9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8F5C7000 \SystemRoot\system32\drivers\mrxdav.sys
0x89B92000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9C60D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C646000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9C65E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9C686000 \SystemRoot\System32\DRIVERS\srv.sys
0x9C6ED000 \??\C:\Windows\system32\drivers\int15.sys
0x9C6F4000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9C70D000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
0x9EE07000 \SystemRoot\system32\drivers\peauth.sys
0x9EEE5000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0x9EEEE000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0x9EF00000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9EF0A000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9EF16000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9EF1E000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
0x9EF66000 \SystemRoot\System32\Drivers\N360\0308000.029\SRTS P.SYS
0xA0C08000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2011042 5.037\NAVEX15.SYS
0xA0D5B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2011042 5.037\NAVENG.SYS
0xA0D6F000 \??\C:\Users\anthony\AppData\Local\Temp\fgtiqfow.s ys
0xA0D8C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA0DA1000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA0DB6000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x77770000 \Windows\System32\ntdll.dll

Processes (total 78):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
564 csrss.exe
624 C:\Windows\System32\wininit.exe
632 csrss.exe
672 C:\Windows\System32\services.exe
688 C:\Windows\System32\lsass.exe
696 C:\Windows\System32\lsm.exe
732 C:\Windows\System32\winlogon.exe
892 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\Ati2evxx.exe
1088 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\audiodg.exe
1304 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\SLsvc.exe
1384 C:\Windows\System32\Ati2evxx.exe
1412 C:\Windows\System32\svchost.exe
1600 C:\Windows\System32\svchost.exe
1800 C:\Windows\System32\spoolsv.exe
1832 C:\Windows\System32\svchost.exe
484 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
616 C:\Program Files\Bonjour\mDNSResponder.exe
692 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
1396 C:\Windows\System32\dwm.exe
1584 C:\Windows\explorer.exe
1852 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
1900 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
2020 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
968 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1508 C:\Acer\Mobility Center\MobilityService.exe
2176 C:\Windows\System32\taskeng.exe
2232 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
2324 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2372 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2420 C:\Windows\System32\svchost.exe
2464 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2500 C:\Windows\System32\svchost.exe
2580 C:\Windows\System32\svchost.exe
2656 C:\Windows\System32\SearchIndexer.exe
2708 C:\Windows\System32\drivers\XAudio.exe
2724 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3280 unsecapp.exe
3288 WmiPrvSE.exe
3320 dllhost.exe
3608 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
3844 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3868 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
4012 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
4068 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
2268 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
1072 C:\Windows\RtHDVCpl.exe
4088 C:\Program Files\Launch Manager\LManager.exe
2212 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
3068 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
1288 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3152 C:\Program Files\Epson Software\Event Manager\EEventManager.exe
292 C:\Program Files\iTunes\iTunesHelper.exe
3188 C:\Program Files\Common Files\Java\Java Update\jusched.exe
900 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
3192 C:\Program Files\Windows Media Player\wmpnscfg.exe
3648 C:\Program Files\Windows Media Player\wmpnetwk.exe
4136 C:\Program Files\OpenOffice.org 3\program\soffice.exe
4348 C:\Program Files\OpenOffice.org 3\program\soffice.bin
4444 C:\Windows\System32\wbem\unsecapp.exe
4732 C:\Program Files\iPod\bin\iPodService.exe
4912 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5124 C:\Windows\System32\svchost.exe
4804 C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.Notificati onCenter.exe
6040 C:\Windows\System32\taskmgr.exe
5320 C:\Users\anthony\Desktop\5cr1dvhe.exe
5300 WUDFHost.exe
2848 C:\Windows\System32\SearchProtocolHost.exe
2796 C:\Windows\System32\SearchFilterHost.exe
6004 C:\Users\anthony\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`55400000 (NTFS)

PhysicalDrive0 Model Number: WDC WD2500BEVT-22ZCT0, Rev: 11.0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 RE: Unknown MBR code
SHA1: DA67949D8E80AE4B877B861155C27C0550D2F7A3

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

DDS
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by anthony at 8:38:16.54 on 27/04/2011
Internet Explorer: 8.0.6001.19048
MicrosoftÆ Windows Vistaô Home Basic 6.0.6002.2.1252.44.1033.18.2814.1456 [GMT 1:00]
.
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.Notificati onCenter.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\anthony\Desktop\5cr1dvhe.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\anthony\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sn111w.snt111.mail.live.com/default.aspx?wa=wsignin1.0
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1108&m=aspire_ 5535
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1108&m=aspire_ 5535
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1108&m=aspire_ 5535
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\s wg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInsta nce.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [EPSON SX600FW Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatie ke.exe /fu "c:\windows\temp\E_S4E3F.tmp" /EF "HKCU"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eRecoveryService]
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ProductReg] "c:\program files\acer\wr_popup\ProductReg.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\anthony\appdata\roaming\micros~1\windows\ startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.02 9\BHDrvx86.sys [2011-4-26 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000. 029\cchpx86.sys [2011-4-26 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110425. 001\IDSvix86.sys [2011-4-26 353912]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-8-20 122368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-4-25 102448]
.
=============== Created Last 30 ================
.
2011-04-26 18:39:24 -------- d-----w- c:\users\anthony\appdata\roaming\Malwarebytes
2011-04-26 18:39:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-26 18:39:17 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-26 18:39:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-26 18:39:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-26 17:32:59 48688 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symnd isv.sys
2011-04-26 17:32:59 36400 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symnd is.sys
2011-04-26 17:32:59 217136 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symtd i.sys
2011-04-26 17:32:58 89904 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symfw .sys
2011-04-26 17:32:58 482432 ----a-w- c:\windows\system32\drivers\n360\0308000.029\cchpx 86.sys
2011-04-26 17:32:58 43696 ----a-w- c:\windows\system32\drivers\n360\0308000.029\srtsp x.sys
2011-04-26 17:32:58 33072 ----a-w- c:\windows\system32\drivers\n360\0308000.029\symid s.sys
2011-04-26 17:32:58 310320 ----a-w- c:\windows\system32\drivers\n360\0308000.029\SymEF A.sys
2011-04-26 17:32:58 308272 ----a-w- c:\windows\system32\drivers\n360\0308000.029\srtsp .sys
2011-04-26 17:32:58 259632 ----a-w- c:\windows\system32\drivers\n360\0308000.029\BHDrv x86.sys
2011-04-26 17:32:00 -------- d-----w- c:\windows\system32\drivers\n360\0308000.029
2011-04-25 17:29:48 -------- d-----w- c:\windows\system32\N360_BACKUP
2011-04-25 17:19:54 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-25 17:19:54 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-04-25 17:19:49 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2011-04-25 17:19:42 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-25 17:19:03 -------- d-----w- c:\program files\Symantec
2011-04-25 17:19:03 -------- d-----w- c:\program files\common files\Symantec Shared
2011-04-25 17:17:39 -------- d-----w- c:\windows\system32\drivers\N360
2011-04-25 17:17:33 -------- d-----w- c:\program files\Norton 360
2011-04-25 17:15:41 -------- d-----w- c:\program files\NortonInstaller
2011-04-13 16:05:56 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-13 16:05:56 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-13 16:05:51 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-13 16:05:46 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-13 16:05:43 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 16:05:35 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 06

28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-02-02 21:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 8:40:12.98 ===============

And my HijackThis Log if you need it...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:33:18, on 27/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.Notificati onCenter.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\anthony\Desktop\plane.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5535
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sn111w.snt111.mail.live.com/d...?wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5535
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5535
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [EPSON SX600FW Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIE KE.EXE /FU "C:\Windows\TEMP\E_S4E3F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12582 bytes

**broni** · 27-04-2011

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== ======================

1. All logs have to pasted, so please paste Attach.txt log into your next reply.

2. We don't use HJT around here anymore.

3. Update Malwarebytes, run "Quick scan" in NORMAL mode and post fresh log.

**mrdogcat** · 28-04-2011

Thanks for your help with this Broni

Here's the Attach log (sorry I read somewhere I had to zip it up and post it... thought it might contain sensitive stuff or something).

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
MicrosoftÆ Windows Vistaô Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 18/11/2008 12:14:58
System Uptime: 26/04/2011 19:44:21 (13 hours ago)
.
Motherboard: Acer | | Aspire 5535
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-72 | Socket S1G2 | 500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 56.249 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 111.421 GiB free.
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0003
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0003
Service: tunnel
.
==== System Restore Points ===================
.
RP144: 26/12/2010 13:11:12 - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP145: 26/12/2010 13:12:02 - Device Driver Package Install: Apple Network adapters
RP146: 26/12/2010 13:13:49 - Installed iTunes
RP147: 13/01/2011 03:00:57 - Windows Update
RP148: 20/03/2011 11:31:07 - Installed Java(TM) 6 Update 24
RP150: 21/03/2011 16:33:46 - Windows Update
RP151: 24/03/2011 16:34:34 - Windows Update
RP152: 25/03/2011 07:52:40 - Windows Update
RP153: 16/04/2011 18:04:36 - Windows Update
RP154: 21/04/2011 18:26:26 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint
Acer Arcade Deluxe
Acer Crystal Eye Webcam
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GameZone Console 2.0.1.1
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.4
Agatha Christie Death on the Nile
Alice Greenfingers
AMD USB Audio Driver Filter
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Avanquest update
Azada
Backspin Billiards
Big Kahuna Reef
BlackBerry Desktop Software 6.0
Bonjour
Bookworm Deluxe
Bricks of Egypt
Broadcom Gigabit Integrated Controller
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chicken Invaders 3
Chuzzle
CyberLink PowerDirector
Design & Print, Business Edition
DHTML Editing Component
Diner Dash Flo on the Go
Epson Easy Photo Print 2
Epson Event Manager
EPSON Scan
EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Manual
EPSON SX600FW Series Printer Uninstall
eSobi v2
Final Media Player 2010
Flip Words 2
Google Desktop
Google Toolbar for Internet Explorer
GSP Vista Fixes
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InstaForm Invoices & Estimates Pro
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Jewel Quest Solitaire
Kick N Rush
Launch Manager
LightScribe 1.4.142.1
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
Norton 360
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OGA Notifier 2.0.0048.0
OpenOffice.org 3.1
PhotoNow!
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Synaptics Pointing Device Driver
Turbo Pizza
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Web Easy Professional
Web Easy Professional 7
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
26/04/2011 19:45:30, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
26/04/2011 19:44:59, Error: Schannel [36870] - A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d.
26/04/2011 19:44:59, Error: Schannel [36870] - A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x80090011.
26/04/2011 19:44:59, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 86.24.134.71:63331. The error status code is contained within the returned data.
26/04/2011 19:44:59, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 82.17.196.65:63331. The error status code is contained within the returned data.
26/04/2011 19:44:59, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.100.11:63331. The error status code is contained within the returned data.
26/04/2011 19:44:59, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.100.10:63331. The error status code is contained within the returned data.
26/04/2011 19:44:59, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.69:63331. The error status code is contained within the returned data.
26/04/2011 19:44:59, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.64:63331. The error status code is contained within the returned data.
26/04/2011 19:44:59, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.5:63331. The error status code is contained within the returned data.
26/04/2011 19:44:59, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.4:63331. The error status code is contained within the returned data.
26/04/2011 19:44:59, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.3:63331. The error status code is contained within the returned data.
26/04/2011 19:44:59, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.2:63331. The error status code is contained within the returned data.
26/04/2011 19:44:59, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.0.4:63331. The error status code is contained within the returned data.
26/04/2011 19:44:59, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.0.3:63331. The error status code is contained within the returned data.
26/04/2011 19:44:59, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.0.2:63331. The error status code is contained within the returned data.
26/04/2011 19:44:59, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.55.38:63331. The error status code is contained within the returned data.
26/04/2011 19:44:59, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.156.32:63331. The error status code is contained within the returned data.
26/04/2011 19:37:44, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP eeCtrl IDSVix86 spldr SRTSPX SYMTDI Wanarpv6
26/04/2011 19:37:44, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
26/04/2011 19:37:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
26/04/2011 19:37:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
26/04/2011 19:37:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
26/04/2011 19:36:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
26/04/2011 19:29:54, Error: Service Control Manager [7034] - The Ati External Event Utility service terminated unexpectedly. It has done this 1 time(s).
26/04/2011 18:53:32, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
26/04/2011 18:53:32, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
26/04/2011 18:53:32, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/04/2011 18:47:42, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl IDSVix86 spldr SRTSPX Wanarpv6
26/04/2011 18:30:11, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.69 for the Network Card with network address 00234E737F1A has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
26/04/2011 18:13:06, Error: EventLog [6008] - The previous system shutdown at 22:25:20 on 25/04/2011 was unexpected.
25/04/2011 21:33:33, Error: EventLog [6008] - The previous system shutdown at 21:30:54 on 25/04/2011 was unexpected.
25/04/2011 17:45:06, Error: Service Control Manager [7031] - The OneCare AntiSpyware and AntiVirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
23/04/2011 08:10:52, Error: EventLog [6008] - The previous system shutdown at 16:41:54 on 22/04/2011 was unexpected.
21/04/2011 18:22:26, Error: EventLog [6008] - The previous system shutdown at 23:12:19 on 20/04/2011 was unexpected.
20/04/2011 18:23:07, Error: EventLog [6008] - The previous system shutdown at 18:49:19 on 19/04/2011 was unexpected.
.
==== End Of File ===========================

And the new MalwareBytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 6449

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

28/04/2011 10:00:03
mbam-log-2011-04-28 (10-00-03).txt

Scan type: Quick scan
Objects scanned: 151904
Time elapsed: 8 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**broni** · 28-04-2011

Good

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**mrdogcat** · 29-04-2011

RKILL

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 29/04/2011 at 12:28:43.
Operating System: Windows Vista (TM) Home Basic

Processes terminated by Rkill or while it was running:

Rkill completed on 29/04/2011 at 12:32:10.

COMBOFIX

ComboFix 11-04-27.02 - anthony 29/04/2011 12:36:35.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2814.1519 [GMT 1:00]
Running from: c:\users\anthony\Desktop\ghgjguygcom.exe
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-29 )))))))))))))))))))))))))))))))
.
.
2011-04-29 11:52 . 2011-04-29 11:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-28 09:15 . 2011-04-29 11:16 -------- d-----w- C:\ComboFix
2011-04-26 18:39 . 2011-04-26 18:39 -------- d-----w- c:\users\anthony\AppData\Roaming\Malwarebytes
2011-04-26 18:39 . 2011-04-26 18:39 -------- d-----w- c:\programdata\Malwarebytes
2011-04-26 18:39 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-26 18:39 . 2011-04-26 18:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-26 18:39 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-25 17:29 . 2011-04-25 17:29 -------- d-----w- c:\windows\system32\N360_BACKUP
2011-04-25 17:19 . 2011-04-25 17:18 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-25 17:19 . 2011-04-25 17:18 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-04-25 17:19 . 2011-04-25 17:18 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2011-04-25 17:19 . 2011-04-25 17:19 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-25 17:19 . 2011-04-25 17:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-04-25 17:19 . 2011-04-25 17:19 -------- d-----w- c:\program files\Symantec
2011-04-25 17:17 . 2011-04-26 17:32 -------- d-----w- c:\windows\system32\drivers\N360
2011-04-25 17:17 . 2011-04-25 17:18 -------- d-----w- c:\program files\Norton 360
2011-04-25 17:15 . 2011-04-25 17:15 -------- d-----w- c:\program files\NortonInstaller
2011-04-13 16:05 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-13 16:05 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-13 16:05 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-13 16:05 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-13 16:05 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 16:05 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-07 20:16 . 2011-04-23 07:10 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-02-22 14:13 . 2011-03-22 18:22 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-22 18:22 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-22 18:22 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-02 21:40 . 2010-09-21 15:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-15 01:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-02-01 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-30 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-30 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-13 167936]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-15 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-06 30192]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEv entManager.exe" [2008-05-07 591696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\anthony\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleD esktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-06 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\030800 0.029\SYMEFA.SYS [2011-04-25 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.02 9\BHDrvx86.sys [2011-04-25 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000. 029\ccHPx86.sys [2011-04-25 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110425. 001\IDSvix86.sys [2011-03-30 353912]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-17 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2011-04-25 117640]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-04-25 102448]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.02 9\SYMNDISV.SYS [2011-04-25 48688]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-29 22072]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-28 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-11-24 11:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sn111w.snt111.mail.live.com/default.aspx?wa=wsignin1.0
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1108&m=aspire_ 5535
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-29 12:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N 360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{ 49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4676)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
c:\program files\Norton 360\Engine\3.8.0.41\ccVrTrst.dll
c:\program files\Norton 360\Engine\3.8.0.41\ccGEvt.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-29 12

43
ComboFix-quarantined-files.txt 2011-04-29 11:56
ComboFix2.txt 2011-04-28 09:39
.
Pre-Run: 64,239,570,944 bytes free
Post-Run: 64,213,061,632 bytes free
.
- - End Of File - - 5B5CD90D39BFB043466949037D84E4C6

**broni** · 29-04-2011

Looks good

Any current issues?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

**mrdogcat** · 30-04-2011

No other issues as such... the only thing is the error message got at start up after I ran MalwareBytes the first time:

'Application failed to initialize: 0x80070006. The handle is invalid'

After doing all the scans you suggested though I only get the error message when I click on the blocked startup items icon in the system tray to "show or remove blocked startup programs" or try to open Windows Defender... After a google search I think it's related to defender and it's corrupt registry entries. Any ideas

Anyway here are the logs from the OTL scans.

Thanks again for your help.

OTL

OTL logfile created on: 29/04/2011 22:45:38 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\anthony\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 59.39 Gb Free Space | 53.24% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 111.42 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive E: | 389.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 962.72 Mb Total Space | 885.22 Mb Free Space | 91.95% Space Free | Partition Type: FAT

Computer Name: ANTHONY-PC | User Name: anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/29 22:31:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\anthony\Desktop\OTL.exe
PRC - [2011/04/25 18:18:42 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/08/19 11:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 11:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/10 23:02:24 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/06/11 19:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/05/30 01:44:30 | 000,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008/05/30 01:44:22 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008/05/21 03:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/05/15 02:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/05/15 02:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/05/13 01:28:04 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008/05/07 15:28:32 | 000,591,696 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/01/17 02:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe

========== Modules (SafeList) ==========

MOD - [2011/04/29 22:31:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\anthony\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb7 2f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxWatch9)
SRV - File not found [Disabled | Stopped] -- -- (RoxMediaDB9)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- -- (Roxio Upnp Server 9)
SRV - File not found [Disabled | Stopped] -- -- (Roxio UPnP Renderer 9)
SRV - [2011/04/25 18:18:42 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/15 02:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/01/17 02:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

========== Driver Services (SafeList) ==========

DRV - [2011/04/25 18:19:03 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/25 18:18:48 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTD I.SYS -- (SYMTDI)
DRV - [2011/04/25 18:18:48 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMND ISV.SYS -- (SYMNDISV)
DRV - [2011/04/25 18:18:47 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEF A.SYS -- (SymEFA)
DRV - [2011/04/25 18:18:47 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP .SYS -- (SRTSP)
DRV - [2011/04/25 18:18:47 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW .SYS -- (SYMFW)
DRV - [2011/04/25 18:18:47 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSP X.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/04/25 18:18:47 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2011/04/25 18:18:46 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx 86.sys -- (ccHP)
DRV - [2011/04/25 18:18:46 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrv x86.sys -- (BHDrvx86)
DRV - [2011/04/25 03:06:58 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2011042 5.037\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/25 03:06:58 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/04/25 03:06:58 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/25 03:06:58 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2011042 5.037\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/30 02:34:54 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110425. 001\IDSvix86.sys -- (IDSVix86)
DRV - [2008/08/15 03:37:08 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/25 07:53:34 | 003,844,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/05/29 02:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008/05/27 22:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008/05/09 20:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/04/28 18:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/03/21 18:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/01/17 02:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2006/11/29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sign In
IE - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2011/04/28 10:34:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - Startup: C:\Users\anthony\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3 .dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/29 18:44:56 | 000,000,130 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/04/29 22:33:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\anthony\Desktop\OTL.exe
[2011/04/29 12:55:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/29 12:34:03 | 000,000,000 | ---D | C] -- C:\ghgjguygcom
[2011/04/29 12:33:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/28 10:15:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/28 10:15:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/28 10:15:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/28 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/28 10:15:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/04/28 10:12:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/27 11:53:58 | 000,000,000 | ---D | C] -- C:\Users\anthony\Desktop\backups
[2011/04/27 08:54:25 | 000,000,000 | ---D | C] -- C:\Users\anthony\Desktop\LOGS
[2011/04/26 19:48:33 | 000,000,000 | ---D | C] -- C:\Users\anthony\Desktop\gmer
[2011/04/26 19:39:24 | 000,000,000 | ---D | C] -- C:\Users\anthony\AppData\Roaming\Malwarebytes
[2011/04/26 19:39:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/26 19:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/26 19:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/26 19:39:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/26 19:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/26 19:28:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\anthony\Desktop\temp.exe
[2011/04/26 19:25:41 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\anthony\Desktop\scanner.exe
[2011/04/26 19:25:40 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\anthony\Desktop\plane.exe
[2011/04/26 18:32:59 | 000,217,136 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symtd i.sys
[2011/04/26 18:32:59 | 000,048,688 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symnd isv.sys
[2011/04/26 18:32:59 | 000,036,400 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symnd is.sys
[2011/04/26 18:32:58 | 000,482,432 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\cchpx 86.sys
[2011/04/26 18:32:58 | 000,310,320 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\SymEF A.sys
[2011/04/26 18:32:58 | 000,308,272 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\srtsp .sys
[2011/04/26 18:32:58 | 000,259,632 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\BHDrv x86.sys
[2011/04/26 18:32:58 | 000,089,904 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symfw .sys
[2011/04/26 18:32:58 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\srtsp x.sys
[2011/04/26 18:32:58 | 000,033,072 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symid s.sys
[2011/04/26 18:32:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0308000.029
[2011/04/25 18:29:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\N360_BACKUP
[2011/04/25 18:19:49 | 000,025,648 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2011/04/25 18:19:42 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/04/25 18:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/04/25 18:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/04/25 18:17:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011/04/25 18:17:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/04/25 18:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/04/25 18:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/04/07 21:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/04/07 21:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2008/11/18 14:09:04 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/04/29 22:49:21 | 002,153,970 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\Cat.D B
[2011/04/29 22:40:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 22:40:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 22:40:02 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2011/04/29 22:39:55 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/04/29 22:39:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/29 22:39:04 | 2951,135,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/29 22:31:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\anthony\Desktop\OTL.exe
[2011/04/29 12:17:12 | 001,006,778 | ---- | M] () -- C:\Users\anthony\Desktop\rkill.com
[2011/04/29 12:16:20 | 001,006,778 | ---- | M] () -- C:\Users\anthony\Desktop\rkill.scr
[2011/04/29 12:15:22 | 001,006,778 | ---- | M] () -- C:\Users\anthony\Desktop\rkill.exe
[2011/04/28 10:34:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/28 10:05:58 | 004,331,952 | R--- | M] () -- C:\Users\anthony\Desktop\ghgjguygcom.exe
[2011/04/26 19:54:00 | 000,625,664 | ---- | M] () -- C:\Users\anthony\Desktop\dds.scr
[2011/04/26 19:53:42 | 000,080,384 | ---- | M] () -- C:\Users\anthony\Desktop\MBRCheck.exe
[2011/04/26 19:41:06 | 000,293,019 | ---- | M] () -- C:\Users\anthony\Desktop\gmer.zip
[2011/04/26 19:40:50 | 000,301,568 | ---- | M] () -- C:\Users\anthony\Desktop\5cr1dvhe.exe
[2011/04/26 19:39:18 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/26 19:38:10 | 000,010,488 | -HS- | M] () -- C:\Users\anthony\AppData\Local\5hb1pg7db3k54771f4a f66wpi***1s1jbcv
[2011/04/26 19:38:10 | 000,010,488 | -HS- | M] () -- C:\ProgramData\5hb1pg7db3k54771f4af66wpi***1s1jbcv
[2011/04/26 19:26:46 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\anthony\Desktop\temp.exe
[2011/04/26 19:11:00 | 001,872,472 | ---- | M] () -- C:\Users\anthony\Desktop\SfF.exe
[2011/04/26 18:36:34 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\anthony\Desktop\plane.exe
[2011/04/26 18:36:24 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\anthony\Desktop\scanner.exe
[2011/04/26 18:32:00 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\isola te.ini
[2011/04/25 18:19:03 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/04/25 18:19:03 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/04/25 18:19:03 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/25 18:18:48 | 000,217,136 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symtd i.sys
[2011/04/25 18:18:48 | 000,048,688 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symnd isv.sys
[2011/04/25 18:18:47 | 000,310,320 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\SymEF A.sys
[2011/04/25 18:18:47 | 000,308,272 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\srtsp .sys
[2011/04/25 18:18:47 | 000,089,904 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symfw .sys
[2011/04/25 18:18:47 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\srtsp x.sys
[2011/04/25 18:18:47 | 000,036,400 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symnd is.sys
[2011/04/25 18:18:47 | 000,033,072 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symid s.sys
[2011/04/25 18:18:47 | 000,025,648 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2011/04/25 18:18:46 | 000,482,432 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\cchpx 86.sys
[2011/04/25 18:18:46 | 000,259,632 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\BHDrv x86.sys
[2011/04/25 18:18:10 | 000,003,373 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\SymEF A.inf
[2011/04/25 18:18:10 | 000,001,752 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\ccHPx 86.inf
[2011/04/25 18:18:10 | 000,001,562 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\SymNe tV.inf
[2011/04/25 18:18:10 | 000,001,561 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\SymNe t.inf
[2011/04/25 18:18:10 | 000,001,388 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\srtsp x.inf
[2011/04/25 18:18:10 | 000,001,382 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\srtsp .inf
[2011/04/25 18:18:10 | 000,000,640 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\BHDrv x86.inf
[2011/04/25 18:17:40 | 000,009,412 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\symne tv.cat
[2011/04/25 18:17:40 | 000,009,402 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\SymNe t.cat
[2011/04/25 18:17:40 | 000,007,431 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\SymEF A.cat
[2011/04/25 18:17:40 | 000,007,429 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\srtsp x.cat
[2011/04/25 18:17:40 | 000,007,425 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\srtsp .cat
[2011/04/25 18:17:39 | 000,007,400 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\BHDrv x86.CAT
[2011/04/25 18:17:39 | 000,007,383 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\ccHPx 86.cat
[2011/04/16 18:39:13 | 000,374,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/12 13:49:41 | 000,006,836 | ---- | M] () -- C:\Users\anthony\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/04/29 12:27:43 | 001,006,778 | ---- | C] () -- C:\Users\anthony\Desktop\rkill.scr
[2011/04/29 12:27:43 | 001,006,778 | ---- | C] () -- C:\Users\anthony\Desktop\rkill.exe
[2011/04/29 12:27:43 | 001,006,778 | ---- | C] () -- C:\Users\anthony\Desktop\rkill.com
[2011/04/29 12:23:12 | 004,331,952 | R--- | C] () -- C:\Users\anthony\Desktop\ghgjguygcom.exe
[2011/04/28 10:15:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/28 10:15:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/28 10:15:30 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/28 10:15:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/28 10:15:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/27 08:37:40 | 000,625,664 | ---- | C] () -- C:\Users\anthony\Desktop\dds.scr
[2011/04/27 08:35:26 | 000,080,384 | ---- | C] () -- C:\Users\anthony\Desktop\MBRCheck.exe
[2011/04/26 19:47:49 | 000,301,568 | ---- | C] () -- C:\Users\anthony\Desktop\5cr1dvhe.exe
[2011/04/26 19:47:49 | 000,293,019 | ---- | C] () -- C:\Users\anthony\Desktop\gmer.zip
[2011/04/26 19:44:43 | 2951,135,232 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/26 19:39:18 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/26 19:25:40 | 001,872,472 | ---- | C] () -- C:\Users\anthony\Desktop\SfF.exe
[2011/04/26 18:50:05 | 002,153,970 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\Cat.D B
[2011/04/26 18:32:59 | 000,009,412 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\symne tv.cat
[2011/04/26 18:32:59 | 000,009,402 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\SymNe t.cat
[2011/04/26 18:32:59 | 000,001,562 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\SymNe tV.inf
[2011/04/26 18:32:59 | 000,001,561 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\SymNe t.inf
[2011/04/26 18:32:58 | 000,007,431 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\SymEF A.cat
[2011/04/26 18:32:58 | 000,007,429 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\srtsp x.cat
[2011/04/26 18:32:58 | 000,007,425 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\srtsp .cat
[2011/04/26 18:32:58 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\ccHPx 86.cat
[2011/04/26 18:32:58 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\SymEF A.inf
[2011/04/26 18:32:58 | 000,001,752 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\ccHPx 86.inf
[2011/04/26 18:32:58 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\srtsp x.inf
[2011/04/26 18:32:58 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\srtsp .inf
[2011/04/26 18:32:57 | 000,007,400 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\BHDrv x86.CAT
[2011/04/26 18:32:57 | 000,000,640 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\BHDrv x86.inf
[2011/04/26 18:32:00 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\isola te.ini
[2011/04/25 18:19:42 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/04/25 18:19:42 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/25 17:45:06 | 000,010,488 | -HS- | C] () -- C:\Users\anthony\AppData\Local\5hb1pg7db3k54771f4a f66wpi***1s1jbcv
[2011/04/25 17:45:06 | 000,010,488 | -HS- | C] () -- C:\ProgramData\5hb1pg7db3k54771f4af66wpi***1s1jbcv
[2011/04/01 13:12:08 | 000,360,205 | ---- | C] () -- C:\Users\anthony\Documents\2.jpg
[2011/04/01 13:11:04 | 001,844,776 | ---- | C] () -- C:\Users\anthony\Documents\1.JPG
[2011/04/01 13:07:51 | 000,011,410 | ---- | C] () -- C:\Users\anthony\Documents\6.jpg
[2011/04/01 13:05:50 | 000,139,820 | ---- | C] () -- C:\Users\anthony\Documents\work 006.jpg
[2011/01/10 00:14:18 | 000,000,552 | ---- | C] () -- C:\Users\anthony\AppData\Local\d3d8caps.dat
[2010/03/21 22:46:32 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010/03/04 18:07:01 | 000,006,836 | ---- | C] () -- C:\Users\anthony\AppData\Local\d3d9caps.dat
[2010/01/28 11:17:44 | 000,001,501 | ---- | C] () -- C:\Windows\bizpub32.INI
[2010/01/14 03:41:00 | 000,309,248 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2010/01/14 03:38:00 | 000,023,552 | ---- | C] () -- C:\Windows\System32\DirectCOM.dll
[2009/11/22 12:53:26 | 000,000,092 | ---- | C] () -- C:\Users\anthony\AppData\Roaming\wklnhst.dat
[2009/10/20 19:40:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 19:40:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/22 18:34:45 | 000,020,480 | ---- | C] () -- C:\Users\anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/07 20:29:38 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/04/07 20:29:38 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/04/07 20:29:38 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/04/07 20:29:38 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/04/07 20:29:38 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/04/07 20:29:38 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/04/07 20:29:38 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/04/07 20:29:38 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/04/07 20:29:38 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/04/07 20:29:38 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/04/07 20:29:38 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/04/07 20:29:38 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/04/07 20:29:38 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/04/07 20:29:38 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/04/07 20:29:38 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/04/07 20:29:37 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/04/07 20:29:37 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/04/07 20:29:37 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/04/07 20:29:37 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/11/18 14:04:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.b in
[2008/11/18 14:03:34 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/11/18 14:03:34 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/11/18 14:03:33 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/11/18 14:03:33 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/11/18 13:26:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/11/18 13:23:08 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/11/18 13:23:08 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/11/18 13:23:08 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/11/18 13:23:08 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/11/18 13:14:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/08/20 22:36:29 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/08/20 22:32:40 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/08/20 22:32:40 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/08/20 09:12:25 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/08/20 09:12:20 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/08/20 09:12:20 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/08/20 09:12:19 | 000,000,042 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006/11/02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:44:53 | 000,374,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,105,852 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:33:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/27 00:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 07:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 00:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 06:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/08/20 22:29:30 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\Acer GameZone Console
[2010/01/28 21:50:03 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\Avanquest
[2009/11/03 20:04:26 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\Chessmaster Challenge
[2009/06/22 18:34:28 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\Epson
[2009/02/07 09:48:42 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\eSobi
[2010/11/25 19:51:19 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\FinalMediaPlayer
[2010/01/24 13:37:29 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\OpenOffice.org
[2010/11/22 18:42:53 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\Research In Motion
[2010/01/27 23:49:17 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\Serif
[2010/12/16 21

06 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\SmartDraw
[2009/10/12 19:45:24 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\SpinTop
[2009/11/22 12

36 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\Template
[2008/08/20 22:29:30 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008/08/20 22:29:30 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2011/04/29 22:40:02 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job
[2011/04/29 22:38:20 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/02/11 00:06:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/04/29 12

44 | 000,012,097 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/04/29 22:39:04 | 2951,135,232 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/18 21:12:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/18 21:12:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/29 22:39:03 | 3264,933,888 | -HS- | M] () -- C:\pagefile.sys
[2008/10/31 03:49:08 | 000,002,955 | -HS- | M] () -- C:\Patch.rev
[2008/08/21 01:17:36 | 000,000,146 | RHS- | M] () -- C:\preload.rev
[2008/11/18 13:23:50 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2011/04/29 13:03:03 | 000,000,368 | ---- | M] () -- C:\rkill admin.txt
[2011/04/29 13:00:44 | 000,000,368 | ---- | M] () -- C:\rkill.log

< %systemroot%\Fonts\*.com >
[2006/11/02 13:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/08/09 23:05:12 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/27 03

12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr .dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 03:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/21 22

44 | 000,000,574 | -HS- | M] () -- C:\Users\anthony\AppData\Roaming\Microsoft\Interne t Explorer\Quick Launch\desktop.ini
[2010/10/13 23:35:12 | 000,313,288 | ---- | M] () -- C:\Users\anthony\AppData\Roaming\Microsoft\Interne t Explorer\Quick Launch\sandyandjohn02[1].jpg

< %USERPROFILE%\Desktop\*.exe >
[2011/04/26 19:40:50 | 000,301,568 | ---- | M] () -- C:\Users\anthony\Desktop\5cr1dvhe.exe
[2011/04/28 10:05:58 | 004,331,952 | R--- | M] () -- C:\Users\anthony\Desktop\ghgjguygcom.exe
[2002/03/11 09:45:04 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Users\anthony\Desktop\instmsia.exe
[2002/03/11 10:06:30 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Users\anthony\Desktop\instmsiw.exe
[2011/04/26 19:53:42 | 000,080,384 | ---- | M] () -- C:\Users\anthony\Desktop\MBRCheck.exe
[2011/04/29 22:31:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\anthony\Desktop\OTL.exe
[2011/04/26 18:36:34 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\anthony\Desktop\plane.exe
[2011/04/29 12:15:22 | 001,006,778 | ---- | M] () -- C:\Users\anthony\Desktop\rkill.exe
[2011/04/26 18:36:24 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\anthony\Desktop\scanner.exe
[2009/03/26 11:36:32 | 000,451,928 | ---- | M] () -- C:\Users\anthony\Desktop\setup.exe
[2011/04/26 19:11:00 | 001,872,472 | ---- | M] () -- C:\Users\anthony\Desktop\SfF.exe
[2011/04/26 19:26:46 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\anthony\Desktop\temp.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2007/12/19 15:36:38 | 000,001,682 | R--- | M] () -- C:\Windows\AppPatch\Custom\{9df23de3-087c-4994-a8bd-7492b2a16dc8}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/08/10 17:48:19 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/08/10 17:47:50 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2008/11/18 13:13:44 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2008/11/18 13:13:44 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/08/10 17:47:50 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/22 17:36:11 | 000,000,402 | -HS- | M] () -- C:\Users\anthony\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/04/26 19:38:10 | 000,010,488 | -HS- | M] () -- C:\ProgramData\5hb1pg7db3k54771f4af66wpi***1s1jbcv
[2008/08/20 22:40:51 | 000,005,475 | ---- | M] () -- C:\ProgramData\ArcadeDeluxe2.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\work 021.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\work 019.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\work 018.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\work 017.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\first flyer.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\bay roof.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\977.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\3.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\012.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\007.JPG:Roxio EMC Stream
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP

158BAF9
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:93E9C78D
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:9E22BBE8

< End of report >

Extras

OTL Extras logfile created on: 29/04/2011 22:45:38 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\anthony\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 59.39 Gb Free Space | 53.24% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 111.42 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive E: | 389.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 962.72 Mb Total Space | 885.22 Mb Free Space | 91.95% Space Free | Partition Type: FAT

Computer Name: ANTHONY-PC | User Name: anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{58D29539-AF92-43EA-A2B3-90CF88C472F1}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{86141BFE-0082-4B85-A61C-82F6357F525A}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{CB33FAF5-1A52-4E60-B721-105EE903C4C0}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{E006CCD9-54F0-4BFA-BF2A-CDA90D210313}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{F74249CA-CC52-4390-AB2C-DBB2414928E9}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{0438A32A-0F38-4D70-B1E1-89AA698EA739}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0A6AEA29-BBE0-44EC-B6CF-E4B7E996C056}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{1B0FE3DF-E580-41E8-8A66-E044D4FA4DD6}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{28949A33-DB65-4BDB-A4E3-4575E8118220}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{41BF4BA4-2FC3-497A-8180-A1166EC1228D}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{6496DC22-03A1-4AD9-A3E4-3F9E8E1D6DCF}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{71DF95A0-AA96-4037-8FE2-74B79BD8FD4E}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{79EFB8D8-AEC0-428D-8082-A6D849650BF3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{7B6A87FC-782B-4789-A6F1-7868DBD83E99}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8560915A-8A9B-4A45-98FB-23EC8B3847B7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8FEAE47F-2ACA-4598-A697-1A35ED6998C9}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{95F56C89-5348-49C8-BAA7-554F118A3895}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A176DF38-E8A4-4541-B07D-A802E295DE25}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A2A9B558-BBD8-49FD-9E38-A22F684A2265}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{A89522EB-4882-4813-80D4-71A3A98745F3}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{A99E25D4-F52A-4491-A860-843F4474678A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BC7DAD2F-D2AB-400B-9E25-A39A9C20E918}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{F0B6EAC7-24A5-4E58-AE27-FEC5E234AF7C}" = dir=in | app=c:\program files\finalmediaplayer\fmpcheckforupdates.exe |
"{F676CB8B-EEAA-456C-9910-DCAE6B388624}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0170752C-8054-4140-8E11-E8FF51E4E9FB}" = Web Easy Professional
"{06396923-449E-4881-DB30-9677EBFBE5ED}" = Catalyst Control Center Localization Dutch
"{0AD7E761-CDD9-79AD-6C0F-2CE53F7277DB}" = Catalyst Control Center Localization Japanese
"{0CAA0BF0-293D-32E7-BF40-99C26947B3B6}" = CCC Help Greek
"{0D0256AB-54EF-414E-A6D9-896610EBAB70}" = Catalyst Control Center Localization Thai
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16A31107-6828-ED37-8551-37888EA51D85}" = Catalyst Control Center Localization Chinese Standard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18855F72-E9B6-74C7-67DC-86CA6D775554}" = CCC Help Swedish
"{1D801B9D-9473-2001-2FB4-875F75C5CFFA}" = Catalyst Control Center Localization French
"{218F4044-888B-4D2B-9536-654E412C8F53}" = Design & Print, Business Edition
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{265B1C1D-9BD0-A416-D5FE-0710AC0A9592}" = CCC Help Italian
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{27C9470C-2077-F4AD-8921-9504D1B9BC83}" = Catalyst Control Center Graphics Light
"{293B8682-E7C4-445C-A890-951AC62A3ADC}" = Web Easy Professional
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3066F7B1-5918-4E18-292B-1153283E2CC3}" = ATI Catalyst Install Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{33D8205B-9118-D20E-F94A-4B467BB46289}" = Catalyst Control Center Localization Chinese Traditional
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4684B4D7-A90A-028E-F300-7C96761B1287}" = CCC Help Chinese Traditional
"{468789CE-4A7C-F9C8-9DB9-6F32827F1721}" = CCC Help Danish
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D612FB2-1AE7-4E46-9377-35BB2F06A787}" = Roxio Media Manager
"{5122D45F-16C5-6E6C-4509-4EE321E8A45F}" = Catalyst Control Center Localization Finnish
"{5735B860-F404-20E5-2C4A-2108AFDF7DAB}" = CCC Help Polish
"{573CE82D-3BA8-1D84-9F59-87DD11EAFB79}" = CCC Help Norwegian
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{591137F5-39FD-BFEF-FA09-181F0FA9B9EF}" = CCC Help Hungarian
"{5AB587B5-8FAE-55F2-DB26-5A83234E3FDC}" = CCC Help Japanese
"{60C85C96-8D91-58AF-E5D0-4C53A0ACEE78}" = Catalyst Control Center Localization Polish
"{613D098B-93C6-A2DE-5319-FF7D2229DB2B}" = CCC Help German
"{67DEBF39-8470-344D-6332-969307D41805}" = CCC Help Chinese Standard
"{687BD5FD-DC50-A653-9022-A7113D50B331}" = CCC Help Korean
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5C7D2-30E4-5522-52BC-89677DFD8E32}" = Catalyst Control Center InstallProxy
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{781B8114-9EFF-BFF5-B7F7-7DCFE5571218}" = Catalyst Control Center Localization German
"{79866648-18CB-4C93-F124-31AFE54F9A9D}" = Catalyst Control Center Core Implementation
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7CAE5047-9916-477F-283A-8E994DFAAD21}" = Catalyst Control Center Localization Spanish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{802F0F4E-A0A5-4E4D-9D7B-1933913EF7B6}" = Catalyst Control Center - Branding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{849C1158-7421-893E-8E33-4312F49C1ADF}" = Catalyst Control Center Localization Greek
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A59288B-7198-4343-A2A8-162F31F86E65}" = InstaForm Invoices & Estimates Pro
"{8EA318FC-D486-57D6-2A25-6BD247FA99DB}" = Catalyst Control Center Localization Norwegian
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90C26DA5-6780-0E5F-BC97-CAA7B5727E86}" = Catalyst Control Center Graphics Full Existing
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{925150D7-0CC2-D6DF-6066-3784CE22CEE7}" = Catalyst Control Center Localization Korean
"{9553992D-8664-4351-A8AC-818BC87719A9}" = Web Easy Professional
"{966DE944-348D-01B7-F9B7-0F0D696F4076}" = Catalyst Control Center Localization Swedish
"{99F8744D-211D-42D9-CA25-1029F8E0912B}" = Catalyst Control Center Localization Portuguese
"{9C3FA7FD-9B70-C526-FA63-162783E1060D}" = CCC Help Portuguese
"{9D6271F2-6F0A-A259-085B-5BBD4F05A33E}" = Catalyst Control Center Localization Hungarian
"{9df23de3-087c-4994-a8bd-7492b2a16dc8}.sdb" = GSP Vista Fixes
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2694396-5508-3DB0-5308-7E6768DD7896}" = Catalyst Control Center Localization Turkish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A5FDB0FC-8DD0-E5D4-E031-922AE876403A}" = CCC Help Turkish
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A79E4110-0087-E8AE-BD4F-A1883B2FD357}" = CCC Help French
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B316A8CE-F7F6-C99A-C41D-369A7CD33FC6}" = Catalyst Control Center Localization Danish
"{B44695F8-959E-95EC-F3AC-F734C9DC6DAE}" = Catalyst Control Center Localization Italian
"{B7DCFC0E-A503-4766-9E9A-A43790964A92}" = Web Easy Professional
"{C08A4D67-6837-5097-CC0C-B5DFD60630B9}" = ccc-core-static
"{C0A1C9D6-9AC7-5B5A-6C25-B8FBC478BA8A}" = CCC Help Russian
"{C34686CD-A03B-1B48-8085-341CD632C0BC}" = Catalyst Control Center Graphics Full New
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C83127E6-697A-7EEC-D53D-C089610D7F4A}" = CCC Help Dutch
"{C91E74DA-8852-D2BB-B3A2-60A9202E1732}" = CCC Help Thai
"{CAC9E80B-7515-0DB9-40BB-09B3703D90BB}" = Catalyst Control Center Localization Russian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD4D90B4-CC18-C176-B261-8BA8D5F644AB}" = CCC Help Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D16AA51D-2BE9-421A-84A7-759578E64A74}" = Web Easy Professional 7
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCD2B7EA-5452-DD3E-D008-2320C06862DB}" = CCC Help Finnish
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7E36B90-24D7-E382-CEFB-6F293A2302F6}" = CCC Help English
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E29994-EE0A-C417-7FDE-902B1D722460}" = Catalyst Control Center Localization Czech
"{F420F5B3-677A-779E-AEEC-81A00ED373FE}" = ccc-utility
"{F42D4CA6-E811-C8DA-D607-4F8A510D7953}" = CCC Help Spanish
"{F9AC0B06-E3FB-4E64-87B4-7BAFA766BEDE}" = Web Easy Professional
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_11 8" = HDAUDIO Soft Data Fax Modem with SmartCP
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX600FW_Office TX600FW_SX600FW User’s Guide" = EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Manual
"EPSON SX600FW Series" = EPSON SX600FW Series Printer Uninstall
"FinalMediaPlayer_is1" = Final Media Player 2010
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton 360
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3373103295-2897405359-279313352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/12/2010 11:47:14 | Computer Name = anthony-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 26/12/2010 11:47:14 | Computer Name = anthony-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2059

Error - 26/12/2010 11:47:14 | Computer Name = anthony-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2059

Error - 27/12/2010 06:49:59 | Computer Name = anthony-PC | Source = LoadPerf | ID = 3002
Description =

Error - 30/12/2010 02:29:20 | Computer Name = anthony-PC | Source = LoadPerf | ID = 3002
Description =

Error - 30/12/2010 06:08:58 | Computer Name = anthony-PC | Source = LoadPerf | ID = 3002
Description =

Error - 02/01/2011 18:55:17 | Computer Name = anthony-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18999, time stamp
0x4ccf92fb, faulting module IEShims.dll, version 8.0.6001.18999, time stamp 0x4ccfa85d,
exception code 0xc0000005, fault offset 0x00021e16, process id 0x123c, application
start time 0x01cbaad01f8f7570.

Error - 03/01/2011 14:53:55 | Computer Name = anthony-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/01/2011 14:53:55 | Computer Name = anthony-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998

Error - 03/01/2011 14:53:55 | Computer Name = anthony-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998

[ System Events ]
Error - 29/04/2011 17:39:18 | Computer Name = anthony-PC | Source = HTTP | ID = 15021
Description =

Error - 29/04/2011 17:39:18 | Computer Name = anthony-PC | Source = HTTP | ID = 15021
Description =

Error - 29/04/2011 17:39:18 | Computer Name = anthony-PC | Source = HTTP | ID = 15021
Description =

Error - 29/04/2011 17:39:18 | Computer Name = anthony-PC | Source = HTTP | ID = 15021
Description =

Error - 29/04/2011 17:39:18 | Computer Name = anthony-PC | Source = HTTP | ID = 15021
Description =

Error - 29/04/2011 17:39:18 | Computer Name = anthony-PC | Source = HTTP | ID = 15021
Description =

Error - 29/04/2011 17:39:18 | Computer Name = anthony-PC | Source = HTTP | ID = 15021
Description =

Error - 29/04/2011 17:39:18 | Computer Name = anthony-PC | Source = HTTP | ID = 15021
Description =

Error - 29/04/2011 17:39:18 | Computer Name = anthony-PC | Source = HTTP | ID = 15021
Description =

Error - 29/04/2011 17:39:40 | Computer Name = anthony-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

**mrdogcat** · 30-04-2011

No other issues as such... the only thing is the error message got at start up after I ran MalwareBytes the first time:

'Application failed to initialize: 0x80070006. The handle is invalid'

After doing all the scans you suggested though I only get the error message when I click on the blocked startup items icon in the system tray to "show or remove blocked startup programs" or try to open Windows Defender... After a google search I think it's related to defender and it's corrupt registry entries. Any ideas

Anyway here are the logs from the OTL scans.

Thanks again for your help.

OTL

OTL logfile created on: 29/04/2011 22:45:38 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\anthony\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 59.39 Gb Free Space | 53.24% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 111.42 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive E: | 389.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 962.72 Mb Total Space | 885.22 Mb Free Space | 91.95% Space Free | Partition Type: FAT

Computer Name: ANTHONY-PC | User Name: anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/29 22:31:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\anthony\Desktop\OTL.exe
PRC - [2011/04/25 18:18:42 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/08/19 11:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 11:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/10 23:02:24 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/06/11 19:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/05/30 01:44:30 | 000,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008/05/30 01:44:22 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008/05/21 03:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/05/15 02:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/05/15 02:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/05/13 01:28:04 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008/05/07 15:28:32 | 000,591,696 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/01/17 02:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe

========== Modules (SafeList) ==========

MOD - [2011/04/29 22:31:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\anthony\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb7 2f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxWatch9)
SRV - File not found [Disabled | Stopped] -- -- (RoxMediaDB9)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- -- (Roxio Upnp Server 9)
SRV - File not found [Disabled | Stopped] -- -- (Roxio UPnP Renderer 9)
SRV - [2011/04/25 18:18:42 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/15 02:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/01/17 02:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

========== Driver Services (SafeList) ==========

DRV - [2011/04/25 18:19:03 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/25 18:18:48 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTD I.SYS -- (SYMTDI)
DRV - [2011/04/25 18:18:48 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMND ISV.SYS -- (SYMNDISV)
DRV - [2011/04/25 18:18:47 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEF A.SYS -- (SymEFA)
DRV - [2011/04/25 18:18:47 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP .SYS -- (SRTSP)
DRV - [2011/04/25 18:18:47 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW .SYS -- (SYMFW)
DRV - [2011/04/25 18:18:47 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSP X.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/04/25 18:18:47 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2011/04/25 18:18:46 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx 86.sys -- (ccHP)
DRV - [2011/04/25 18:18:46 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrv x86.sys -- (BHDrvx86)
DRV - [2011/04/25 03:06:58 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2011042 5.037\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/25 03:06:58 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/04/25 03:06:58 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/25 03:06:58 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2011042 5.037\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/30 02:34:54 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110425. 001\IDSvix86.sys -- (IDSVix86)
DRV - [2008/08/15 03:37:08 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/25 07:53:34 | 003,844,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/05/29 02:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008/05/27 22:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008/05/09 20:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/04/28 18:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/03/21 18:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/01/17 02:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2006/11/29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sign In
IE - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2011/04/28 10:34:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInsta nce.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - Startup: C:\Users\anthony\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3373103295-2897405359-279313352-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3 .dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/29 18:44:56 | 000,000,130 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/04/29 22:33:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\anthony\Desktop\OTL.exe
[2011/04/29 12:55:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/29 12:34:03 | 000,000,000 | ---D | C] -- C:\ghgjguygcom
[2011/04/29 12:33:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/28 10:15:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/28 10:15:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/28 10:15:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/28 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/28 10:15:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/04/28 10:12:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/27 11:53:58 | 000,000,000 | ---D | C] -- C:\Users\anthony\Desktop\backups
[2011/04/27 08:54:25 | 000,000,000 | ---D | C] -- C:\Users\anthony\Desktop\LOGS
[2011/04/26 19:48:33 | 000,000,000 | ---D | C] -- C:\Users\anthony\Desktop\gmer
[2011/04/26 19:39:24 | 000,000,000 | ---D | C] -- C:\Users\anthony\AppData\Roaming\Malwarebytes
[2011/04/26 19:39:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/26 19:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/26 19:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/26 19:39:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/26 19:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/26 19:28:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\anthony\Desktop\temp.exe
[2011/04/26 19:25:41 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\anthony\Desktop\scanner.exe
[2011/04/26 19:25:40 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\anthony\Desktop\plane.exe
[2011/04/26 18:32:59 | 000,217,136 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symtd i.sys
[2011/04/26 18:32:59 | 000,048,688 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symnd isv.sys
[2011/04/26 18:32:59 | 000,036,400 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symnd is.sys
[2011/04/26 18:32:58 | 000,482,432 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\cchpx 86.sys
[2011/04/26 18:32:58 | 000,310,320 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\SymEF A.sys
[2011/04/26 18:32:58 | 000,308,272 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\srtsp .sys
[2011/04/26 18:32:58 | 000,259,632 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\BHDrv x86.sys
[2011/04/26 18:32:58 | 000,089,904 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symfw .sys
[2011/04/26 18:32:58 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\srtsp x.sys
[2011/04/26 18:32:58 | 000,033,072 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symid s.sys
[2011/04/26 18:32:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0308000.029
[2011/04/25 18:29:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\N360_BACKUP
[2011/04/25 18:19:49 | 000,025,648 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2011/04/25 18:19:42 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/04/25 18:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/04/25 18:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/04/25 18:17:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011/04/25 18:17:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/04/25 18:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/04/25 18:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/04/07 21:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/04/07 21:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2008/11/18 14:09:04 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/04/29 22:49:21 | 002,153,970 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\Cat.D B
[2011/04/29 22:40:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 22:40:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 22:40:02 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2011/04/29 22:39:55 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/04/29 22:39:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/29 22:39:04 | 2951,135,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/29 22:31:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\anthony\Desktop\OTL.exe
[2011/04/29 12:17:12 | 001,006,778 | ---- | M] () -- C:\Users\anthony\Desktop\rkill.com
[2011/04/29 12:16:20 | 001,006,778 | ---- | M] () -- C:\Users\anthony\Desktop\rkill.scr
[2011/04/29 12:15:22 | 001,006,778 | ---- | M] () -- C:\Users\anthony\Desktop\rkill.exe
[2011/04/28 10:34:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/28 10:05:58 | 004,331,952 | R--- | M] () -- C:\Users\anthony\Desktop\ghgjguygcom.exe
[2011/04/26 19:54:00 | 000,625,664 | ---- | M] () -- C:\Users\anthony\Desktop\dds.scr
[2011/04/26 19:53:42 | 000,080,384 | ---- | M] () -- C:\Users\anthony\Desktop\MBRCheck.exe
[2011/04/26 19:41:06 | 000,293,019 | ---- | M] () -- C:\Users\anthony\Desktop\gmer.zip
[2011/04/26 19:40:50 | 000,301,568 | ---- | M] () -- C:\Users\anthony\Desktop\5cr1dvhe.exe
[2011/04/26 19:39:18 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/26 19:38:10 | 000,010,488 | -HS- | M] () -- C:\Users\anthony\AppData\Local\5hb1pg7db3k54771f4a f66wpi***1s1jbcv
[2011/04/26 19:38:10 | 000,010,488 | -HS- | M] () -- C:\ProgramData\5hb1pg7db3k54771f4af66wpi***1s1jbcv
[2011/04/26 19:26:46 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\anthony\Desktop\temp.exe
[2011/04/26 19:11:00 | 001,872,472 | ---- | M] () -- C:\Users\anthony\Desktop\SfF.exe
[2011/04/26 18:36:34 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\anthony\Desktop\plane.exe
[2011/04/26 18:36:24 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\anthony\Desktop\scanner.exe
[2011/04/26 18:32:00 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\isola te.ini
[2011/04/25 18:19:03 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/04/25 18:19:03 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/04/25 18:19:03 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/25 18:18:48 | 000,217,136 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symtd i.sys
[2011/04/25 18:18:48 | 000,048,688 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symnd isv.sys
[2011/04/25 18:18:47 | 000,310,320 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\SymEF A.sys
[2011/04/25 18:18:47 | 000,308,272 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\srtsp .sys
[2011/04/25 18:18:47 | 000,089,904 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symfw .sys
[2011/04/25 18:18:47 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\srtsp x.sys
[2011/04/25 18:18:47 | 000,036,400 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symnd is.sys
[2011/04/25 18:18:47 | 000,033,072 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\symid s.sys
[2011/04/25 18:18:47 | 000,025,648 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2011/04/25 18:18:46 | 000,482,432 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\cchpx 86.sys
[2011/04/25 18:18:46 | 000,259,632 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0308000.029\BHDrv x86.sys
[2011/04/25 18:18:10 | 000,003,373 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\SymEF A.inf
[2011/04/25 18:18:10 | 000,001,752 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\ccHPx 86.inf
[2011/04/25 18:18:10 | 000,001,562 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\SymNe tV.inf
[2011/04/25 18:18:10 | 000,001,561 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\SymNe t.inf
[2011/04/25 18:18:10 | 000,001,388 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\srtsp x.inf
[2011/04/25 18:18:10 | 000,001,382 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\srtsp .inf
[2011/04/25 18:18:10 | 000,000,640 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\BHDrv x86.inf
[2011/04/25 18:17:40 | 000,009,412 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\symne tv.cat
[2011/04/25 18:17:40 | 000,009,402 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\SymNe t.cat
[2011/04/25 18:17:40 | 000,007,431 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\SymEF A.cat
[2011/04/25 18:17:40 | 000,007,429 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\srtsp x.cat
[2011/04/25 18:17:40 | 000,007,425 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\srtsp .cat
[2011/04/25 18:17:39 | 000,007,400 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\BHDrv x86.CAT
[2011/04/25 18:17:39 | 000,007,383 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\ccHPx 86.cat
[2011/04/16 18:39:13 | 000,374,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/12 13:49:41 | 000,006,836 | ---- | M] () -- C:\Users\anthony\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/04/29 12:27:43 | 001,006,778 | ---- | C] () -- C:\Users\anthony\Desktop\rkill.scr
[2011/04/29 12:27:43 | 001,006,778 | ---- | C] () -- C:\Users\anthony\Desktop\rkill.exe
[2011/04/29 12:27:43 | 001,006,778 | ---- | C] () -- C:\Users\anthony\Desktop\rkill.com
[2011/04/29 12:23:12 | 004,331,952 | R--- | C] () -- C:\Users\anthony\Desktop\ghgjguygcom.exe
[2011/04/28 10:15:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/28 10:15:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/28 10:15:30 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/28 10:15:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/28 10:15:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/27 08:37:40 | 000,625,664 | ---- | C] () -- C:\Users\anthony\Desktop\dds.scr
[2011/04/27 08:35:26 | 000,080,384 | ---- | C] () -- C:\Users\anthony\Desktop\MBRCheck.exe
[2011/04/26 19:47:49 | 000,301,568 | ---- | C] () -- C:\Users\anthony\Desktop\5cr1dvhe.exe
[2011/04/26 19:47:49 | 000,293,019 | ---- | C] () -- C:\Users\anthony\Desktop\gmer.zip
[2011/04/26 19:44:43 | 2951,135,232 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/26 19:39:18 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/26 19:25:40 | 001,872,472 | ---- | C] () -- C:\Users\anthony\Desktop\SfF.exe
[2011/04/26 18:50:05 | 002,153,970 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\Cat.D B
[2011/04/26 18:32:59 | 000,009,412 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\symne tv.cat
[2011/04/26 18:32:59 | 000,009,402 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\SymNe t.cat
[2011/04/26 18:32:59 | 000,001,562 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\SymNe tV.inf
[2011/04/26 18:32:59 | 000,001,561 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\SymNe t.inf
[2011/04/26 18:32:58 | 000,007,431 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\SymEF A.cat
[2011/04/26 18:32:58 | 000,007,429 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\srtsp x.cat
[2011/04/26 18:32:58 | 000,007,425 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\srtsp .cat
[2011/04/26 18:32:58 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\ccHPx 86.cat
[2011/04/26 18:32:58 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\SymEF A.inf
[2011/04/26 18:32:58 | 000,001,752 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\ccHPx 86.inf
[2011/04/26 18:32:58 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\srtsp x.inf
[2011/04/26 18:32:58 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\srtsp .inf
[2011/04/26 18:32:57 | 000,007,400 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\BHDrv x86.CAT
[2011/04/26 18:32:57 | 000,000,640 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\BHDrv x86.inf
[2011/04/26 18:32:00 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\isola te.ini
[2011/04/25 18:19:42 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/04/25 18:19:42 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/25 17:45:06 | 000,010,488 | -HS- | C] () -- C:\Users\anthony\AppData\Local\5hb1pg7db3k54771f4a f66wpi***1s1jbcv
[2011/04/25 17:45:06 | 000,010,488 | -HS- | C] () -- C:\ProgramData\5hb1pg7db3k54771f4af66wpi***1s1jbcv
[2011/04/01 13:12:08 | 000,360,205 | ---- | C] () -- C:\Users\anthony\Documents\2.jpg
[2011/04/01 13:11:04 | 001,844,776 | ---- | C] () -- C:\Users\anthony\Documents\1.JPG
[2011/04/01 13:07:51 | 000,011,410 | ---- | C] () -- C:\Users\anthony\Documents\6.jpg
[2011/04/01 13:05:50 | 000,139,820 | ---- | C] () -- C:\Users\anthony\Documents\work 006.jpg
[2011/01/10 00:14:18 | 000,000,552 | ---- | C] () -- C:\Users\anthony\AppData\Local\d3d8caps.dat
[2010/03/21 22:46:32 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010/03/04 18:07:01 | 000,006,836 | ---- | C] () -- C:\Users\anthony\AppData\Local\d3d9caps.dat
[2010/01/28 11:17:44 | 000,001,501 | ---- | C] () -- C:\Windows\bizpub32.INI
[2010/01/14 03:41:00 | 000,309,248 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2010/01/14 03:38:00 | 000,023,552 | ---- | C] () -- C:\Windows\System32\DirectCOM.dll
[2009/11/22 12:53:26 | 000,000,092 | ---- | C] () -- C:\Users\anthony\AppData\Roaming\wklnhst.dat
[2009/10/20 19:40:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 19:40:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/22 18:34:45 | 000,020,480 | ---- | C] () -- C:\Users\anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/07 20:29:38 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/04/07 20:29:38 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/04/07 20:29:38 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/04/07 20:29:38 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/04/07 20:29:38 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/04/07 20:29:38 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/04/07 20:29:38 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/04/07 20:29:38 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/04/07 20:29:38 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/04/07 20:29:38 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/04/07 20:29:38 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/04/07 20:29:38 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/04/07 20:29:38 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/04/07 20:29:38 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/04/07 20:29:38 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/04/07 20:29:37 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/04/07 20:29:37 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/04/07 20:29:37 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/04/07 20:29:37 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/11/18 14:04:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.b in
[2008/11/18 14:03:34 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/11/18 14:03:34 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/11/18 14:03:33 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/11/18 14:03:33 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/11/18 13:26:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/11/18 13:23:08 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/11/18 13:23:08 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/11/18 13:23:08 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/11/18 13:23:08 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/11/18 13:14:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/08/20 22:36:29 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/08/20 22:32:40 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/08/20 22:32:40 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/08/20 09:12:25 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/08/20 09:12:20 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/08/20 09:12:20 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/08/20 09:12:19 | 000,000,042 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006/11/02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:44:53 | 000,374,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,105,852 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:33:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/27 00:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 07:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 00:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 06:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/08/20 22:29:30 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\Acer GameZone Console
[2010/01/28 21:50:03 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\Avanquest
[2009/11/03 20:04:26 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\Chessmaster Challenge
[2009/06/22 18:34:28 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\Epson
[2009/02/07 09:48:42 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\eSobi
[2010/11/25 19:51:19 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\FinalMediaPlayer
[2010/01/24 13:37:29 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\OpenOffice.org
[2010/11/22 18:42:53 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\Research In Motion
[2010/01/27 23:49:17 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\Serif
[2010/12/16 21

06 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\SmartDraw
[2009/10/12 19:45:24 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\SpinTop
[2009/11/22 12

36 | 000,000,000 | ---D | M] -- C:\Users\anthony\AppData\Roaming\Template
[2008/08/20 22:29:30 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008/08/20 22:29:30 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2011/04/29 22:40:02 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job
[2011/04/29 22:38:20 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/02/11 00:06:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/04/29 12

44 | 000,012,097 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/04/29 22:39:04 | 2951,135,232 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/18 21:12:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/18 21:12:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/29 22:39:03 | 3264,933,888 | -HS- | M] () -- C:\pagefile.sys
[2008/10/31 03:49:08 | 000,002,955 | -HS- | M] () -- C:\Patch.rev
[2008/08/21 01:17:36 | 000,000,146 | RHS- | M] () -- C:\preload.rev
[2008/11/18 13:23:50 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2011/04/29 13:03:03 | 000,000,368 | ---- | M] () -- C:\rkill admin.txt
[2011/04/29 13:00:44 | 000,000,368 | ---- | M] () -- C:\rkill.log

< %systemroot%\Fonts\*.com >
[2006/11/02 13:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/08/09 23:05:12 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/27 03

12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr .dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 03:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/21 22

44 | 000,000,574 | -HS- | M] () -- C:\Users\anthony\AppData\Roaming\Microsoft\Interne t Explorer\Quick Launch\desktop.ini
[2010/10/13 23:35:12 | 000,313,288 | ---- | M] () -- C:\Users\anthony\AppData\Roaming\Microsoft\Interne t Explorer\Quick Launch\sandyandjohn02[1].jpg

< %USERPROFILE%\Desktop\*.exe >
[2011/04/26 19:40:50 | 000,301,568 | ---- | M] () -- C:\Users\anthony\Desktop\5cr1dvhe.exe
[2011/04/28 10:05:58 | 004,331,952 | R--- | M] () -- C:\Users\anthony\Desktop\ghgjguygcom.exe
[2002/03/11 09:45:04 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Users\anthony\Desktop\instmsia.exe
[2002/03/11 10:06:30 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Users\anthony\Desktop\instmsiw.exe
[2011/04/26 19:53:42 | 000,080,384 | ---- | M] () -- C:\Users\anthony\Desktop\MBRCheck.exe
[2011/04/29 22:31:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\anthony\Desktop\OTL.exe
[2011/04/26 18:36:34 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\anthony\Desktop\plane.exe
[2011/04/29 12:15:22 | 001,006,778 | ---- | M] () -- C:\Users\anthony\Desktop\rkill.exe
[2011/04/26 18:36:24 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\anthony\Desktop\scanner.exe
[2009/03/26 11:36:32 | 000,451,928 | ---- | M] () -- C:\Users\anthony\Desktop\setup.exe
[2011/04/26 19:11:00 | 001,872,472 | ---- | M] () -- C:\Users\anthony\Desktop\SfF.exe
[2011/04/26 19:26:46 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\anthony\Desktop\temp.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2007/12/19 15:36:38 | 000,001,682 | R--- | M] () -- C:\Windows\AppPatch\Custom\{9df23de3-087c-4994-a8bd-7492b2a16dc8}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/08/10 17:48:19 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/08/10 17:47:50 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2008/11/18 13:13:44 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2008/11/18 13:13:44 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/08/10 17:47:50 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/22 17:36:11 | 000,000,402 | -HS- | M] () -- C:\Users\anthony\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/04/26 19:38:10 | 000,010,488 | -HS- | M] () -- C:\ProgramData\5hb1pg7db3k54771f4af66wpi***1s1jbcv
[2008/08/20 22:40:51 | 000,005,475 | ---- | M] () -- C:\ProgramData\ArcadeDeluxe2.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\work 021.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\work 019.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\work 018.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\work 017.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\first flyer.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\bay roof.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\977.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\3.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\012.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\007.JPG:Roxio EMC Stream
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP

158BAF9
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:93E9C78D
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:9E22BBE8

< End of report >

Extras

OTL Extras logfile created on: 29/04/2011 22:45:38 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\anthony\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 59.39 Gb Free Space | 53.24% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 111.42 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive E: | 389.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 962.72 Mb Total Space | 885.22 Mb Free Space | 91.95% Space Free | Partition Type: FAT

Computer Name: ANTHONY-PC | User Name: anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{58D29539-AF92-43EA-A2B3-90CF88C472F1}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{86141BFE-0082-4B85-A61C-82F6357F525A}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{CB33FAF5-1A52-4E60-B721-105EE903C4C0}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{E006CCD9-54F0-4BFA-BF2A-CDA90D210313}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{F74249CA-CC52-4390-AB2C-DBB2414928E9}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{0438A32A-0F38-4D70-B1E1-89AA698EA739}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0A6AEA29-BBE0-44EC-B6CF-E4B7E996C056}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{1B0FE3DF-E580-41E8-8A66-E044D4FA4DD6}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{28949A33-DB65-4BDB-A4E3-4575E8118220}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{41BF4BA4-2FC3-497A-8180-A1166EC1228D}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{6496DC22-03A1-4AD9-A3E4-3F9E8E1D6DCF}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{71DF95A0-AA96-4037-8FE2-74B79BD8FD4E}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{79EFB8D8-AEC0-428D-8082-A6D849650BF3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{7B6A87FC-782B-4789-A6F1-7868DBD83E99}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8560915A-8A9B-4A45-98FB-23EC8B3847B7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8FEAE47F-2ACA-4598-A697-1A35ED6998C9}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{95F56C89-5348-49C8-BAA7-554F118A3895}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A176DF38-E8A4-4541-B07D-A802E295DE25}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A2A9B558-BBD8-49FD-9E38-A22F684A2265}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{A89522EB-4882-4813-80D4-71A3A98745F3}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{A99E25D4-F52A-4491-A860-843F4474678A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BC7DAD2F-D2AB-400B-9E25-A39A9C20E918}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{F0B6EAC7-24A5-4E58-AE27-FEC5E234AF7C}" = dir=in | app=c:\program files\finalmediaplayer\fmpcheckforupdates.exe |
"{F676CB8B-EEAA-456C-9910-DCAE6B388624}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0170752C-8054-4140-8E11-E8FF51E4E9FB}" = Web Easy Professional
"{06396923-449E-4881-DB30-9677EBFBE5ED}" = Catalyst Control Center Localization Dutch
"{0AD7E761-CDD9-79AD-6C0F-2CE53F7277DB}" = Catalyst Control Center Localization Japanese
"{0CAA0BF0-293D-32E7-BF40-99C26947B3B6}" = CCC Help Greek
"{0D0256AB-54EF-414E-A6D9-896610EBAB70}" = Catalyst Control Center Localization Thai
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16A31107-6828-ED37-8551-37888EA51D85}" = Catalyst Control Center Localization Chinese Standard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18855F72-E9B6-74C7-67DC-86CA6D775554}" = CCC Help Swedish
"{1D801B9D-9473-2001-2FB4-875F75C5CFFA}" = Catalyst Control Center Localization French
"{218F4044-888B-4D2B-9536-654E412C8F53}" = Design & Print, Business Edition
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{265B1C1D-9BD0-A416-D5FE-0710AC0A9592}" = CCC Help Italian
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{27C9470C-2077-F4AD-8921-9504D1B9BC83}" = Catalyst Control Center Graphics Light
"{293B8682-E7C4-445C-A890-951AC62A3ADC}" = Web Easy Professional
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3066F7B1-5918-4E18-292B-1153283E2CC3}" = ATI Catalyst Install Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{33D8205B-9118-D20E-F94A-4B467BB46289}" = Catalyst Control Center Localization Chinese Traditional
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4684B4D7-A90A-028E-F300-7C96761B1287}" = CCC Help Chinese Traditional
"{468789CE-4A7C-F9C8-9DB9-6F32827F1721}" = CCC Help Danish
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D612FB2-1AE7-4E46-9377-35BB2F06A787}" = Roxio Media Manager
"{5122D45F-16C5-6E6C-4509-4EE321E8A45F}" = Catalyst Control Center Localization Finnish
"{5735B860-F404-20E5-2C4A-2108AFDF7DAB}" = CCC Help Polish
"{573CE82D-3BA8-1D84-9F59-87DD11EAFB79}" = CCC Help Norwegian
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{591137F5-39FD-BFEF-FA09-181F0FA9B9EF}" = CCC Help Hungarian
"{5AB587B5-8FAE-55F2-DB26-5A83234E3FDC}" = CCC Help Japanese
"{60C85C96-8D91-58AF-E5D0-4C53A0ACEE78}" = Catalyst Control Center Localization Polish
"{613D098B-93C6-A2DE-5319-FF7D2229DB2B}" = CCC Help German
"{67DEBF39-8470-344D-6332-969307D41805}" = CCC Help Chinese Standard
"{687BD5FD-DC50-A653-9022-A7113D50B331}" = CCC Help Korean
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5C7D2-30E4-5522-52BC-89677DFD8E32}" = Catalyst Control Center InstallProxy
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{781B8114-9EFF-BFF5-B7F7-7DCFE5571218}" = Catalyst Control Center Localization German
"{79866648-18CB-4C93-F124-31AFE54F9A9D}" = Catalyst Control Center Core Implementation
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7CAE5047-9916-477F-283A-8E994DFAAD21}" = Catalyst Control Center Localization Spanish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{802F0F4E-A0A5-4E4D-9D7B-1933913EF7B6}" = Catalyst Control Center - Branding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{849C1158-7421-893E-8E33-4312F49C1ADF}" = Catalyst Control Center Localization Greek
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A59288B-7198-4343-A2A8-162F31F86E65}" = InstaForm Invoices & Estimates Pro
"{8EA318FC-D486-57D6-2A25-6BD247FA99DB}" = Catalyst Control Center Localization Norwegian
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90C26DA5-6780-0E5F-BC97-CAA7B5727E86}" = Catalyst Control Center Graphics Full Existing
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{925150D7-0CC2-D6DF-6066-3784CE22CEE7}" = Catalyst Control Center Localization Korean
"{9553992D-8664-4351-A8AC-818BC87719A9}" = Web Easy Professional
"{966DE944-348D-01B7-F9B7-0F0D696F4076}" = Catalyst Control Center Localization Swedish
"{99F8744D-211D-42D9-CA25-1029F8E0912B}" = Catalyst Control Center Localization Portuguese
"{9C3FA7FD-9B70-C526-FA63-162783E1060D}" = CCC Help Portuguese
"{9D6271F2-6F0A-A259-085B-5BBD4F05A33E}" = Catalyst Control Center Localization Hungarian
"{9df23de3-087c-4994-a8bd-7492b2a16dc8}.sdb" = GSP Vista Fixes
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2694396-5508-3DB0-5308-7E6768DD7896}" = Catalyst Control Center Localization Turkish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A5FDB0FC-8DD0-E5D4-E031-922AE876403A}" = CCC Help Turkish
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A79E4110-0087-E8AE-BD4F-A1883B2FD357}" = CCC Help French
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B316A8CE-F7F6-C99A-C41D-369A7CD33FC6}" = Catalyst Control Center Localization Danish
"{B44695F8-959E-95EC-F3AC-F734C9DC6DAE}" = Catalyst Control Center Localization Italian
"{B7DCFC0E-A503-4766-9E9A-A43790964A92}" = Web Easy Professional
"{C08A4D67-6837-5097-CC0C-B5DFD60630B9}" = ccc-core-static
"{C0A1C9D6-9AC7-5B5A-6C25-B8FBC478BA8A}" = CCC Help Russian
"{C34686CD-A03B-1B48-8085-341CD632C0BC}" = Catalyst Control Center Graphics Full New
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C83127E6-697A-7EEC-D53D-C089610D7F4A}" = CCC Help Dutch
"{C91E74DA-8852-D2BB-B3A2-60A9202E1732}" = CCC Help Thai
"{CAC9E80B-7515-0DB9-40BB-09B3703D90BB}" = Catalyst Control Center Localization Russian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD4D90B4-CC18-C176-B261-8BA8D5F644AB}" = CCC Help Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D16AA51D-2BE9-421A-84A7-759578E64A74}" = Web Easy Professional 7
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCD2B7EA-5452-DD3E-D008-2320C06862DB}" = CCC Help Finnish
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7E36B90-24D7-E382-CEFB-6F293A2302F6}" = CCC Help English
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E29994-EE0A-C417-7FDE-902B1D722460}" = Catalyst Control Center Localization Czech
"{F420F5B3-677A-779E-AEEC-81A00ED373FE}" = ccc-utility
"{F42D4CA6-E811-C8DA-D607-4F8A510D7953}" = CCC Help Spanish
"{F9AC0B06-E3FB-4E64-87B4-7BAFA766BEDE}" = Web Easy Professional
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_11 8" = HDAUDIO Soft Data Fax Modem with SmartCP
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX600FW_Office TX600FW_SX600FW User’s Guide" = EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Manual
"EPSON SX600FW Series" = EPSON SX600FW Series Printer Uninstall
"FinalMediaPlayer_is1" = Final Media Player 2010
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton 360
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3373103295-2897405359-279313352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/12/2010 11:47:14 | Computer Name = anthony-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 26/12/2010 11:47:14 | Computer Name = anthony-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2059

Error - 26/12/2010 11:47:14 | Computer Name = anthony-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2059

Error - 27/12/2010 06:49:59 | Computer Name = anthony-PC | Source = LoadPerf | ID = 3002
Description =

Error - 30/12/2010 02:29:20 | Computer Name = anthony-PC | Source = LoadPerf | ID = 3002
Description =

Error - 30/12/2010 06:08:58 | Computer Name = anthony-PC | Source = LoadPerf | ID = 3002
Description =

Error - 02/01/2011 18:55:17 | Computer Name = anthony-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18999, time stamp
0x4ccf92fb, faulting module IEShims.dll, version 8.0.6001.18999, time stamp 0x4ccfa85d,
exception code 0xc0000005, fault offset 0x00021e16, process id 0x123c, application
start time 0x01cbaad01f8f7570.

Error - 03/01/2011 14:53:55 | Computer Name = anthony-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/01/2011 14:53:55 | Computer Name = anthony-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998

Error - 03/01/2011 14:53:55 | Computer Name = anthony-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998

[ System Events ]
Error - 29/04/2011 17:39:18 | Computer Name = anthony-PC | Source = HTTP | ID = 15021
Description =

Error - 29/04/2011 17:39:18 | Computer Name = anthony-PC | Source = HTTP | ID = 15021
Description =

Error - 29/04/2011 17:39:18 | Computer Name = anthony-PC | Source = HTTP | ID = 15021
Description =

Error - 29/04/2011 17:39:18 | Computer Name = anthony-PC | Source = HTTP | ID = 15021
Description =

Error - 29/04/2011 17:39:18 | Computer Name = anthony-PC | Source = HTTP | ID = 15021
Description =

Error - 29/04/2011 17:39:18 | Computer Name = anthony-PC | Source = HTTP | ID = 15021
Description =

Error - 29/04/2011 17:39:18 | Computer Name = anthony-PC | Source = HTTP | ID = 15021
Description =

Error - 29/04/2011 17:39:18 | Computer Name = anthony-PC | Source = HTTP | ID = 15021
Description =

Error - 29/04/2011 17:39:18 | Computer Name = anthony-PC | Source = HTTP | ID = 15021
Description =

Error - 29/04/2011 17:39:40 | Computer Name = anthony-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

**broni** · 30-04-2011

I only get the error message when I click on the blocked startup items icon in the system tray to "show or remove blocked startup programs" or try to open Windows Defender

What does the error say?

================================================== ======================

Update your Java version here: Verify Java Version

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

================================================== =======================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
SRV - File not found [Auto | Stopped] -- -- (RoxWatch9)
SRV - File not found [Disabled | Stopped] -- -- (RoxMediaDB9)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- -- (Roxio Upnp Server 9)
SRV - File not found [Disabled | Stopped] -- -- (Roxio UPnP Renderer 9)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2011/04/26 19:38:10 | 000,010,488 | -HS- | M] () -- C:\Users\anthony\AppData\Local\5hb1pg7db3k54771f4a f66wpi***1s1jbcv
[2011/04/26 19:38:10 | 000,010,488 | -HS- | M] () -- C:\ProgramData\5hb1pg7db3k54771f4af66wpi***1s1jbcv
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\work 021.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\work 019.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\work 018.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\work 017.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\first flyer.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\bay roof.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\977.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\3.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\012.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\anthony\Documents\007.JPG:Roxio EMC Stream
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D158BAF9
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:93E9C78D
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:9E22BBE8

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

================================================== =======================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

**mrdogcat** · 01-05-2011

I've attached a screenshot of the erro I get.

Here are the logs:

OTL

All processes killed
========== OTL ==========
Service RoxWatch9 stopped successfully!
Service RoxWatch9 deleted successfully!
Service RoxMediaDB9 stopped successfully!
Service RoxMediaDB9 deleted successfully!
Service RoxLiveShare9 stopped successfully!
Service RoxLiveShare9 deleted successfully!
Service Roxio Upnp Server 9 stopped successfully!
Service Roxio Upnp Server 9 deleted successfully!
Service Roxio UPnP Renderer 9 stopped successfully!
Service Roxio UPnP Renderer 9 deleted successfully!
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8 F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8 F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717 E-7E19-11d0-97EE-00C04FD91972}\ not found.
File C:\Users\anthony\AppData\Local\5hb1pg7db3k54771f4a f66wpi***1s1jbcv not found.
File C:\ProgramData\5hb1pg7db3k54771f4af66wpi***1s1jbcv not found.
ADS C:\Users\anthony\Documents\work 021.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\anthony\Documents\work 019.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\anthony\Documents\work 018.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\anthony\Documents\work 017.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\anthony\Documents\first flyer.pdf:Roxio EMC Stream deleted successfully.
ADS C:\Users\anthony\Documents\bay roof.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\anthony\Documents\977.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Users\anthony\Documents\3.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\anthony\Documents\012.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Users\anthony\Documents\007.JPG:Roxio EMC Stream deleted successfully.
ADS C:\ProgramData\TEMP

158BAF9 deleted successfully.
ADS C:\ProgramData\TEMP:93E9C78D deleted successfully.
ADS C:\ProgramData\TEMP:9E22BBE8 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: anthony
->Temp folder emptied: 255089 bytes
->Temporary Internet Files folder emptied: 6779155 bytes
->Java cache emptied: 1853 bytes
->Flash cache emptied: 565 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2677 bytes

Total Files Cleaned = 7.00 mb

[EMPTYFLASH]

User: All Users

User: anthony
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04302011_170831

Files\Folders moved on Reboot...
File\Folder C:\Users\anthony\AppData\Local\Temp\~DFAA25.tmp not found!
File\Folder C:\Users\anthony\AppData\Local\Temp\~DFAA5C.tmp not found!
File\Folder C:\Users\anthony\AppData\Local\Temp\~DFAAD9.tmp not found!
File\Folder C:\Users\anthony\AppData\Local\Temp\~DFAAFB.tmp not found!
File\Folder C:\Users\anthony\AppData\Local\Temp\~DFAB55.tmp not found!
File\Folder C:\Users\anthony\AppData\Local\Temp\~DFABBD.tmp not found!
C:\Users\anthony\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\JFSLTC2X\ads[2].htm moved successfully.
C:\Users\anthony\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\JFSLTC2X\xd_proxy[1].htm moved successfully.
C:\Users\anthony\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\AJOEIQCM\11961819542@x50[1].htm moved successfully.
C:\Users\anthony\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\AJOEIQCM\70153-active-vista-antivirus-system-probably[1].html moved successfully.
C:\Users\anthony\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\AJOEIQCM\;ord=1961819542[1].htm moved successfully.
C:\Users\anthony\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\AJOEIQCM\ads[1].htm moved successfully.
C:\Users\anthony\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\AJOEIQCM\like[1].htm moved successfully.
C:\Users\anthony\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\AJOEIQCM\wrapper1[1].htm moved successfully.
C:\Users\anthony\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\1L789PSN\adTag[1].htm moved successfully.
C:\Users\anthony\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\0DOB73YR\;ord=1961895403[1].htm moved successfully.
C:\Users\anthony\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\temp\JETF91D.tmp not found!

Registry entries deleted on Reboot...

Checkup

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 25
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.3.4
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````

No threats were found in the ESET scanner.

Vista AntiVirus on system... probably other stuff too.

Vista AntiVirus on system... probably other stuff too.

Similar Threads

What is the antivirus that uses the least system recources?

Windows Vista/7 System Restore information

Antivirus vs Vista

Vista, unable to access Advaned system settings

XP Only Stuff ???????