Deckard's System Scanner v20071014.68 Run by goncalo on 2008-07-21 21:25:39 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as goncalo.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:26:41, on 21-07-2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\notepad.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\igfxext.exe C:\Users\goncalo\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\system32\igfxsrvc.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\wuauclt.exe C:\Users\goncalo\Desktop\desk\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\goncalo.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pt.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/defaults/su/*http://br.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Sonork] "C:\Program Files\Sonork\SONORK.EXE" -auto O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [VMCL] C:\Program Files\vodafone\vmclite\DongleEnumerator.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_S9953.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede') O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: NETimetro.lnk = C:\Program Files\NARS\NETimetro\netimetro.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll eNetHook.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12793 bytes -- Files created between 2008-06-21 and 2008-07-21 ----------------------------- 2008-07-21 11:22:55 0 d-------- C:\Windows\Sun 2008-07-20 19:51:22 0 d-------- C:\Users\All Users\Malwarebytes 2008-07-20 19:51:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-20 11:15:25 0 d-------- C:\Program Files\PeerGuardian2 2008-07-20 03:05:10 53248 --a------ C:\Windows\PSEXESVC.EXE 2008-07-20 02:58:33 68096 --a------ C:\Windows\zip.exe 2008-07-20 02:58:33 49152 --a------ C:\Windows\VFind.exe 2008-07-20 02:58:33 212480 --a------ C:\Windows\swxcacls.exe 2008-07-20 02:58:33 136704 --a------ C:\Windows\swsc.exe 2008-07-20 02:58:33 161792 --a------ C:\Windows\swreg.exe 2008-07-20 02:58:33 98816 --a------ C:\Windows\sed.exe 2008-07-20 02:58:33 80412 --a------ C:\Windows\grep.exe 2008-07-20 02:58:33 89504 --a------ C:\Windows\fdsv.exe 2008-07-18 20:29:11 0 d--h----- C:\$AVG8.VAULT$ 2008-07-18 20:17:55 0 d-------- C:\Windows\system32\drivers\Avg 2008-07-18 20:17:39 0 d-------- C:\Users\All Users\avg8 2008-07-18 20:17:39 0 d-------- C:\Program Files\AVG 2008-07-18 19:43:20 0 d-------- C:\Program Files\Trend Micro 2008-07-08 22:59:59 4620 --a------ C:\Windows\system32\xmlcache.dll 2008-07-08 18:38:12 0 dr-hs---- C:\Windows\Real 2008-07-08 16:36:46 0 d-------- C:\AllokRMFolder 2008-07-08 16:30:54 0 d-------- C:\Program Files\Allok RM RMVB to AVI MPEG DVD Converter 2008-07-08 16:10:47 0 d-------- C:\archive 2008-07-08 10:18:00 2392064 --a------ C:\Windows\system32\RMActsvr.exe 2008-07-08 01:31:24 0 d-------- C:\Temp 2008-07-08 01:28:25 0 d-------- C:\Program Files\Xilisoft 2008-07-08 01:10:08 0 d-------- C:\Windows\Mozilla 2008-07-08 01:07:33 0 d-------- C:\Program Files\MediaCoder 2008-07-07 22:44:55 372736 --a------ C:\Windows\system32\IJL_11.DLL 2008-07-07 21:41:58 0 d-------- C:\Users\All Users\Messenger Plus! 2008-07-07 21:16:52 53248 --a------ C:\Windows\system32\ciaXPRegSvr20.dll 2008-07-07 21:16:40 200704 --a------ C:\Windows\system32\ciaSCls20.dll 2008-07-07 21:16:38 692224 --a------ C:\Windows\system32\ciaResSvr20.dll 2008-07-07 21:16:18 352256 --a------ C:\Windows\system32\ijl15.dll 2008-07-07 21:16:16 278528 --a------ C:\Windows\system32\duzactx.dll 2008-07-07 21:15:50 131072 --a------ C:\Windows\winfsysrn.dll 2008-07-07 21:15:44 753664 --a------ C:\Windows\sprscore.exe 2008-07-07 21:15:43 0 d-------- C:\Windows\fontvect 2008-07-07 20:40:25 0 d-------- C:\Program Files\MSN Messenger 2008-07-07 01:15:17 0 d-------- C:\Program Files\Messenger Plus! Live 2008-06-29 23:33:49 0 d-------- C:\Program Files\Sun 2008-06-29 23:27:36 0 d-------- C:\Program Files\Java 2008-06-29 23:25:34 0 d-------- C:\Program Files\Common Files\Java 2008-06-29 20:11:13 0 d-------- C:\Program Files\Hofmann 2008-06-29 20:01:15 0 d-------- C:\Windows\system32\URTTEMP -- Find3M Report --------------------------------------------------------------- 2008-07-21 21:01:28 0 d-------- C:\Users\goncalo\AppData\Roaming\BSplayer PRO 2008-07-21 10:15:51 0 d-------- C:\Users\goncalo\AppData\Roaming\uTorrent 2008-07-20 19:51:25 0 d-------- C:\Users\goncalo\AppData\Roaming\Malwarebytes 2008-07-19 01:34:54 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-07-18 19:40:20 0 d-------- C:\Program Files\Acer GameZone 2008-07-18 19:38:00 0 d-------- C:\Program Files\Symantec 2008-07-18 19:37:47 0 d-------- C:\Program Files\Common Files 2008-07-09 10:01:11 174 --ahs---- C:\Program Files\desktop.ini 2008-07-08 01:31:25 0 d-------- C:\Users\goncalo\AppData\Roaming\Real 2008-07-08 01:27:02 0 d-------- C:\Users\goncalo\AppData\Roaming\mIRC 2008-07-07 22:41:36 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-28 21:11:13 0 d-------- C:\Users\goncalo\AppData\Roaming\PC Suite 2008-06-28 20:50:03 0 d-------- C:\Users\goncalo\AppData\Roaming\Adobe 2008-06-22 15:21:41 0 d-------- C:\Users\goncalo\AppData\Roaming\Nokia Multimedia Player 2008-06-10 21:05:17 0 d-------- C:\Program Files\Picasa2 2008-05-29 23:35:23 0 d-------- C:\Users\goncalo\AppData\Roaming\Vso 2008-05-29 23:35:23 34 --a------ C:\Users\goncalo\AppData\Roaming\pcouffin.log 2008-05-29 23:34:19 7887 --a------ C:\Users\goncalo\AppData\Roaming\pcouffin.cat 2008-05-29 23:34:13 0 d-------- C:\Program Files\DVDFab 5 2008-05-29 23:03:04 0 d-------- C:\Program Files\DVD Shrink 2008-05-29 22:24:06 0 d-------- C:\Users\goncalo\AppData\Roaming\CyberLink 2008-05-26 22:38:37 0 d-------- C:\Program Files\Common Files\InstallShield 2008-05-26 22:34:22 0 d-------- C:\Program Files\EPSON 2008-05-26 22:29:21 0 d-------- C:\Users\goncalo\AppData\Roaming\InstallShield 2008-05-02 00:02:59 17089 --a------ C:\Users\goncalo\AppData\Roaming\UserTile.png -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [06-07-2007 04:06 C:\Windows\RtHDVCpl.exe] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [25-04-2007 16:33] "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [21-06-2007 18:25] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [08-03-2007 04:38] "PLFSet"="C:\Windows\PLFSet.dll" [25-04-2007 14:47] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [16-07-2007 06:51] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [06-06-2007 09:06] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [22-05-2007 15:49] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [05-11-2006 22:48] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29-01-2008 18:38] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [02-01-2008 18:07] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [02-01-2008 18:06] "Persistence"="C:\Windows\system32\igfxpers.exe" [02-01-2008 18:07] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [15-03-2008 00:50] "Sonork"="C:\Program Files\Sonork\SONORK.exe" [20-04-2008 09:36] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28-03-2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30-03-2008 10:36] "Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [25-09-2007 09:10] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25-03-2008 04:28] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [19-07-2008 15:32] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [12-03-2008 11:14] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [22-05-2007 15:49] "ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [29-03-2007 16:41] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 12:34] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [11-03-2008 23:38] "VMCL"="C:\Program Files\vodafone\vmclite\DongleEnumerator.exe" [17-10-2007 14:07] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02-11-2006 13:34] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [16-04-2008 12:53] "EPSON Stylus DX4400 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [01-03-2007 07:01] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [26-02-2008 02:23] "PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [02-06-2007 15:59] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [16-08-2007 11:45:40] NETimetro.lnk - C:\Program Files\NARS\NETimetro\netimetro.exe [05-05-2008 23:13:16] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=avgrsstx.dll eNetHook.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum LocalServiceNoNetwork PLA DPS BFE mpssvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-07-21 21:28:18 ------------