This is my main.txt:
Deckard's System Scanner v20071014.68
Run by Richard on 2008-02-01 12:15:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
15: 2008-02-01 20:02:56 UTC - RP415 - Windows Update
14: 2008-02-01 18:09:41 UTC - RP414 - Windows Update
13: 2008-02-01 17:40:01 UTC - RP413 - Windows Update
12: 2008-02-01 17:40:01 UTC - RP412 - Device Driver Package Install: Zone Labs, a Check Point company Network Service
11: 2008-02-01 17:25:17 UTC - RP411 - Restore Operation
-- First Restore Point --
1: 2008-01-30 02:13:40 UTC - RP400 - Installed SpywareBot
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Richard.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:21 PM, on 01/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\mobsync.exe
C:\Users\Richard\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Richard.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://ca.rd.yahoo.c...://ca.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://hk.news.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://en.ca.acer.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://en.ca.acer.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://ca.rd.yahoo.c...://ca.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TELUS] E:\Install\TELUS.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 9419 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080201-090839-101 O1 - Hosts: 216.93.174.28 a.tribalfusion.com
backup-20080201-090839-158 O1 - Hosts: 216.93.174.28 adfarm.mediaplex.com
backup-20080201-090839-193 O1 - Hosts: 216.93.174.28 view.atdmt.com
backup-20080201-090839-248 O1 - Hosts: 67.15.114.78 ypn-js.overture.com
backup-20080201-090839-286 O1 - Hosts: 216.93.174.28 count.exitexchange.com
backup-20080201-090839-293 O1 - Hosts: 216.93.174.28 media39.fastclick.net
backup-20080201-090839-301 O1 - Hosts: 67.15.114.78 pagead2.googlesyndication.com
backup-20080201-090839-336 O1 - Hosts: 216.93.174.28 images.trafficmp.com
backup-20080201-090839-425 O1 - Hosts: 216.93.174.28 media1.fastclick.net
backup-20080201-090839-624 O1 - Hosts: 216.93.174.28 media19.fastclick.net
backup-20080201-090839-731 O1 - Hosts: 67.15.114.78 pagead.googlesyndication.com
backup-20080201-090839-778 O1 - Hosts: 216.93.174.28 leader.linkexchange.com
backup-20080201-090839-798 O1 - Hosts: 207.44.240.65 rad.msn.com
backup-20080201-090839-891 O1 - Hosts: 216.93.174.28 freeze.zedo.com
backup-20080201-090839-972 O1 - Hosts: 216.93.174.28 ad.yieldmanager.com
-- File Associations -----------------------------------------------------------
.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AcerMemUsageCheckService (ePerformance Service) - c:\acer\empowering technology\eperformance\memcheck.exe <Not Verified; ; MemCheck.Service>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService>
S3 ANIWZCSdService (ANIWZCSd Service) -
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\3&2411E6FE&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\3&2411E6FE&0
Service: i8042prt
Class GUID: {ff646f80-8def-11d2-9449-00105a075f6b}
Description: ezplay device ...
Device ID: ROOT\EZPLAY\0000
Manufacturer:
Name: ezplay device ...
PNP Device ID: ROOT\EZPLAY\0000
Service:
Class GUID:
Description: ezplay device ...
Device ID: ROOT\EZPLAY\0001
Manufacturer:
Name: ezplay device ...
PNP Device ID: ROOT\EZPLAY\0001
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-01-25 17:15:53 394 --a------ C:\Windows\Tasks\1-Click Maintenance.job
-- Files created between 2008-01-01 and 2008-02-01 -----------------------------
2008-02-01 09:07:18 0 d-------- C:\Program Files\Trend Micro
2008-01-31 19:43:39 0 d-------- C:\Program Files\WC3Banlist
2008-01-30 09:08:09 0 d-------- C:\Windows\system32\ZoneLabs
2008-01-29 18:46:38 0 d-------- C:\Users\All Users\CheckPoint
2008-01-29 18:45:04 0 d-------- C:\Windows\Internet Logs
2008-01-29 18:39:46 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-26 17:00:54 0 d-------- C:\Program Files\Diino
2008-01-21 20:52:46 0 d-------- C:\Program Files\LucasArts
2008-01-19 16:49:16 0 d-------- C:\Program Files\iPod
2008-01-19 16:49:14 0 d-------- C:\Program Files\iTunes
2008-01-19 16:35:14 0 d-------- C:\Program Files\Common Files\HP
2008-01-19 16:33:50 0 d-------- C:\Users\All Users\HP Product Assistant
2008-01-19 16:32:38 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-01-19 16:32:37 0 d-------- C:\Program Files\Hewlett-Packard
2008-01-19 16:32:10 0 d-------- C:\Program Files\HP
2008-01-19 16:31:34 284 -----n--- C:\Windows\hpgmdl19.dat
2008-01-19 16:31:34 115335 --a------ C:\Windows\hpgins19.dat
2008-01-19 16:31:33 0 d-------- C:\Users\All Users\HP
2008-01-10 18:46:05 0 d-------- C:\Program Files\Rockstar Games
2008-01-08 23:46:17 0 d-------- C:\Program Files\Common Files\QvodPlayer
2008-01-08 23:44:16 0 d-------- C:\Media
2008-01-08 22:50:07 0 d-------- C:\Users\All Users\Macromedia
2008-01-08 22:49:16 0 d-------- C:\Program Files\Macromedia
2008-01-08 22:49:16 0 d-------- C:\Program Files\Common Files\Macromedia
2008-01-08 22:45:09 0 d-------- C:\Program Files\QvodPlayer
-- Find3M Report ---------------------------------------------------------------
2008-02-01 12:11:47 0 d-------- C:\Users\Richard\AppData\Roaming\tor
2008-02-01 12:00:25 0 d-------- C:\Users\Richard\AppData\Roaming\uTorrent
2008-02-01 10:10:15 0 d-------- C:\Program Files\GameSpy Arcade
2008-02-01 10:00:05 0 d-------- C:\Users\Richard\AppData\Roaming\AVG7
2008-02-01 09:49:52 0 d-------- C:\Program Files\Warcraft III
2008-02-01 09:45:48 0 d-------- C:\Users\Richard\AppData\Roaming\Vidalia
2008-02-01 09:30:28 0 d-------- C:\Users\Richard\AppData\Roaming\Xfire
2008-02-01 09:30:27 0 d-------- C:\Program Files\WinPcap
2008-02-01 09:30:27 0 d-------- C:\Program Files\uTorrent
2008-01-29 10:54:38 0 d-------- C:\Users\Richard\AppData\Roaming\SystemRequirementsLab
2008-01-28 10:31:31 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-26 16:54:58 0 d-------- C:\Users\Richard\AppData\Roaming\Diino
2008-01-25 11:01:49 0 d--h----- C:\Users\Richard\AppData\Roaming\ijjigame
2008-01-24 21:50:27 0 d-------- C:\Users\Richard\AppData\Roaming\Image Zone Express
2008-01-22 19:23:22 0 d-------- C:\Users\Richard\AppData\Roaming\Petroglyph
2008-01-19 16:58:20 0 d-------- C:\Users\Richard\AppData\Roaming\HP
2008-01-19 16:57:48 0 d-------- C:\Users\Richard\AppData\Roaming\Printer Info Cache
2008-01-19 16:48:24 0 d-------- C:\Program Files\QuickTime
2008-01-19 16:35:14 0 d-------- C:\Program Files\Common Files
2008-01-17 19:12:42 0 d-------- C:\Users\Richard\AppData\Roaming\Canon
2008-01-14 17:39:08 0 d-------- C:\Program Files\Xfire
2008-01-11 20:44:39 0 d-------- C:\Users\Richard\AppData\Roaming\Adobe
2008-01-10 18:56:50 98304 --a------ C:\Windows\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-01-10 17:53:51 0 d-------- C:\Program Files\Windows Mail
2008-01-10 00:07:40 0 d-------- C:\Program Files\Windows Sidebar
2008-01-09 20:10:26 0 d-------- C:\Users\Richard\AppData\Roaming\dvdcss
2008-01-08 22:54:17 0 d-------- C:\Users\Richard\AppData\Roaming\Macromedia
2008-01-07 20:14:12 0 d-------- C:\Program Files\Starcraft
2008-01-05 22:28:57 0 d-------- C:\Program Files\Xilisoft
2007-12-31 20:22:59 21840 --a-----t C:\Windows\system32\SIntfNT.dll
2007-12-31 20:22:59 17212 --a-----t C:\Windows\system32\SIntf32.dll
2007-12-31 20:22:59 12067 --a-----t C:\Windows\system32\SIntf16.dll
2007-12-31 20:12:16 0 d-------- C:\Users\Richard\AppData\Roaming\FrostWire
2007-12-31 19:42:30 0 d-------- C:\Program Files\Fox
2007-12-31 11:03:50 0 d-------- C:\Users\Richard\AppData\Roaming\DAEMON Tools
2007-12-26 21:45:40 680 --a------ C:\Users\Richard\AppData\Roaming\coreavc.ini
2007-12-23 21:33:40 0 d-------- C:\Program Files\Project64 1.6
2007-12-12 18:39:44 0 d-------- C:\Program Files\DivX
2007-12-10 18:20:37 0 d-------- C:\Program Files\Guild Wars
2007-12-07 18:17:17 0 d-------- C:\Users\Richard\AppData\Roaming\Bioshock
2007-12-07 10:50:26 76438 --a------ C:\Windows\War3Unin.dat
2007-12-07 10:33:07 2829 --a------ C:\Windows\War3Unin.pif
2007-12-07 10:33:07 139264 --a------ C:\Windows\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2007-12-03 17:33:18 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-03 17:33:18 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 17:33:18 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 17:33:16 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-01 19:32:39 1156 --a------ C:\Windows\mozver.dat
2007-12-01 11:51:49 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-29 14:30:28 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-11-29 14:28:24 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-11-29 14:28:24 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-11-28 13:52:32 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2007-11-14 20:24:21 0 --a------ C:\Windows\ativpsrm.bin
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [13/07/2007 07:33 PM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [05/04/2007 10:21 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [05/04/2007 10:21 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [05/04/2007 10:21 PM]
"RtHDVCpl"="RtHDVCpl.exe" [15/02/2007 01:07 AM C:\Windows\RtHDVCpl.exe]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [24/01/2007 09:27 AM]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [06/02/2007 11:04 PM]
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [02/02/2007 11:24 AM]
"Acer Assist Launcher"="C:\Program Files\Acer Assist\launcher.exe" [02/02/2007 10:05 AM]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [15/02/2007 05:39 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 12:11 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/03/2007 02:57 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [09/04/2007 04:23 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [22/12/2007 09:31 AM]
"TELUS"="E:\Install\TELUS.exe" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [10/09/2002 08:26 PM]
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [24/09/2007 04:57 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/03/2007 09:34 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/01/2008 03:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/01/2008 03:22 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/01/2008 03:31 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10/01/2008 12:07 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 04:35 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [27/06/2007 06:03 PM]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [25/08/2007 10:02 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 04:36 AM]
"Acer Tour Reminder"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [30/04/2007 2:18:28 PM]
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [20/11/2006 6:30:54 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 19/09/2007 08:41 PM 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
hpdevmgmt hpqcxs08
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\EAWXLauncher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9397530b-319b-11dc-ac6c-806e6f6e6963}]
AutoRun\command- E:\autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
7892 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-02-01 12:21:01 ------------
This is my extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English
CPU 0: AMD Athlon 64 X2 Dual Core Processor 5000+
Percentage of Memory in Use: 38%
Physical Memory (total/avail): 2046.94 MiB / 1264.69 MiB
Pagefile Memory (total/avail): 4311.21 MiB / 3095.22 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1912.81 MiB
C: is Fixed (NTFS) - 144.3 GiB total, 43.1 GiB free.
D: is Fixed (NTFS) - 144.03 GiB total, 105.12 GiB free.
E: is CDROM (CDFS)
F: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
\\.\PHYSICALDRIVE0 - ST332082 0AS SCSI Disk Device - 298.09 GiB - 3 partitions
\PARTITION0 - Unknown - 9.76 GiB
\PARTITION1 (bootable) - MS-DOS V4 Huge - 144.3 GiB - C:
\PARTITION2 - Installable File System - 144.03 GiB - D:
\\.\PHYSICALDRIVE1 - Generic- Compact Flash USB Device
\\.\PHYSICALDRIVE4 - Generic- MS/MS-Pro USB Device
\\.\PHYSICALDRIVE3 - Generic- SD/MMC USB Device
\\.\PHYSICALDRIVE2 - Generic- SM/xD-Picture USB Device
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before install.
Windows Internal Firewall is disabled.
FW: ZoneAlarm Pro Firewall v7.1.248.000 (Check Point, LTD.)
AV: AVG 7.5.516 v7.5.516 (Grisoft)
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe:*:Enabled:encryption"
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe:*:Enabled:decryption"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Richard\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RICHARD-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Richard
LOCALAPPDATA=C:\Users\Richard\AppData\Local
LOGONSERVER=\\RICHARD-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b01
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Richard\AppData\Local\Temp
TMP=C:\Users\Richard\AppData\Local\Temp
tvdumpflags=8
USERDOMAIN=Richard-PC
USERNAME=Richard
USERPROFILE=C:\Users\Richard
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
Richard
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
Acer Assist --> C:\Program Files\Acer Assist\uninstall.exe
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer ePerformance Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x9 -removeonly
Acer Picture Slide DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\Setup.exe" -uninstall
Acer Plug and Record --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\Setup.exe" -uninstall
Acer Registration --> C:\Program Files\Acer Registration\uninstall.exe
Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Acer Zone Main Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\Setup.exe" -uninstall
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BroadJump Client Foundation --> C:\Windows\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Diino 4.1.2 --> "C:\Program Files\Diino\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Ripper Platinum 4 --> C:\Program Files\Xilisoft\DVD Ripper Platinum 4\Uninstall.exe
eSobi v2 --> C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0409
FrostWire 4.13.2.0 --> C:\Program Files\FrostWire\Uninstall.exe
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
Halo 2 for Windows Vista --> C:\Program Files\Microsoft Games\Halo 2\StartUp.exe /tnp:/remove
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Scanjet G4000 series 9.0 --> C:\Program Files\HP\Digital Imaging\{9CB6D0EB-E6A7-4812-BDF1-0A9C05A2B481}\setup\hpzscr01.exe -datfile hpgscr19.dat
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LIVE gaming on Windows Runtime Version 1.0.6027 --> MsiExec.exe /X{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Marvel - Ultimate Alliance --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{932FB3F3-594D-4600-ABFA-F2DE80A14214}
Medal of Honor Allied Assault --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
ML-1710 Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18499419-2B80-4C3F-86D3-C6C45CD2062E}\setup.exe"
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 7 --> MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Privoxy 3.0.6 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe"
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Tor 0.1.2.17 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe"
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
Vidalia 0.0.14 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe"
Video Converter 3 --> C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III --> C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Warcraft III: All Products --> C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPcap 3.1 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
Z Engine --> MsiExec.exe /X{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}
ZoneAlarm Pro --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type27011 / Success
Event Submitted/Written: 02/01/2008 00:10:25 PM
Event ID/Source: 5617 / WinMgmt
Event Description:
Event Record #/Type27009 / Success
Event Submitted/Written: 02/01/2008 00:10:24 PM
Event ID/Source: 5615 / WinMgmt
Event Description:
Event Record #/Type27005 / Success
Event Submitted/Written: 02/01/2008 00:10:11 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.
Event Record #/Type26993 / Warning
Event Submitted/Written: 02/01/2008 00:09:14 PM
Event ID/Source: 6000 / Wlclntfy
Event Description:
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Event Record #/Type26990 / Warning
Event Submitted/Written: 02/01/2008 00:09:13 PM
Event ID/Source: 6000 / Wlclntfy
Event Description:
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type72389 / Warning
Event Submitted/Written: 02/01/2008 00:19:41 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Richard-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Richard-PC27 can't undo changes that you allow.
For more information please see the following:
%Richard-PC275
Scan ID: {A4FD7622-CF01-4487-85BC-83271A52840D}
User: Richard-PC\Richard
Name: %Richard-PC271
ID: %Richard-PC272
Severity ID: %Richard-PC273
Category ID: %Richard-PC274
Path Found: %Richard-PC276
Alert Type: %Richard-PC278
Detection Type: 1.1.1505.02
Event Record #/Type72388 / Warning
Event Submitted/Written: 02/01/2008 00:19:41 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Richard-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Richard-PC27 can't undo changes that you allow.
For more information please see the following:
%Richard-PC275
Scan ID: {B2E04A42-3490-4633-A92D-1108811D88E2}
User: Richard-PC\Richard
Name: %Richard-PC271
ID: %Richard-PC272
Severity ID: %Richard-PC273
Category ID: %Richard-PC274
Path Found: %Richard-PC276
Alert Type: %Richard-PC278
Detection Type: 1.1.1505.02
Event Record #/Type72387 / Warning
Event Submitted/Written: 02/01/2008 00:19:41 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Richard-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Richard-PC27 can't undo changes that you allow.
For more information please see the following:
%Richard-PC275
Scan ID: {4C054E45-0A58-4B72-9017-E7623A755799}
User: Richard-PC\Richard
Name: %Richard-PC271
ID: %Richard-PC272
Severity ID: %Richard-PC273
Category ID: %Richard-PC274
Path Found: %Richard-PC276
Alert Type: %Richard-PC278
Detection Type: 1.1.1505.02
Event Record #/Type72386 / Warning
Event Submitted/Written: 02/01/2008 00:19:41 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Richard-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Richard-PC27 can't undo changes that you allow.
For more information please see the following:
%Richard-PC275
Scan ID: {673A0689-9F2C-4167-8855-B06BF38DD61D}
User: Richard-PC\Richard
Name: %Richard-PC271
ID: %Richard-PC272
Severity ID: %Richard-PC273
Category ID: %Richard-PC274
Path Found: %Richard-PC276
Alert Type: %Richard-PC278
Detection Type: 1.1.1505.02
Event Record #/Type72384 / Warning
Event Submitted/Written: 02/01/2008 00:18:12 PM
Event ID/Source: 54 / PSDNServ
Event Description:
\Device\PSDNServ
-- End of Deckard's System Scanner: finished at 2008-02-01 12:21:01 ------------