Bad image error everytime i open a file or program

[XR8rGREAT]

Hello im new to the forum im getting a Bad image error everytime i open a file or program started the computer up this morning and there it was does anyone know how to remove it thanks.

[touch]

Hello XR8rGREAT and welcome to CTH


Let´s see what´s running on your computer.


Download Ccleaner: Here
Click on ->
“Download
Latest Version”

Once installed, run CCleaner click the Windows tab
Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Then click Run Cleaner (bottom right) then Exit


Please download Malwarebytes' Anti-Malware: Here
to your desktop.

Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.

NB. If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.




Click: Here
to download HJTinstall.exe
Save HJTinstall.exe to your desktop.
Double click on the HJTinstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\Hijack This.
Click I accept
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

Post hijackthis log along with Malwarebytes' Anti-Malware log, and tell how things are running ?

[XR8rGREAT]

sorry for the slow reply heres the two logs first is the malwarebytes log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5785

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8080.16413

18/02/2011 6:41:43 p.m.
mbam-log-2011-02-18 (18-41-43).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 328554
Time elapsed: 1 hour(s), 6 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
d:\John\Games\Hawx\HAWX\Support\detectiontool\UK\l ocal.dll (Trojan.Packer.Gen) -> Quarantined and deleted successfully.
d:\John\Games\Hawx\Support\detectiontool\UK\local. dll (Trojan.Packer.Gen) -> Quarantined and deleted successfully.
d:\John\Games\dawn of war soulstorm\bugreport\bugreport.exe (Trojan.Packer.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\hosts (Trojan.Agent) -> Quarantined and deleted successfully.

[XR8rGREAT]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:44 p.m., on 18/02/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8080.16413)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Total PC Care\TPC.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Fighters\SPYWAREfighter\swproTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\Raptr\raptr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Raptr\raptr_im.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_Ac tiveX.exe
C:\Program Files\Raptr\raptr_ep32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...m=aspire_x1700
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...m=aspire_x1700
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe /AutoRun
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SWPROguard] C:\Program Files\Fighters\SPYWAREfighter\SWPROTray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~1\Raptr\raptrstub.exe --startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///D:/Michelle/Games/PopCap%20Games/Mystery%20P.I.%20-%20The%20New%20York%20Fortune/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AV Engine Scanning Service - Preventon Technologies Limited - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe
O23 - Service: AV Watch Service - Preventon Technologies Limited - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe
O23 - Service: TPCDiskOptimizer - PCOptimax, (www.pc-optimax.com) - C:\Program Files\Total PC Care\TPCDefragSrv.exe

--
End of file - 10488 bytes

[XR8rGREAT]

sorry posted them the wrong wayaround but still getting the error so far what do i do next thanks

[XR8rGREAT]

Hello what do i do next

[Jintan]

Touch is not available right now XR8rGREAT, so I will follow up with you here. Let's get a more detailed look at things, then decide what repairs are needed.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.



Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If RSIT downloads/installs HijackThis be sure to agree to the install of that.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-------------

Also download Gmer's mbr.exe from here and place it on your C drive (so the file is then C:\mbr.exe).

Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after each:

cd\

mbr.exe -t

Then type exit and press Enter to close the command window.

The report created in the command window will have been saved to C:\mbr.log. Locate that and post it here please.

A lot of posting, but a good comprehensive look at things there.

[XR8rGREAT]

Logfile of random's system information tool 1.08 (written by random/random)
Run by John & Michelle at 2011-02-21 22:17:00
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 80 GB (56%) free of 143 GB
Total RAM: 3071 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:17:12 p.m., on 21/02/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8080.16413)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_Ac tiveX.exe
C:\PROGRA~1\Raptr\raptr.exe
C:\PROGRA~1\Raptr\raptr_im.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Raptr\raptr_ep32.exe
C:\Users\John & Michelle\Desktop\RSIT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\John & Michelle.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...m=aspire_x1700
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...m=aspire_x1700
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe /AutoRun
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~1\Raptr\raptrstub.exe --startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///D:/Michelle/Games/PopCap%20Games/Mystery%20P.I.%20-%20The%20New%20York%20Fortune/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

--
End of file - 9994 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2011-01-07 2731872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-11-20 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2010-11-25 2463048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-18 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\s wg.dll [2011-02-18 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2010-11-25 2463048]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-18 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-08-19 6265376]
"eRecoveryService"= []
"XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]
"WindowsLivePhone"=C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe [2008-12-22 787816]
"EmpoweringTechnology"=C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe [2008-06-03 319488]
"Acer Empowering Technology Monitor"=C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [2008-06-03 319488]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-07-13 74752]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]
"Skytel"=C:\Windows\Skytel.exe [2008-08-19 1833504]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2011-01-07 2747744]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-09-23 4240760]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-09 490952]
"WindowsLivePhone"=C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe [2008-12-22 787816]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Raptr"=C:\PROGRA~1\Raptr\raptrstub.exe [2011-02-11 53160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-26 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2011-02-18 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

C:\Users\John & Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Impulse Now.lnk - C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62 ~1.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

[XR8rGREAT]

2011-02-20 18:03:16 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-02-20 18:03:16 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-02-20 18:03:15 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-02-20 18:03:15 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-02-20 18:03:13 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-02-20 18:03:13 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-02-20 18:03:13 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2011-02-20 18:03:13 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-02-20 18:03:12 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-02-20 18:03:12 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-02-20 18:03:11 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-02-20 18:03:10 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-02-20 18:03:10 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-02-20 18:03:09 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-02-19 00:52:56 ----RHD---- C:\Users\John & Michelle\AppData\Roaming\SecuROM
2011-02-18 22:26:16 ----D---- C:\Windows\Downloaded Installations
2011-02-18 08:02:42 ----D---- C:\Users\John & Michelle\AppData\Roaming\Malwarebytes
2011-02-18 08:02:30 ----D---- C:\ProgramData\Malwarebytes
2011-02-18 08:02:30 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-02-18 08:02:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-18 08:02:26 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-02-18 07:54:59 ----D---- C:\Program Files\CCleaner
2011-02-18 07:53:43 ----D---- C:\ProgramData\Google
2011-02-18 07:53:09 ----D---- C:\Windows\Repair
2011-02-18 07:53:08 ----D---- C:\Users\John & Michelle\AppData\Roaming\PCOptimax
2011-02-17 20:39:54 ----D---- C:\ProgramData\clp
2011-02-17 20:39:00 ----D---- C:\ProgramData\Common Toolkit Suite
2011-02-17 20:38:52 ----D---- C:\ProgramData\Fighters
2011-02-17 20:38:07 ----D---- C:\Users\John & Michelle\AppData\Roaming\Fighters
2011-02-17 20:00:48 ----D---- C:\rsit
2011-02-17 20:00:48 ----D---- C:\Program Files\trend micro
2011-02-14 21:15:31 ----D---- C:\Users\John & Michelle\AppData\Roaming\Raptr
2011-02-14 21:15:31 ----D---- C:\Program Files\Raptr
2011-02-12 17:54:23 ----D---- C:\Windows\en
2011-02-12 17:52:07 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-02-12 17:52:07 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-02-12 17:50:46 ----A---- C:\Windows\system32\webservices.dll
2011-02-12 17:49:56 ----D---- C:\Program Files\Microsoft Silverlight
2011-02-12 17:49:24 ----D---- C:\Windows\system32\WindowsPowerShell
2011-02-12 17:48:04 ----A---- C:\Windows\system32\winrsmgr.dll
2011-02-12 17:48:00 ----A---- C:\Windows\system32\wsmprovhost.exe
2011-02-12 17:47:59 ----A---- C:\Windows\system32\wsmplpxy.dll
2011-02-12 17:47:59 ----A---- C:\Windows\system32\winrssrv.dll
2011-02-12 17:47:59 ----A---- C:\Windows\system32\winrshost.exe
2011-02-12 17:47:59 ----A---- C:\Windows\system32\winrs.exe
2011-02-12 17:47:58 ----A---- C:\Windows\system32\WsmRes.dll
2011-02-12 17:47:58 ----A---- C:\Windows\system32\wevtfwd.dll
2011-02-12 17:47:58 ----A---- C:\Windows\system32\wecutil.exe
2011-02-12 17:47:58 ----A---- C:\Windows\system32\wecsvc.dll
2011-02-12 17:47:58 ----A---- C:\Windows\system32\wecapi.dll
2011-02-12 17:47:58 ----A---- C:\Windows\system32\pwrshplugin.dll
2011-02-12 17:47:54 ----A---- C:\Windows\system32\WsmWmiPl.dll
2011-02-12 17:47:54 ----A---- C:\Windows\system32\WsmSvc.dll
2011-02-12 17:47:54 ----A---- C:\Windows\system32\WsmAuto.dll
2011-02-12 17:47:54 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2011-02-12 17:47:54 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2011-02-12 17:47:54 ----A---- C:\Windows\system32\winrscmd.dll
2011-02-12 17:47:54 ----A---- C:\Windows\system32\winrm.vbs
2011-02-12 17:46:37 ----D---- C:\ProgramData\NVIDIA Corporation
2011-02-12 17:44:17 ----A---- C:\Windows\system32\shsvcs.dll
2011-02-12 17:05:35 ----A---- C:\Windows\system32\wininet.dll
2011-02-12 17:05:35 ----A---- C:\Windows\system32\urlmon.dll
2011-02-12 17:05:35 ----A---- C:\Windows\system32\msrating.dll
2011-02-12 17:05:35 ----A---- C:\Windows\system32\msls31.dll
2011-02-12 17:05:35 ----A---- C:\Windows\system32\jsproxy.dll
2011-02-12 17:05:35 ----A---- C:\Windows\system32\iertutil.dll
2011-02-12 17:05:34 ----A---- C:\Windows\system32\webcheck.dll
2011-02-12 17:05:34 ----A---- C:\Windows\system32\url.dll
2011-02-12 17:05:34 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-02-12 17:05:34 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-12 17:05:34 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-12 17:05:34 ----A---- C:\Windows\system32\inseng.dll
2011-02-12 17:05:34 ----A---- C:\Windows\system32\iesetup.dll
2011-02-12 17:05:34 ----A---- C:\Windows\system32\iernonce.dll
2011-02-12 17:05:34 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-12 17:05:34 ----A---- C:\Windows\system32\ieapfltr.dll
2011-02-12 17:05:34 ----A---- C:\Windows\system32\ie4uinit.exe
2011-02-12 17:05:34 ----A---- C:\Windows\system32\icardie.dll
2011-02-12 17:05:33 ----A---- C:\Windows\system32\wextract.exe
2011-02-12 17:05:33 ----A---- C:\Windows\system32\vbscript.dll
2011-02-12 17:05:33 ----A---- C:\Windows\system32\pngfilt.dll
2011-02-12 17:05:33 ----A---- C:\Windows\system32\occache.dll
2011-02-12 17:05:33 ----A---- C:\Windows\system32\mshtml.dll
2011-02-12 17:05:33 ----A---- C:\Windows\system32\mshta.exe
2011-02-12 17:05:33 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-12 17:05:33 ----A---- C:\Windows\system32\jscript9.dll
2011-02-12 17:05:33 ----A---- C:\Windows\system32\iexpress.exe
2011-02-12 17:05:33 ----A---- C:\Windows\system32\ieUnatt.exe
2011-02-12 17:05:33 ----A---- C:\Windows\system32\ieakui.dll
2011-02-12 17:05:33 ----A---- C:\Windows\system32\ieaksie.dll
2011-02-12 17:05:33 ----A---- C:\Windows\system32\admparse.dll
2011-02-12 17:05:32 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-02-12 17:05:32 ----A---- C:\Windows\system32\mshtmler.dll
2011-02-12 17:05:32 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-12 17:05:32 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-12 17:05:32 ----A---- C:\Windows\system32\jscript.dll
2011-02-12 17:05:32 ----A---- C:\Windows\system32\imgutil.dll
2011-02-12 17:05:32 ----A---- C:\Windows\system32\ieui.dll
2011-02-12 17:05:32 ----A---- C:\Windows\system32\iesysprep.dll
2011-02-12 17:05:32 ----A---- C:\Windows\system32\iepeers.dll
2011-02-12 17:05:32 ----A---- C:\Windows\system32\ieframe.dll
2011-02-12 17:05:32 ----A---- C:\Windows\system32\ieakeng.dll
2011-02-12 17:05:32 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-02-12 17:05:32 ----A---- C:\Windows\system32\advpack.dll
2011-02-12 17:05:31 ----A---- C:\Windows\system32\dxtrans.dll
2011-02-12 17:05:31 ----A---- C:\Windows\system32\dxtmsft.dll
2011-02-12 17:03:50 ----D---- C:\Program Files\Feedback Tool
2011-02-10 21:27:50 ----D---- C:\Users\John & Michelle\AppData\Roaming\AVG10
2011-02-10 20:51:27 ----HD---- C:\ProgramData\Common Files
2011-02-10 20:51:20 ----D---- C:\ProgramData\AVG Security Toolbar
2011-02-10 20:50:25 ----D---- C:\Windows\system32\drivers\AVG
2011-02-10 20:50:25 ----D---- C:\ProgramData\AVG10
2011-02-10 19:25:30 ----HD---- C:\$AVG
2011-02-10 19:09:49 ----D---- C:\ProgramData\MFAData
2011-02-09 18:50:11 ----A---- C:\Windows\system32\win32k.sys
2011-02-09 18:50:09 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-09 18:50:09 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-02-09 18:50:09 ----A---- C:\Windows\system32\ntdll.dll
2011-02-09 18:50:03 ----A---- C:\Windows\system32\FntCache.dll
2011-02-09 18:50:03 ----A---- C:\Windows\system32\DWrite.dll
2011-02-09 18:50:03 ----A---- C:\Windows\system32\d3d10warp.dll
2011-02-09 18:50:02 ----A---- C:\Windows\system32\MFH264Dec.dll
2011-02-09 18:50:02 ----A---- C:\Windows\system32\d2d1.dll
2011-02-09 18:50:01 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-02-09 18:50:00 ----A---- C:\Windows\system32\xpsservices.dll
2011-02-09 18:50:00 ----A---- C:\Windows\system32\XpsPrint.dll
2011-02-09 18:50:00 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-02-09 18:50:00 ----A---- C:\Windows\system32\OpcServices.dll
2011-02-09 18:50:00 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-02-09 18:50:00 ----A---- C:\Windows\system32\mfmp4src.dll
2011-02-09 18:50:00 ----A---- C:\Windows\system32\MFHEAACdec.dll
2011-02-09 18:50:00 ----A---- C:\Windows\system32\mf.dll
2011-02-09 18:50:00 ----A---- C:\Windows\system32\dxgi.dll
2011-02-09 18:50:00 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-02-09 18:50:00 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-02-09 18:50:00 ----A---- C:\Windows\system32\d3d10_1.dll
2011-02-09 18:50:00 ----A---- C:\Windows\system32\d3d10.dll
2011-02-09 18:49:59 ----A---- C:\Windows\system32\stobject.dll
2011-02-09 18:49:59 ----A---- C:\Windows\system32\shdocvw.dll
2011-02-09 18:49:59 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2011-02-09 18:49:59 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2011-02-09 18:49:59 ----A---- C:\Windows\system32\mfps.dll
2011-02-09 18:49:59 ----A---- C:\Windows\system32\mfplat.dll
2011-02-09 18:49:59 ----A---- C:\Windows\system32\d3d10level9.dll
2011-02-09 18:49:59 ----A---- C:\Windows\system32\d3d10core.dll
2011-02-09 18:49:59 ----A---- C:\Windows\system32\cdd.dll
2011-02-09 18:49:44 ----A---- C:\Windows\system32\mstime.dll
2011-02-09 18:49:42 ----A---- C:\Windows\system32\shell32.dll
2011-02-09 18:49:41 ----A---- C:\Windows\system32\shlwapi.dll
2011-02-09 18:49:40 ----A---- C:\Windows\system32\atmlib.dll
2011-02-09 18:49:40 ----A---- C:\Windows\system32\atmfd.dll
2011-01-25 21:03:18 ----D---- C:\ProgramData\Ironclad Games
2011-01-25 21:03:16 ----D---- C:\Program Files\Common Files\Stardock
2011-01-25 07:59:46 ----D---- C:\Users\John & Michelle\AppData\Roaming\Stardock
2011-01-25 07:59:21 ----D---- C:\ProgramData\Stardock
2011-01-25 07:59:21 ----D---- C:\Program Files\Stardock
2011-01-25 07:59:07 ----HDC---- C:\ProgramData\{2041E276-412A-4DCE-8FA8-E5444D9774F5}
2011-01-23 00:38:02 ----HD---- C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}

======List of files/folders modified in the last 1 months======

2011-02-21 22:17:18 ----D---- C:\Windows\Temp
2011-02-21 22:17:12 ----D---- C:\Windows\Prefetch
2011-02-21 22:04:53 ----D---- C:\Windows\System32
2011-02-21 22:04:53 ----D---- C:\Windows\inf
2011-02-21 22:04:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-21 06:01:38 ----D---- C:\Windows\system32\catroot2
2011-02-20 20:05:24 ----SHD---- C:\System Volume Information
2011-02-20 18:02:51 ----RSD---- C:\Windows\assembly
2011-02-19 08:18:47 ----HD---- C:\ProgramData
2011-02-18 22:28:08 ----SHD---- C:\Windows\Installer
2011-02-18 22:26:16 ----D---- C:\Windows
2011-02-18 22:17:35 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-18 20:55:24 ----D---- C:\Windows\system32\WDI
2011-02-18 20:39:16 ----RD---- C:\Program Files
2011-02-18 20:39:15 ----D---- C:\Program Files\Common Files
2011-02-18 20:39:03 ----D---- C:\Windows\system32\drivers
2011-02-18 18:45:07 ----D---- C:\Windows\system32\Tasks
2011-02-18 08:01:29 ----D---- C:\Users\John & Michelle\AppData\Roaming\Winamp
2011-02-18 08:01:24 ----D---- C:\Windows\Minidump
2011-02-18 07:54:25 ----D---- C:\Windows\Tasks
2011-02-18 07:54:00 ----D---- C:\Program Files\Google
2011-02-17 20:39:10 ----D---- C:\Windows\system32\catroot
2011-02-12 18:34:14 ----D---- C:\Windows\rescache
2011-02-12 18:18:44 ----D---- C:\ProgramData\NVIDIA
2011-02-12 18:17:11 ----D---- C:\Windows\system32\en-US
2011-02-12 17:59:10 ----D---- C:\Windows\Microsoft.NET
2011-02-12 17:53:43 ----D---- C:\Program Files\Windows Live
2011-02-12 17:52:38 ----SD---- C:\ProgramData\Microsoft
2011-02-12 17:52:37 ----RSD---- C:\Windows\Fonts
2011-02-12 17:52:17 ----D---- C:\Program Files\Common Files\microsoft shared
2011-02-12 17:50:55 ----D---- C:\Windows\winsxs
2011-02-12 17:49:27 ----D---- C:\Windows\PolicyDefinitions
2011-02-12 17:47:09 ----D---- C:\Program Files\NVIDIA Corporation
2011-02-12 17:07:34 ----RD---- C:\Windows\Offline Web Pages
2011-02-12 17:07:34 ----D---- C:\Windows\system32\wbem
2011-02-12 17:07:34 ----D---- C:\Windows\system32\migration
2011-02-12 17:07:33 ----SD---- C:\Windows\Downloaded Program Files
2011-02-12 17:07:33 ----D---- C:\Program Files\Internet Explorer
2011-02-12 17:03:48 ----D---- C:\Windows\Logs
2011-02-10 19:25:29 ----D---- C:\ProgramData\avg8
2011-02-10 19:24:36 ----SD---- C:\Users\John & Michelle\AppData\Roaming\Microsoft
2011-02-10 19:23:40 ----D---- C:\Program Files\AVG
2011-02-10 19:09:40 ----AD---- C:\ProgramData\TEMP
2011-02-10 08:06:14 ----D---- C:\Program Files\Windows Mail
2011-02-10 07:36:07 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2008-08-18 145952]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-05-10 717296]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-30 13824]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2010-12-08 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2010-11-12 299984]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-03-25 214024]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-06-03 15392]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-03 123472]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-03 30288]
R3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-03 27216]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-08-19 2161760]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-07-10 11008040]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-04-08 56448]
S3 AVFSFilter;AVFSFilter; C:\Windows\system32\DRIVERS\avfsfilter.sys []
S3 awogljp6;awogljp6; C:\Windows\system32\drivers\awogljp6.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-03-25 79880]
S3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-03-25 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-03-25 40552]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 PsSdk41;PsSdk41; \??\C:\Windows\system32\Drivers\pssdk41.sys [2009-05-27 36928]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-21 7680]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-01-06 6128720]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-04 16384]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-18 61440]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-01 75064]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-18 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-11-25 517448]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-18 182768]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Frame work\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe [2010-03-18 753504]
S4 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-06-03 24576]

-----------------EOF-----------------

[XR8rGREAT]

info.txt logfile of random's system information tool 1.08 2011-02-17 20:01:03

======Uninstall list======

-->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_A ctiveX.exe -maintain activex
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Agatha Christie Death on the Nile-->"C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\Uninstall.exe" "C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\install.log"
AVG 2011-->"C:\Program Files\AVG\AVG10\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2011-->MsiExec.exe /I{A276502A-8979-44FB-8090-90CF72F22ABC}
AVG 2011-->MsiExec.exe /I{F4C68898-EBA5-46A9-82B3-2D30426086BF}
Azada-->"C:\Program Files\Acer GameZone\Azada\Uninstall.exe" "C:\Program Files\Acer GameZone\Azada\install.log"
Big Kahuna Reef-->"C:\Program Files\Acer GameZone\Big Kahuna Reef\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef\install.log"
Bookworm Deluxe-->"C:\Program Files\Acer GameZone\Bookworm Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Bookworm Deluxe\install.log"
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Command & Conquer Tiberian Sun-->D:\John\Games\Westwood\SUN\Uninstll.EXE
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"D:\John\Games\Company Of Heroes\Uninstall_English.exe"
Conquest: Frontier Wars-->"D:\John\Games\Conquest\UNINSTAL.EXE" /runtemp /addremove
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Dawn of War - Soulstorm-->"C:\Program Files\InstallShield Installation Information\{20533183-D42D-4261-A125-956736FBEA8C}\setup.exe" -runfromtemp -l0x0009 -removeonly
Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat
DivX Codec-->C:\Windows\unvise32.exe C:\Program Files\DivX\DivX Bundle.log
Feedback Tool-->MsiExec.exe /I{13A5E785-5197-4EAD-8EE3-D660271E49BC}
FlatOut Ultimate Carnage-->D:\John\Games\FlatOut Ultimate Carnage\Uninstall.exe
Flip Words 2-->"C:\Program Files\Acer GameZone\Flip Words 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Flip Words 2\install.log"
GameSpy Arcade-->D:\John\GAMEFI~1\UNWISE.EXE D:\John\GAMEFI~1\INSTALL.LOG
GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
Heroes of Might and Magic® III Complete-->C:\Windows\IsUninst.exe -f"d:\john\games\Heroes 3\Heroes of Might and Magic® III.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
Holiday Express-->"D:\Michelle\Games\Holiday Express\unins000.exe"
Homeworld2-->D:\John\Games\HW 2\uninstall.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hoyle Board Games 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98936CBC-5E7A-4AD7-B05B-6D34C7C68E37}\setup.exe" -l0x9 -removeonly
Hoyle Card Games 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}\setup.exe" -l0x9 -removeonly
Impulse-->"C:\ProgramData\{2041E276-412A-4DCE-8FA8-E5444D9774F5}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE
Impulse-->C:\ProgramData\{2041E276-412A-4DCE-8FA8-E5444D9774F5}\Impulse_setup.exe
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Kick N Rush-->"C:\Program Files\Acer GameZone\Kick N Rush\Uninstall.exe" "C:\Program Files\Acer GameZone\Kick N Rush\install.log"
K-Lite Mega Codec Pack 3.3.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LogMeIn Hamachi-->C:\Windows\system32\\msiexec.exe /i {CE4A3D0F-D1B0-47D1-BF99-3E957C548D12} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}
LucasArts' Star Wars: Episode I Racer-->C:\Windows\uninst.exe -f"d:\john\games\Pod racer\DeIsL1.isu"
Magic Online III-->C:\Program Files\InstallShield Installation Information\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microso ft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\Set upCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Close Combat III-->"D:\John\Games\CC3\UNINSTAL.EXE" /runtemp
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{1FDA5A37-B22D-43FF-B582-B8964050DC13}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{86A4C6D9-29EE-4719-AFA1-BA3341862B83}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{66F0AC35-4805-44BC-A3D4-347D4196F9B3}
MissionBoy Special Edition (d:\John\Game Utils\homeworld 2\)-->C:\WINDOWS\st6unst.exe -n "d:\John\Game Utils\homeworld 2\ST6UNST.LOG"
MissionBoy Special Edition-->C:\WINDOWS\st6unst.exe -n "d:\John\Game Utils\homeworld 2\ST6UNST.LOG"
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mystery Case Files - Huntsville-->"C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\install.log"
Mystery Solitaire - Secret Island-->"C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\install.log"
Need For Speed Underground-->D:\John\Games\NFSU 1\EAUninstall.exe
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0409
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0409
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}
Pax Imperia Update-->C:\Windows\IsUninst.exe -f"C:\Program Files\Heliotrope Studios\Pax Imperia Update\Uninst.isu"
Pax Imperia-->C:\Windows\IsUninst.exe -f"d:\john\games\Pax imperia\Uninst.isu"
PE585QAEncoder-32-->MsiExec.exe /I{BC14F40D-7C13-4F3A-9F4A-3835D7642036}
PFPortChecker 1.0.32-->C:\Users\John & Michelle\Desktop\New Folder\PFPortChecker\uninst.exe
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
Raptr-->"C:\Program Files\Raptr\uninstall.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Rocket Mania Deluxe 1.01-->D:\Michelle\Games\Rocket Mania\Rocket Mania Deluxe\PopUninstall.exe "D:\Michelle\Games\Rocket Mania\Rocket Mania Deluxe\Install.log"
Rodea2007 Map Borneo Island Map Scenario1.1-->C:\Users\John & Michelle\Documents\My Games\Railroads\uninstall Rodea2007 Map Borneo Island Map Scenario1.1.exe
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sid Meier's Railroads!-->C:\Program Files\InstallShield Installation Information\{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}\setup.exe -runfromtemp -l0x0009 -removeonly
SimCity 4-->D:\John\Games\Sim City 4\EAUninstall.exe
Sins of a Solar Empire-->"C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Sins of a Solar Empire-->C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe
Star Wars Empire at War Forces of Corruption-->C:\Program Files\InstallShield Installation Information\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}\Setup.exe -runfromtemp -l0x0009 -removeonly
Star Wars Empire at War-->C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe -runfromtemp -l0x0009 -removeonly
Starcraft-->C:\Windows\scunin.exe C:\Windows\scunin.dat
Supreme Commander - Forged Alliance-->C:\Program Files\InstallShield Installation Information\{31D95937-B237-405D-920C-A3EF4E482395}\setup.exe -runfromtemp -l0x0009 -removeonly
Supreme Commander-->C:\Program Files\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe -runfromtemp -l0x0009 -removeonly
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TextTwist-->MsiExec.exe /I{2953114C-C857-431B-A8DA-1756C39ACEC2}
Tom Clancy's H.A.W.X-->"C:\Program Files\InstallShield Installation Information\{6E36A172-06FB-4BC8-B7FC-D30D219E6776}\setup.exe" -runfromtemp -l0x0009 -removeonly
Total Annihilation-->D:\JOHN\GAMES\CAVEDOG\TOTALA\setup.exe -u
Trivia Machine-->"C:\Program Files\Trivia Machine\unins000.exe"
Ultimate Mahjongg-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF925C6C-7502-4D0C-B7DA-79A6DC2ECEB1}\SETUP.EXE" -l0x9
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

[XR8rGREAT]

Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Westwood Shared Internet Components-->C:\Westwood\Internet\UnstllAP.EXE
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Device Manager-->MsiExec.exe /X{6530EB5E-F2BE-45D3-906B-E4AFFF2D1588}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{B10914FD-8812-47A4-85A1-50FCDE7F1F33}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
XLink Kai-->MsiExec.exe /X{2773B836-AC66-4178-A414-C5A0F9F5D805}

======Hosts File======

127.0.0.1 host42.hrwebservices.net
127.0.0.1 rdr2ps3.ms4.gamespy.com
127.0.0.1 host42.hrwebservices.net
127.0.0.1 rdr2ps3.ms4.gamespy.com
127.0.0.1 host42.hrwebservices.net
127.0.0.1 rdr2ps3.ms4.gamespy.com

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: home
Event Code: 4374
Message: Windows Servicing identified that package KB948465(Service Pack) is not applicable for this system
Record Number: 87676
Source Name: Microsoft-Windows-Servicing
Time Written: 20100825054825.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: home
Event Code: 4374
Message: Windows Servicing identified that package KB948465(Service Pack) is not applicable for this system
Record Number: 87675
Source Name: Microsoft-Windows-Servicing
Time Written: 20100825054825.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: home
Event Code: 4374
Message: Windows Servicing identified that package KB948465(Service Pack) is not applicable for this system
Record Number: 87674
Source Name: Microsoft-Windows-Servicing
Time Written: 20100825054825.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: home
Event Code: 4374
Message: Windows Servicing identified that package KB948465(Service Pack) is not applicable for this system
Record Number: 87673
Source Name: Microsoft-Windows-Servicing
Time Written: 20100825054825.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: home
Event Code: 4374
Message: Windows Servicing identified that package KB948465(Service Pack) is not applicable for this system
Record Number: 87672
Source Name: Microsoft-Windows-Servicing
Time Written: 20100825054825.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: home
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 653
Source Name: Microsoft-Windows-WMI
Time Written: 20090509011039.000000-000
Event Type: Error
User:

Computer Name: home
Event Code: 3086
Message: The system locale has changed. Existing data will be deleted and the index must be recreated.

Context: Windows Application, SystemIndex Catalog

Record Number: 649
Source Name: Microsoft-Windows-Search
Time Written: 20090509010902.000000-000
Event Type: Warning
User:

Computer Name: home
Event Code: 1533
Message: Windows cannot delete the profile directory C:\Users\Administrator. This error may be caused by files in this directory being used by another program.

DETAIL - The directory is not empty.
Record Number: 635
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090509010427.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: home
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 623
Source Name: Microsoft-Windows-WMI
Time Written: 20090509180107.000000-000
Event Type: Error
User:

Computer Name: home
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 619
Source Name: Microsoft-Windows-Search
Time Written: 20090509180105.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: home
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x7fb526
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: CORTANA
Source Network Address: 5.15.53.18
Source Port: 49841

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 11396
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100218030505.515835-000
Event Type: Audit Success
User:

Computer Name: home
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x7e9830

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 11395
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100218025423.147835-000
Event Type: Audit Success
User:

Computer Name: home
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x7e9823

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 11394
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100218025423.146835-000
Event Type: Audit Success
User:

Computer Name: home
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x7e9830
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: MYLAPTOP
Source Network Address: 192.168.0.102
Source Port: 49405

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 11393
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100218025412.103835-000
Event Type: Audit Success
User:

Computer Name: home
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x7e9823
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: MYLAPTOP
Source Network Address: 192.168.0.102
Source Port: 49404

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 11392
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100218025412.093835-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoo t%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowe rShell\v1.0\;C:\Program Files\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.m icrosoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%Syst emRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%Syst emRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\;
"PSModulePath"=%SystemRoot%\system32\WindowsPowerS hell\v1.0\Modules\

-----------------EOF-----------------

[Jintan]

Heck - I am reviewing the logs right now, but completely forgot. What types of files indicate a "bad image error"? Does the error refer to any name specifically? Only .exe files? If you happen to check in and see this, feel free to provide more details on that.

[Jintan]

Quote:

What types of files indicate a "bad image error"?

If you would, post the names and locations of some files that produce that error. Example:

C:\Windows\regedit.exe

[Jintan]

No malware showing in those logs, so be sure to post more details on this image error. Also the Gmer and mbr.exe - t logs please.

[XR8rGREAT]

i get this message when i click on anyprogram C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL is either not designed to run on windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.

also the Gmer scan you wanted me to run seems to just stop and lock up the computer i left the scaner running alday while at work and it haddnt got any where so i clicked copy to clipboard thinking it had finshed but after that the computer frezzes